Evading Microsoft ATA for Active Directory Domination
Offered By: Black Hat via YouTube
Course Description
Overview
Explore techniques for evading Microsoft Advanced Threat Analytics (ATA) in Active Directory environments in this Black Hat conference talk. Delve into ATA's functionality, threat detection capabilities, and lab configurations. Learn about user hunting, service principal scanning, and evasion methods using PowerView. Examine brute force attacks, golden ticket techniques, and constrained delegation vulnerabilities. Discover how to manipulate ATA's MongoDB, alter alert identities, and set visibility. Analyze ATA's limitations and discuss defensive strategies. Gain insights into avoiding detection and understanding the implications for Active Directory security.
Syllabus
Introduction
About Me
Agenda
What is ATA
How it works
Lab Configuration
Threat Detection
User Hunting
SP and Scanning
Evading ATA with Power View
Brute Force
EType
AES Keys
Over Pasta Hash Detection
Fake Events
Golden Ticket Attack
Golden Ticket Downgrade
Lifetime Based Detection
Constrainted Delegation
Not Detected
No Use
No Detection
Kerberos
Sequel Servers
Interactions
Espeon Scanning
LDAP IPSec ESB
Attacking Microsoft ATA
MongoDB
Change Alert Identity
Set Alert Visibility
Defenses
Avoiding ATA
Limitations
ATA Team
Summary
Conclusion
Taught by
Black Hat
Related Courses
Security Principles(ISC)² via Coursera A Strategic Approach to Cybersecurity
University of Maryland, College Park via Coursera FinTech for Finance and Business Leaders
ACCA via edX Access Control Concepts
(ISC)² via Coursera Access Controls
(ISC)² via Coursera