User Profile

af-00001

Brass Contributor

Joined Jan 23, 2019

5 Posts9 LikesLikes received

View All Badges

User Widgets

Recent Discussions

Re: Running a powershell script through a live response session
Thank you! That solved it for me as well. signing cert needs to be imported directly into trusted publishers.
Mar 14, 2022 Place Microsoft Defender XDR
14KViews
0likes
0Comments
Re: Running a powershell script through a live response session
TheDilly Thanks ill check that. However the signing cert I have used if a fully correct suburbanite CA from the domain PKI. So should already be fully trusted on all machines in the domain
Mar 10, 2022 Place Microsoft Defender XDR
14KViews
0likes
2Comments
Re: Running a powershell script through a live response session
I'm facing exactly the same issue, and yet to find the solution. signed script works perfectly when run locally, however running the same script on the same machine via live response. fails with the same error - "AuthorizationManager check failed"
Mar 04, 2022 Place Microsoft Defender XDR
15KViews
0likes
7Comments
What is going on with ATA?
Hi ATA team, Don't get me wrong I still see the value in ATA, but the value I see it in it is diminishing day by day. There are number of things which are really starting to concern me with this product. No updates for almost a year, possibly longer (I cant find the date 1.9 was released, and 1.9.1 I don't think added any new features) Completely failed during red team exercise (Missed both enumeration and lateral movement), despite feeding back the problems, nothing came from it. So at the point it should deliver value, it provided zero. Which makes me question why do we pay for it? Large known gaps in detections, like zero detection for any enumeration via ldap. Given tools like bloodhound do all their work over ldap this is not good. The integration with 3rd Party SIEMs is basic at best. Alerts via feeds to SIEMs are not stand-alone (ie contain all the information you need), forcing you back to the portal, this simply does work when your SOC is provided by an MSP with lots of clients. If I cant integrate it with our SOC well, I don't get the value from the product I should. I have had support tickets open for over a year, for agents not starting. To the point we have just given up trying to get the agent to run on some of our domain controllers. I have tired reaching out to the product team multiple times with issues, but nothing ever seems to get resolved. It appears to me that all resource goes towards AzureATP, leaving us ATA customers getting the short end of the stick. So what is going on with ATA? Regards James
Jan 23, 2019 Place Microsoft Defender for Identity
2.3KViews
0likes
7Comments

Recent Blog Articles

No content to show