YoVDO

Evading Microsoft ATA for Active Directory Domination

Offered By: BruCON Security Conference via YouTube

Tags

BruCON Courses Cybersecurity Courses Active Directory Courses Threat Detection Courses

Course Description

Overview

Explore techniques for evading Microsoft Advanced Threat Analytics (ATA) in Active Directory environments during this 50-minute conference talk from BruCON 0x09. Delve into ATA's defense mechanisms, including its ability to detect various attacks like Pass-the-Hash, Pass-the-Ticket, and Golden Ticket. Learn about potential vulnerabilities in ATA's design and discover how red teamers and penetration testers can modify their attack chains to bypass detection. Examine topics such as threat detection, user hunting, Kerberos ticket attacks, and MongoDB exploitation. Gain insights into defending and avoiding ATA, as well as understanding its limitations. Enhance your knowledge of Active Directory security and penetration testing methodologies in this comprehensive presentation.

Syllabus

Introduction
About Nikhil
What is ATA
Threat Detection
User Hunting
Further Attacks
Overpass detection
Golden Ticket decryption
Timebased detection
bypasses
Silver Ticket
Kerberos Ticket
Attacking ATA
MongoDB
MongoDB Console
Visibility
ATA still helps
Defending ATA
Avoiding ATA
Limitations
Conclusion


Taught by

BruCON Security Conference

Related Courses

AWS Security Traffic Monitoring and Packet Analysis
Amazon Web Services via AWS Skill Builder AWS: Threat Detection, Logging and Monitoring
Whizlabs via Coursera Basics of Amazon GuardDuty (AWS Partner-led Support)
Amazon Web Services via AWS Skill Builder Chronicle Technical Training
Google via Google Cloud Skills Boost Cloud Security on AWS
Edureka via Coursera