Analyzing Microsoft ATA - Black Hat | Home - Ping with timestamp powershell

Evading Microsoft ATA for Active Directory Domination

Nikhil Mittal

About me

? Hacker, Red Teamer, Trainer, Speaker at

? Twitter - @nikhil_mitt ? Blog ? ? Github - ? Creator of Kautilya and Nishang ? Interested in Offensive Information Security, new attack

vectors and methodologies to pwn systems. ? Previous Talks and/or Trainings

? DefCon, BlackHat, CanSecWest, BruCON, DeepSec and more.

BlackHat USA 2017

Evading ATA by Nikhil Mittal

2

Contents

? Introduction ? Architecture ? Lab Configuration ? Detections ? Evasion and Bypass ? Complete attack path/kill chain from normal

domain user to DA ? Conclusion

BlackHat USA 2017

Evading ATA by Nikhil Mittal

3

What is Microsoft ATA?

? "Advanced Threat Analytics (ATA) is an onpremises platform that helps protect your enterprise from multiple types of advanced targeted cyber attacks and insider threats."

? ATA detects attacks by reading certain "interesting" protocols' traffic to the domain controller(s), SIEM events and logs.

? Anomaly based and behavior based detection.

BlackHat USA 2017

Evading ATA by Nikhil Mittal

4

ATA Architecture

BlackHat USA 2017

Evading ATA by Nikhil Mittal

5

................
................

In order to avoid copyright disputes, this page is only a partial summary.

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

Analyzing Microsoft ATA - Black Hat | Home

To fulfill the demand for quickly locating and searching documents.

Related download

Related searches