Evading Microsoft ATA for Active Directory Domination

Дата: 05.03.2018. Автор: CISO CLUB. Категории: Подкасты и видео по информационной безопасности

Microsoft Advanced Threat Analytics (ATA) is a defense platform which reads information from multiple sources like traffic for certain protocols to the Domain Controller, Windows Event Logs and SIEM events. The information thus collected is used to detect Reconnaissance, Credentials replay, Lateral movement, Persistence attacks etc. Well known attacks like Pass-the-Hash, Pass-the-Ticket, Overpass-the-Hash, Golden Ticket, Directory services replication, Brute-force, Skeleton key etc. can be detected using ATA.

By Nikhil Mittal

Full Abstract & Presentation Materials: https://www.blackhat.com/us-17/briefings.html#evading-microsoft-ata-for-active-directory-domination

CISO CLUB

Об авторе CISO CLUB

Редакция портала cisoclub.ru. Добавляйте ваш материал на сайт в разделе "Разместить публикацию".
Читать все записи автора CISO CLUB

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *