Evading Microsoft ATA for Active Directory Domination
Offered By: BruCON Security Conference via YouTube
Course Description
Overview
Explore techniques for evading Microsoft Advanced Threat Analytics (ATA) in Active Directory environments during this 50-minute conference talk from BruCON 0x09. Delve into ATA's defense mechanisms, including its ability to detect various attacks like Pass-the-Hash, Pass-the-Ticket, and Golden Ticket. Learn about potential vulnerabilities in ATA's design and discover how red teamers and penetration testers can modify their attack chains to bypass detection. Examine topics such as threat detection, user hunting, Kerberos ticket attacks, and MongoDB exploitation. Gain insights into defending and avoiding ATA, as well as understanding its limitations. Enhance your knowledge of Active Directory security and penetration testing methodologies in this comprehensive presentation.
Syllabus
Introduction
About Nikhil
What is ATA
Threat Detection
User Hunting
Further Attacks
Overpass detection
Golden Ticket decryption
Timebased detection
bypasses
Silver Ticket
Kerberos Ticket
Attacking ATA
MongoDB
MongoDB Console
Visibility
ATA still helps
Defending ATA
Avoiding ATA
Limitations
Conclusion
Taught by
BruCON Security Conference
Related Courses
Windows Server 2016 Security FeaturesMicrosoft via edX Detecting and Mitigating Cyber Threats and Attacks
University of Colorado System via Coursera Threat Detection: Planning for a Secure Enterprise
Microsoft via edX Microsoft Professional Capstone : Cybersecurity
Microsoft via edX Cyber Security Operations (Cisco CCNA)
The Open University via FutureLearn