YoVDO

Evading Microsoft ATA for Active Directory Domination

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Active Directory Courses LDAP Courses Threat Detection Courses Brute-Force Attacks Courses IPsec Courses Power View Courses

Course Description

Overview

Explore techniques for evading Microsoft Advanced Threat Analytics (ATA) in Active Directory environments in this Black Hat conference talk. Delve into ATA's functionality, threat detection capabilities, and lab configurations. Learn about user hunting, service principal scanning, and evasion methods using PowerView. Examine brute force attacks, golden ticket techniques, and constrained delegation vulnerabilities. Discover how to manipulate ATA's MongoDB, alter alert identities, and set visibility. Analyze ATA's limitations and discuss defensive strategies. Gain insights into avoiding detection and understanding the implications for Active Directory security.

Syllabus

Introduction
About Me
Agenda
What is ATA
How it works
Lab Configuration
Threat Detection
User Hunting
SP and Scanning
Evading ATA with Power View
Brute Force
EType
AES Keys
Over Pasta Hash Detection
Fake Events
Golden Ticket Attack
Golden Ticket Downgrade
Lifetime Based Detection
Constrainted Delegation
Not Detected
No Use
No Detection
Kerberos
Sequel Servers
Interactions
Espeon Scanning
LDAP IPSec ESB
Attacking Microsoft ATA
MongoDB
Change Alert Identity
Set Alert Visibility
Defenses
Avoiding ATA
Limitations
ATA Team
Summary
Conclusion


Taught by

Black Hat

Related Courses

Security Principles
(ISC)² via Coursera
A Strategic Approach to Cybersecurity
University of Maryland, College Park via Coursera
FinTech for Finance and Business Leaders
ACCA via edX
Access Control Concepts
(ISC)² via Coursera
Access Controls
(ISC)² via Coursera