A coworker and I are scanning our network for open shares as prep for a Disaster Recovery Tabletop Exercise.
We're looking for fileshares with files that we could list as being encrypted by a Ransomware.
The participants will be presented with a scenario on how to resolve the problem.
Anyways, we're using a test domain account copied on a random enduser.
His workstation performing the scan is hitting hundreds of network devices' fileshares simultaneously.
I'm curious why ATA isn't seeing these mass authentication success/failures as a possible issue, especially the nmap/metasploit.
