Analyzing Microsoft ATA - Black Hat | Home
Evading Microsoft ATA for Active Directory Domination
Nikhil Mittal
About me
? Hacker, Red Teamer, Trainer, Speaker at
? Twitter - @nikhil_mitt ? Blog ? ? Github - ? Creator of Kautilya and Nishang ? Interested in Offensive Information Security, new attack
vectors and methodologies to pwn systems. ? Previous Talks and/or Trainings
? DefCon, BlackHat, CanSecWest, BruCON, DeepSec and more.
BlackHat USA 2017
Evading ATA by Nikhil Mittal
2
Contents
? Introduction ? Architecture ? Lab Configuration ? Detections ? Evasion and Bypass ? Complete attack path/kill chain from normal
domain user to DA ? Conclusion
BlackHat USA 2017
Evading ATA by Nikhil Mittal
3
What is Microsoft ATA?
? "Advanced Threat Analytics (ATA) is an onpremises platform that helps protect your enterprise from multiple types of advanced targeted cyber attacks and insider threats."
? ATA detects attacks by reading certain "interesting" protocols' traffic to the domain controller(s), SIEM events and logs.
? Anomaly based and behavior based detection.
BlackHat USA 2017
Evading ATA by Nikhil Mittal
4
ATA Architecture
BlackHat USA 2017
Evading ATA by Nikhil Mittal
5
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- 1 ΕΝΤΟΛΕΣ ΕΛΕΓΧΟΥ ΔΙΚΤΥΩΝ
- using the extended ping and extended traceroute commands
- whoami dir del mimkatz payload s
- net311 computer network management standards models
- cmd ping with timestamp
- analyzing microsoft ata black hat home
- flash report rackspace technology
- batch processing definition and event log identification