Friday, December 22, 2017

Advanced Threat Analytics–Attack Simulation and Demo – Part1

Friday, December 22, 2017 2:00 AM  Blog-5  35 comments

Advanced Threat Analytics–Attack Simulation and Demo–Part2
Advanced Threat Analytics–Attack Simulation and Demo–Part3
Microsoft Advanced Threat Analytics (ATA) is an user and entity behavior analytics solution to identify and protect protect organizations from advanced targeted attacks (APTs).  You can read more information about Microsoft Advanced Threat Analytics (ATA) here.  The purpose of this blog is to provide a few methods which can be used to simulate and demonstrate some of the basic attacks for demo and testing purpose.
Suspicious Activity Simulation #1 – ATA Gateway Stopped Communicating 
We will start with the most obvious one! – ATA communication issue.   In this scenario, I am using ATA Light Weight Gateway(LWGW).  In this case Microsoft Advanced Threat Analytics Gateway (ATAGateway) service should be running on Domain Controllers. 
To simulate this scenario,
  1. Identify all Domain Controllers from the forest/domain. You can use the following DSQUERY command to get all DCs from the domain.  
    • DsQuery Server -Forest
  2. Stop the ATAGateway service remotely
    • Here are a few scripts -  Script1 or Script2 or Script3 – if you want to go a script based approach
    • Or we can use a simple SC command – SC \\Lab-DC01 stop ATAGateway
    • image
You will receive the following high alert – ATA Gateway Stopped Communicating – in Health Center. 
image
Suspicious Activity Simulation #2Honey Token Account Activities
In general, the Honey Token accounts are non-interactive accounts.  These accounts can be dummy accounts for detect malicious activities.
To simulate this scenario,
  1. Create two 2 user accounts in Active Directory (ATA-Test1 and ATA-Test2)
  2. Add ATA-Test2 to Domain Admins group
  3. Get the SID of ATA-Test1 and ATA-Test2 using PowerShell or DSQUERY command
    • dsquery * -filter (samaccountname=ata-test1) -attr objectsid (Reference)
    • Get-ADUser Ata-test1 -Properties objectSID (Reference)
  4. Add this SID as Honey token accounts (ATA Console –> Configuration –> Detection –> Honeytoken Account SIDs). Save the configuration. 
  5. image
  6. Establish an integrative logon session using these accounts. You can RDP into a machine use these accounts
Honey Token accounts (non-sensitive)
You will receive the following alert/email with recommended actions in the ATA console. 
image
Honey Token accounts (Sensitive)
Since ATA-Test2 account is a domain admin account, you will receive the same alert with "Sensitive (S )" indicating that this account is a high privileged account in Active Directory. 
image
Suspicious Activity Simulation #3 – Massive Object Deletion
Bulk object deletion can be a suspicious activity in an Active Directory environment.  ATA can alert alert you based on massive object deletion activities. 
To simulate this scenario,
  1. Create a few users in Active directory. Here is a sample PowerShell  script which you can use to create test accounts in Active Directory
Clear
Import-module activedirectory
$pass = ConvertTo-SecureString "MyPassword0!" –asplaintext –force
for ($i=0;$i -lt 100;$i++)
{
$accountname = "Test-Account$i"
Write-Host "Creating $accountname" -NoNewline
New-ADUser –SamAccountName $accountname –name $accountname -OtherAttributes @{'description'="ATA Test User Account"} -Path "OU=Test Accounts,OU=User Accounts,DC=labanddemo,DC=com"
Set-ADAccountPassword –identity $accountname –NewPassword $pass
Write-Host "...Done"
}
  1. Make sure ATA is "learned" about these account.
  2. image
  3. Delete these accounts from Active Directory 
You will receive the Massive Object Deletion alert in the ATA console right away as shown below. 
image
Suspicious Activity Simulation #4 - Reconnaissance using DNS
The DNS or name resolution information in a network would be  useful reconnaissance information. In general, DNS data contains a list of all the servers and workstations and the mapping to their IP addresses. Verifying this  information may provide attackers with a detailed view of the environment allowing attackers to focus their efforts on the relevant entities. 
For this simulation, the plan is to perform a DNS zone lookup using NSLOOKUP LS command. 
To simulate this scenario,
  1. Logon to a remote server. 
  2. Open Command Prompt and run NSLOOKUP command
  3. From the NSLOOKUP window, run LS command to list the DNS zone
image
You will receive the following Reconnaissance using DNS alert the ATA console. 
image
Advanced Threat Analytics–Attack Simulation and Demo–Part2
Advanced Threat Analytics–Attack Simulation and Demo–Part3

Posted in:

35 comments:

Hi Santhosh, Sanjay here. I just wanted to say that over the years you've been sharing helpful info and helping people learn more about AD, please keep up the good work. Last week I wrote a post titled A Few Notable Names in Active Directory, and you're on the list :-)

Alright then, keep up the good work Santhosh!


