Evading Microsoft ATA for Active Directory Domination

Overview

Explore techniques for evading Microsoft Advanced Threat Analytics (ATA) in Active Directory environments in this Black Hat conference talk. Delve into ATA's functionality, threat detection capabilities, and lab configurations. Learn about user hunting, service principal scanning, and evasion methods using PowerView. Examine brute force attacks, golden ticket techniques, and constrained delegation vulnerabilities. Discover how to manipulate ATA's MongoDB, alter alert identities, and set visibility. Analyze ATA's limitations and discuss defensive strategies. Gain insights into avoiding detection and understanding the implications for Active Directory security.

Syllabus

Introduction
About Me
Agenda
What is ATA
How it works
Lab Configuration
Threat Detection
User Hunting
SP and Scanning
Evading ATA with Power View
Brute Force
EType
AES Keys
Over Pasta Hash Detection
Fake Events
Golden Ticket Attack
Golden Ticket Downgrade
Lifetime Based Detection
Constrainted Delegation
Not Detected
No Use
No Detection
Kerberos
Sequel Servers
Interactions
Espeon Scanning
LDAP IPSec ESB
Attacking Microsoft ATA
MongoDB
Change Alert Identity
Set Alert Visibility
Defenses
Avoiding ATA
Limitations
ATA Team
Summary
Conclusion

Taught by

Black Hat

Reviews

Start your review of Evading Microsoft ATA for Active Directory Domination

3000+ Courses from California Community Colleges

Most common

Popular subjects

Popular courses

Evading Microsoft ATA for Active Directory Domination

Overview

Syllabus

Taught by

Reviews

3000+ Courses from California Community Colleges

Taught by

Evading Microsoft ATA for Active Directory Domination

Red Team Revenge - Attacking Microsoft ATA

Never Stop Learning.