Remove From My Forums

ATA 2016 fails to live up to its promise...

Question
0

Sign in to vote
Hi,

We have been asked by our customer to share this information with the ATA/MS community:

We performed a large number of attacks to try test ATA's functionality, and unfortunately don't have anything good to say about ATA:

Illegal DNS zone transfer from DC: ATA logged this attempt
Mimikatz DCSync on DC: ATA noticed nothing
ms14068.exe attack on DC: ATA noticed nothing
Netsess.exe SMB enumeration of DC: ATA noticed nothing
PSexec of DC: ATA noticed nothing
LDAP simple bind/SPNEGO: ATA noticed nothing
Countless other 'hacks' from various MS and Unix environments

Tests were performed and repeated by different people using Domain Admin accounts, Domain User accounts, non-domain accounts, anonymous accounts, domain joined and not joined machines.

Unfortunately, after a lot of testing, ATA has proven itself to be pretty useless - and we feel that this particular customer will be removing ATA from its list of product/vendor candidates by the end of this week.

Annyeong.

PS.

Version:

ATA 2016 1.6 on Windows 2012 R2.
DC on Windows 2012.
- Edited by Shim Kwan Thursday, May 12, 2016 3:47 AM
Thursday, May 12, 2016 3:45 AM

Reply

|

Quote

All replies

0

Sign in to vote

Im not sure how your setup is done, but i just did a simple mimikatz:LSADUMP:DCsync test against my ATA system and it was detected with ATA 1.6, freshly installed 3 days ago.

All servers are 2012R2

Thursday, May 12, 2016 11:09 AM

Reply

|

Quote
0

Sign in to vote
I have also carried out most of the same tests and ATA has detected them within my environment as well.

I did have an issue when I first set it up and didn't read to not install wireshark on the gateways it didn't like that

All 2012R2 and I checked it against 1.5 and 1.6 as I tested again as I just upgraded
- Edited by dscotland Thursday, May 12, 2016 6:40 PM Forgot to put versions
Thursday, May 12, 2016 1:15 PM

Reply

|

Quote