Best wishes, Sanjay

I think this should be the best replica watch I have ever bought.Best UK Swiss watches I share this website with my friends. They are very happy, the price is so cheap,Fake rolex Watches and I can buy such a good watch.

I am sure that on https://resume-chief.com/blog/teacher-resume you can learn a lot about teacher resume. It means a lot if you want to achieve success

I am really enjoying your site.It’s simple, yet effective, thank you for this article.Now I have to share some information about How To Fix “mcafee Antivirus” problem. If you have any problem rearding Mcafee so click on this site:mcafee antivirus nummer belgie

hi, your post is very helpful for me. Finally, I found exactly what i want. If need information regarding printers then you can visit our site Xerox Printer ondersteuning for help.

hi, Your post is very helpful for me, If you want to know more about antivirus then you can visit our site Canon Printer contacteren for help.


hi, Your post is very helpful for me,finally i got exactly what I want. If you want to know more about antivirus then you can visit our site Bitdefender belgie help.


Commenting as lilyloo180@gmail.com
Comment as:

hi, Your post is very helpful for me, finally i found exactly what i want , If you want to know more about antivirus then you can visit our site Kaspersky antivirus nummer for help.

Writing in style and getting good compliments on the article is hard enough, to be honest, but you did it so calmly and with such a great feeling and got the job done. This item is owned with style and I give it a nice compliment. Better!
Cyber Security Training in Bangalore

The effectiveness of IEEE Project Domains depends very much on the situation in which they are applied. In order to further improve IEEE Final Year

Project Domains practices we need to explicitly describe and utilise our knowledge about software domains of software engineering Final Year Project

Domains for CSE technologies. This paper suggests a modelling formalism for supporting systematic reuse of software engineering technologies

during planning of software projects and improvement programmes in Final Year Projects for CSE.



Software management seeks for decision support to identify technologies like JavaScript that meet best the goals and characteristics of a software

project or improvement programme. JavaScript Training in

Chennai Accessible experiences and repositories that effectively guide that technology selection are still lacking.



Aim of technology domain analysis is to describe the class of context situations (e.g., kinds of JavaScript software projects) in which a software

engineering technology JavaScript Training in Chennai can be applied successfully



The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing,

and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training

This comment has been removed by the author.

writing these types of articles is very helpful to the people and this is the reason what makes people do visit a website frequently. muslim women gym Derby

I feel very grateful that I read this. It is very helpful and very informative and I really learned a lot from it.
Data Science Course in Chennai

We have made order weed online USA to be a very easy and simple process for everyone to Buy marijuana online. We have successfully shipped thousands of weed for sale online orders around the world using extreme stealth, regardless of your country or state’s laws to buy marijuana online from dispensaries shipping worldwide. We offer reliable payment methods and we safeguard your packages, and your privacy is our main priority. http://smokebestplug.com/

Order weed online USA
http://smokebestplug.com/
For more details contact us at:
Contact us on Text, WhatsApp or call
USA: +17202487228
EUROPE, UK: +31657792266
Email us: contact@smokebestplug.com

