%3CLINGO-SUB%20id%3D%22lingo-sub-250115%22%20slang%3D%22en-US%22%3EHow%20to%20simulate%20and%20detect%20attacks%20with%20the%20Advanced%20Threat%20Analytics%20Playbook%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-250115%22%20slang%3D%22en-US%22%3E%0A%20%26lt%3Bmeta%20http-equiv%3D%22Content-Type%22%20content%3D%22text%2Fhtml%3B%20charset%3DUTF-8%22%20%2F%26gt%3B%3CSTRONG%3EFirst%20published%20on%20CloudBlogs%20on%20Feb%2023%2C%202017%20%3C%2FSTRONG%3E%20%3CBR%20%2F%3E%20One%20of%20the%20biggest%20pieces%20of%20feedback%20the%20Advanced%20Threat%20Analytics%20(ATA)%26nbsp%3Bteam%20has%20received%20is%20a%20request%20for%20a%20clear%2C%20easy%20way%20to%20simulate%20attacks%20and%20see%20how%20ATA%20detects%20them.%20So%20that%E2%80%99s%20exactly%20what%20we%20did.%20We%E2%80%99ve%20written%20a%20playbook%20that%20contains%3A%3COL%3E%0A%20%20%20%3CLI%3EA%20step-by-step%20guide%20to%20simulating%20different%20techniques%20used%20in%20real-world%20advanced%20attack%20scenarios.%3C%2FLI%3E%0A%20%20%20%3CLI%3EWalk-through%20of%20a%20full%20attack%20campaign%20%E2%80%93%20From%20initial%20reconnaissance%20all%20the%20way%20to%20Domain%20Dominance.%3C%2FLI%3E%0A%20%20%20%3CLI%3EWalk-through%20of%20ATA%E2%80%99s%20detection%20of%20suspicious%20activities.%3C%2FLI%3E%0A%20%20%3C%2FOL%3E%3CA%20href%3D%22http%3A%2F%2Faka.ms%2Fataplaybook%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EDownload%20the%20ATA%20Attack%20Simulation%20Playbook%20%3C%2FA%3E%20.%20Note%20that%20not%20all%20the%20attacks%20that%20ATA%20can%20detect%20appear%20in%20the%20playbook.%20Some%20of%20ATA%E2%80%99s%20detections%20require%20a%20learning%20period.%20The%20playbook%20does%20not%20provide%20a%20method%20to%20simulate%20techniques%20which%20requires%20a%20learning%20period%20for%20simplicity.%20Let%20us%20know%20what%20you%20think%2C%20and%20suggest%20techniques%20for%20the%20next%20iteration%20of%20the%20playbook%20in%20our%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FMicrosoft-Advanced-Threat%2Fbd-p%2FMicrosoft-Advanced-Threat-Analytics%22%20target%3D%22_blank%22%3E%20tech%20community%20%3C%2FA%3E%20.%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-250115%22%20slang%3D%22en-US%22%3EFirst%20published%20on%20CloudBlogs%20on%20Feb%2023%2C%202017%20One%20of%20the%20biggest%20pieces%20of%20feedback%20the%20Advanced%20Threat%20Analytics%20(ATA)%26nbsp%3Bteam%20has%20received%20is%20a%20request%20for%20a%20clear%2C%20easy%20way%20to%20simulate%20attacks%20and%20see%20how%20ATA%20detects%20them.%3C%2FLINGO-TEASER%3E
First published on CloudBlogs on Feb 23, 2017
One of the biggest pieces of feedback the Advanced Threat Analytics (ATA) team has received is a request for a clear, easy way to simulate attacks and see how ATA detects them. So that’s exactly what we did. We’ve written a playbook that contains:
  1. A step-by-step guide to simulating different techniques used in real-world advanced attack scenarios.
  2. Walk-through of a full attack campaign – From initial reconnaissance all the way to Domain Dominance.
  3. Walk-through of ATA’s detection of suspicious activities.
Download the ATA Attack Simulation Playbook . Note that not all the attacks that ATA can detect appear in the playbook. Some of ATA’s detections require a learning period. The playbook does not provide a method to simulate techniques which requires a learning period for simplicity. Let us know what you think, and suggest techniques for the next iteration of the playbook in our tech community .