Hacker Bypasses Microsoft ATA for Admin Access

Discussion in '0-day Release' started by RGiskardR, Jun 19, 2017.

  1. RGiskardR

    RGiskardR Malware Tester Silver Member

    Hacker Bypasses Microsoft ATA for Admin Access

    Microsoft's Advanced Threat Analytics defense platform can be cheated, a researcher will show at Black Hat USA next month.
    Microsoft's Advanced Threat Analytics (ATA) platform for detecting cyberattacks can be evaded by attackers to achieve organizational control, a security researcher has discovered.

    ATA works by reading information from multiple sources: Windows Event Logs, SIEM events, and certain protocols to the Domain Controller. When communication to the Domain Control is done using protocols like Kerberos, NTLM, RPC, DNS, LDAP, etc., ATA parses the traffic to gather data about possible attacks and user behavior. ATA can detect known attacks like pass-the-hash, pass-the-ticket, Directory Services replication, brute-force, and skeleton key, for example.

    But Nikhil Mattal, hacker for the Pentester Academy, found a way to bypass ATA and gain administrative access, which he will detail next month at Black Hat USA in Las Vegas in his session there, "Evading Microsoft ATA for Active Directory Domination."

    Full source: https://www.darkreading.com/attacks...microsoft-ata-for-admin-access/d/d-id/1329163
    wwd and silversurfer like this.
  2. Google Adsense

Share This Page