cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

ATA Playbook Issues

Robert McArthur
Copper Contributor

‎Mar 30 2017 02:44 AM - last edited on ‎Nov 30 2021 09:02 AM by

‎Mar 30 2017 02:44 AM - last edited on ‎Nov 30 2021 09:02 AM by

ATA Playbook Issues

Hi
 
I ran through the playbook today but I had a few issues. 
 
Step 9: Powersploit appears to have a bug with Powershell 5.0 that mean the Get-NetLocalGroup cmdlet doesn't work (obviously not the ATA playbook authors fault, just putting it out there)
 
Step 10-12:  ATA didn't alert me to the Overpass-The-Hash attack
 
Step 15-17:  ATA didn't alert me to the PTT attack
 
Now I'll admit my lab isn't exactly as in the guide but surely ATA should offer the same protection
 
1 x Windows Server 2016 DC with lightweight gateway installed
2 x Windows 10 Enterprise 1511 machines representing admin-pc and victim-pc
 
Could missing the OPTH and PTT attacks be as the result of a misconfiguration?  Everything else got picked up as expected.
 
I think this guide is great btw, just a couple of issues :)

1,789 Views
1 Like
1 Reply
Reply
1 Reply
Daniel Martins

‎Apr 26 2017 04:17 PM - edited ‎May 19 2017 04:59 PM

‎Apr 26 2017 04:17 PM - edited ‎May 19 2017 04:59 PM

Re: ATA Playbook Issues

We`re glad you liked the Playbook, and thanks for shouting out, Robert. I`m sure @Ophir Polotsky@Hadi Inja, @Michael Dubinsky@Benny Lakunishok, and @Ryan Heffernan will be most interested in this feedback.

0 Likes
Reply