October 25-28, 2017!! We’re going to have so much fun! Hopefully you can join us!
Back To Schedule
Saturday, October 28 • 11:30 - 12:15
Red Team Techniques for Evading, Bypassing, and Disabling MS Advanced Threat Protection and Advanced Threat Analytics

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

"Windows Defender Advanced Threat Protection is now available for all Blue Teams to utilize within Windows 10 Enterprise and Server 2012/16, which includes detection of post breach tools, tactics and techniques commonly used by Red Teams, as well as behavior analytics. Combined with Microsoft Advanced Threat Analytics for user behavior analytics across the Domain, Red Teamers will soon face a significantly more challenging time maintaining stealth while performing internal recon, lateral movement, and privilege escalation in Windows 10/Active Directory environments.


This talk highlights challenges to red teams posed by Microsoft's new tools based on common hacking tools/techniques, and covers techniques which can be used to bypass, disable, or avoid high severity alerts within Windows Defender ATP and Microsoft ATA, as well as TTP used against mature organizations that may have additional controls in place such as Event Log Forwarding and Sysmon."

avatar for Chris Thompson

Chris Thompson

Red Team Ops Lead, IBM X-Force Red
Chris is Red Team Operations Lead at IBM X-Force Red. He has extensive experience performing penetration testing and red teaming for clients in a wide variety of industries. He's led red teaming operations against defense contractors and some of North America’s largest banks.  He's... Read More →

Saturday October 28, 2017 11:30 - 12:15 MDT
Pinecrest B