http://smokebestplug.com/product/order cannabis online The Best Cannabis Store for Mail Order Marijuana/
https://www.weeds-4all.com/
https://cannabisbudeurope.com/
http://smokebestplug.com/product/white-widow-2/
https://smokebestplug.com/product-category/indica/
https://smokebestplug.com/product-category/sativa/
online dispensaries that ship
best online dispensary USA shipping
online marijuana dispensary home delivery
buy cannabis edibles online nationwide
online weed delivery California
mail order marijuana edibles online
Colorado marijuana dispensaries that ship
buy weed online
marijuana dispensaries that ship nationwide
mail order marijuana edibles online
cannabis delivery near me
online marijuana delivery nationwide
online dispensary mail order cheap
marijuana dispensary that ships everywhere
mail order dispensaries in USA
online dispensaries that ship anywhere in USA
mail order marijuana edibles online
best online dispensary USA shipping
best online marijuana dispensary
Colorado dispensaries that ship
buy cannabis edibles online nationwide
online dispensaries that ship
marijuana dispensary that ships everywhere
mail order cannabis from Colorado
Colorado mail order marijuana stores
marijuana dispensaries that ship nationwide
can you order marijuana online?
Colorado marijuana dispensaries that ship
marijuana dispensary that ships everywhere
mail order marijuana edibles online
can you order medical marijuana online?
mail order marijuana united states
California wholesale cannabis prices
mail order marijuana edibles online
Colorado marijuana for sale online
Colorado marijuana dispensaries that ship
marijuana dispensaries that ship nationwide
marijuana for sale by mail order Colorado
marijuana online store free shipping
marijuana online shopping
buy cannabis by post uk
buy legal cannabis in uk
buy hash online Amsterdam
buy hash uk delivery
buy hash online USA
best websites to buy weed
buy cannabis online uk delivery
buy weed online uk
marijuana online store free shipping
buying marijuana edibles online legal
buy marijuana online USA cheap
best online marijuana store
order marijuana online from Colorado
buying marijuana online legal
real weed for sale online
online weed delivery
cheap marijuana online
cheap marijuana online sales
cheap marijuana seeds USA
buy legal weed online cheap
marijuana for sale online
best online marijuana store
cheap marijuana stocks
weed online cheap
cheap weed Canada
cheap weed dispensary
reddit cheapest weed online
cheap bud Canada
cheap weed ca
cheap buds ca
cheap bud
where to get weed wholesale
wholesale weed USA
cheap wholesale weed
wholesale weed products
wholesale marijuana for sale
buy wholesale weed online
wholesale marijuana
wholesale weed prices
buy medical cannabis online
can i buy cannabis online
cannabis online store
USA cannabis seeds shop
cannabis seeds sold in USA
best place to buy cannabis seeds online
is buying cannabis online legal
cannabis seeds for sale online
best marijuana seeds by mail
best cannabis seed company
best cannabis seed banks
best online seed store
best online cannabis seed store
most trusted cannabis seed banks
best seed bank uk


Are you wondering how you can get your project written by an expert? At GoAssignmentHelp.com it's the easiest thing in the world! We have the expert assignment writers due to which we can provide the best help for the accounting homework help to our customers. GoAssignmentHelp.com has experts who can work super-fast without missing any requirements or hampering the quality of assignments. Our professional assignment helpers are trained to complete superior quality Assignment help within challenging deadlines. Many companies will provide to do this, but there’s just one that you can trust completely – GoAssignmentHelp.com If you choose our company, we will cover all aspects so that you receive remarkable writing in the shortest time. We will share all the perks which you can enjoy from our statistics homework help, assignment writing help service. Pay less and enjoy our wide slew of academic services to hand over a perfect paper to your professors within your deadlines. It is so easy to get in touch with us and, through a real-time chat, phone number or an email and you can be sure all your queries will be solved.

Thank you for sharing the useful post. A reader got a lot of information from this post and utilized it in their research. I also provide independent support for the outlook email. So if you are facing issues with the outlook account then contact me for outlook customer service.
Also Read: Outlook not connecting to server | Outlook send receive error | outlook cannot connect to server | outlook not receiving emails.

Buy real passport online .. https://exclusivedocumentsnetwork.com/buy-real-passport-online/
buy counterfeit money online … https://exclusivedocumentsnetwork.com/buy-counterfeit-money-online/
buy genuine driving licence ...  https://exclusivedocumentsnetwork.com/buy-real-driver-license-online/
buy ssn online ... https://exclusivedocumentsnetwork.com/buy-social-security-card-online/
buy residence permit online ...  https://exclusivedocumentsnetwork.com/buy-residence-permit-online/
buy counterfeit money with credit card ....  https://exclusivedocumentsnetwork.com/buy-counterfeit-money-online/
buy ssn card ...  https://exclusivedocumentsnetwork.com/buy-social-security-card-online/
buy real driver license online ... https://exclusivedocumentsnetwork.com/buy-real-driver-license-online/
buy registered driving license ... https://exclusivedocumentsnetwork.com/buy-real-driver-license-online/
buy real documents online ...https://exclusivedocumentsnetwork.com/

If you want to progress in academic writing, you need to count every single step. Ensure to follow the right path and add essential qualities to your writing curve. Asking the Assignment Help of someone to write my assignment may sound instant solution but it can help you to boost your learning exposure. Write my assignment | Homework Help | Accounting Assignment Help

Are you unable to get Assignment help in UK? Don’t worry! We offer you the best quality assignment assistance. We have highly qualified writers who will provide you supreme quality help regarding your assignment.

Acadecraft leverages cutting-edge tools and technologies to enhance classroom learning. Here, the proficient and certified subject matter experts enhance classroom learning to provide interactive education. Clients receive high-quality video solutions for education. Also, the platform is the industry leader in educational content and quality solutions.
online language translation services
subtitle translation services

Students of Engineering and especially, Mechanical Engineering, have to continuously attend classes and seminars, submit assignments and homework. Be present for the practicals whenever needed, give tests and exams, and so very often intern or work part-time. With so many things to do, it is but natural to lose patience and feel that everything is unfair. Our experts at Help in Homework are here to help you grow academically and personally and feel lucky. They offer customized mechanical engineering assignment help at an absolute reduced cost so that you score as per your desire and be one of the top scorers of your class. Our experts will make certain that they remove all your hurdles effectively

Forget paying hundreds for paid guest posts backlinks based on organic traffic or domain authority alone. Great Guest Posts is the best and professional link-building Platform and fits with your pocket. Find a new path to reach your niche audience in moments by browsing through our extensive catalog of websites that accept guest posts!

If you feel you can afford an expert only when you have a good amount to spare, you are wrong. We at Help in Homework offer excellent and personalized If you feel you can afford an expert only when you have a good amount to spare, you are wrong. We at Help in Homework offer excellent and personalized Physics homework help at an unbelievably low cost. We are aware that many students are already working part-time to fund their education or to be independent; so we have a very affordable cost structure. Our experts are, however, top rankers of their academic institutes and have real experience of helping students with their assignments and homework. They will assiduously complete your homework on time and ensure that it is free from plagiarism so that you easily become one of the top rankers of your class too. at an unbelievably low cost. We are aware that many students are already working part-time to fund their education or to be independent; so we have a very affordable cost structure. Our experts are, however, top rankers of their academic institutes and have real experience of helping students with their assignments and homework. They will assiduously complete your homework on time and ensure that it is free from plagiarism so that you easily become one of the top rankers of your class too.

We at Help In Homework have selected the best and brilliant experts after a stringent process. Our experts have academic and professional credentials to match up any of your problems. They will provide you with personalized Essay Writing Services at a tremendously low price. Our experts have consistently helped students around the world with their specialized courses and subjects as they know it like the back of their hand. Our experts will complete your assignment within the deadline and help you score the perfect A grade. Trust our experts and be sure to win the hearts of your professor and classmates.

Website is very clear and easy to navigate through.custom donut boxes Clear descriptions of items available, easy check out and fast delivery.

Clenbuterol has become popular as a weight loss supplement. It has properties similar to those of salbutamol. Order now from official website of mediseller. This medicine available with the name clenbuterol 40mcg.

Buy Social Security Card ..... https://hightechsystemnetwork.com/buy-social-security-card/

embroidery digitizing services said...
wow, thanks for this informative article and this the very helpful for me and once again thankyou and keep it up and post others informative articles.

Nice post
"Searching for translation services in Brighton? Look no further than My Translation Services. Our team of language experts provides top-notch marketing translation, legal translation, and transcription services. With meticulous attention to detail, we deliver accurate and culturally appropriate translations to meet your specific requirements. Take your communication to the next level with My Translation Services."

It's such an excellent post! I really appreciate your efforts.
Assignmenthelper.my has revolutionized the educational landscape by offering the best homework helpers in Malaysia. With a user-friendly interface and intuitive features, students can easily access the assistance they require with just a few clicks. From math homework to English assignments, our platform ensures that students receive the support they need to excel.

Buy Driver License Online ..
https://hightechsystemnetwork.com/buy-driver-license-online/

German Red Mercury 20/20 258 N9: An Overview of Roteschemie
Since 1992, Roteschemie has been manufacturing / producing red mercury 20/20 258 99.9999999% (N9) and (N5), silver liquid mercury, and Caluanie Muelear oxidizers in Germany. Roteschemie is the oldest German manufacturer of red mercury, with 83 employees and sales of 9.5 billion euros in 2022. This article summarizes the company's services, products, and certifications. https://roteschemies.de/ Address: Seifgrundstraße 2, 61348 Bad Homburg vor der Höhe, Germany.
Company Background and Values
Roteschemie was founded with concern for the environment in mind. Initially, the company concentrated on recycling used mercury and other waste products containing liquid mercury. The goal was to recover raw mercury, clean it, and reintroduce it into the economy in its purest form as red and silver mercury.

Roteschemie now produces or manufactures 13 tons per week of red liquid mercury couple with precious metal concentrates from precious metal-containing waste and tailings. Furthermore, the company vacuums and immobilizes natural radioactive sludges and tailings containing red and silver mercury.

Post a Comment

Popular Posts

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More