Forum Discussion
ATA Playbook Issues
Hi
I ran through the playbook today but I had a few issues.
Step 9: Powersploit appears to have a bug with Powershell 5.0 that mean the Get-NetLocalGroup cmdlet doesn't work (obviously not the ATA playbook authors fault, just putting it out there)
Step 10-12: ATA didn't alert me to the Overpass-The-Hash attack
Step 15-17: ATA didn't alert me to the PTT attack
Now I'll admit my lab isn't exactly as in the guide but surely ATA should offer the same protection
1 x Windows Server 2016 DC with lightweight gateway installed
2 x Windows 10 Enterprise 1511 machines representing admin-pc and victim-pc
Could missing the OPTH and PTT attacks be as the result of a misconfiguration? Everything else got picked up as expected.
I think this guide is great btw, just a couple of issues 🙂
1 Reply
- DaniMartMS
Microsoft
We`re glad you liked the Playbook, and thanks for shouting out, Robert. I`m sure Ophir Polotsky, Hadi Inja, Michael Dubinsky, Benny Lakunishok, and Ryan Heffernan will be most interested in this feedback.
