MATA Centre Not Detecting Plain-Text Password Hack RRS feed

  • Question

  • Hi,

    I just tried to retrieve the password of a logged-on domain joined user. I used Mimikatz to retrieve the password in plain text. But ATA centre is not detecting this threat.

    Is there any problem in my configuration? Am I doing anything wrong?

    Please help! 

    Wednesday, October 14, 2015 5:59 AM

All replies

  • Hi Karanmeet,

    ATA will alert when it sees clear text password of a sensitive account being used to authenticate to the domain controller sent over the network.


    ATA Team

    Gershon Levitz [MSFT]

    Wednesday, October 14, 2015 1:46 PM
  • Microsoft advanced Thread Analytics only monitor and process traffics related to Domain Controller.

    doing lsas.exe dump operation from a machine and decrypting, is not send any traffic to domain controller and not show any warning or suspicious activity.

    Best Regard.

    Tuesday, June 12, 2018 1:15 PM