Skip to main content

Evading Microsoft ATA > Another reason to use 2FA for Windows Admins

(0 comments)

Nikhil "SamratAshok" Mittal has a great series of posts on how to avoid detection by Microsoft's Advanced Threat Analytics (ATA).

We won't say that you shouldn't deploy ATA to monitor your network for suspicious behavior, especially if your licensing already is covered.  However, it does seem like an example of technology designed to protect something that you'd be better off not having at all: static admin credentials. As we proved in our last post on defeating pass-the-hash with two-factor authentication, tools like mimikatz will fail when using WiKID's native AD protocol for Admins.  ATA seems like a great tool, but Nikhil has shown that defense-in-depth is the key as always.

Currently unrated

Comments

There are currently no comments

New Comment

required

required (not published)

optional

Recent Posts

Archive

2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom