Red Team Revenge : Attacking Microsoft ATA - Presented by: Nikhil Mittal at 44CON 2017
Microsoft Advanced Threat Analytics (ATA) is a defence platform which reads information from multiple sources like traffic for certain protocols to the Domain Controller, Windows Event Logs and SIEM events. The information collected is used to detect Reconnaissance, Credentials replay, Lateral movement, Persistence attacks etc. Well known attacks like Pass-the-Hash, Pass-the-Ticket, Overpass-the-Hash, Golden Ticket, Directory services replication, Brute-force, Skeleton key etc. can be detected using ATA. Whenever communication to a Domain Controller is performed using protocols like Kerberos, NTLM, RPC, DNS, LDAP etc., ATA will parse that traffic for gathering information about not only possible attacks but user behaviour as well. It slowly builds an organizational graph and can detect deviations from normal behaviour.
This talk focuses on identifying and attacking ATA installations. Can ATA be attacked to suppress alerts? How noisy is it to attack ATA? How can alerts related to a particular identity (user and computer) be exempted? How can ATA be controlled and crippled remotely?
For more from 44CON and tickets visit 44CON Website: [ Ссылка ]
---=== Contact ===---
YouTube: [ Ссылка ]
Website: [ Ссылка ]
Twitter: [ Ссылка ]
LinkedIn: [ Ссылка ]
Facebook: [ Ссылка ]
---=== Music Credits ===---
Island - by MBB: [ Ссылка ] ([ Ссылка ])
Grind - by Andrew Huang - YouTube Music Library
