Explore techniques for evading Microsoft Advanced Threat Analytics (ATA) in Active Directory environments during this 50-minute conference talk from BruCON 0x09. Delve into ATA's defense mechanisms, including its ability to detect various attacks like Pass-the-Hash, Pass-the-Ticket, and Golden Ticket. Learn about potential vulnerabilities in ATA's design and discover how red teamers and penetration testers can modify their attack chains to bypass detection. Examine topics such as threat detection, user hunting, Kerberos ticket attacks, and MongoDB exploitation. Gain insights into defending and avoiding ATA, as well as understanding its limitations. Enhance your knowledge of Active Directory security and penetration testing methodologies in this comprehensive presentation.
Overview
Syllabus
Introduction
About Nikhil
What is ATA
Threat Detection
User Hunting
Further Attacks
Overpass detection
Golden Ticket decryption
Timebased detection
bypasses
Silver Ticket
Kerberos Ticket
Attacking ATA
MongoDB
MongoDB Console
Visibility
ATA still helps
Defending ATA
Avoiding ATA
Limitations
Conclusion
Taught by
BruCON Security Conference
