Microsoft Advanced Threat Analytics (ATA) platform for detecting cyberattacks can be evaded by attackers to achieve organizational control, a security researcher has discovered. Nikhil Mattal, hacker for the Pentester Academy, found a way to bypass ATA and gain administrative access. ATA works by reading information from multiple sources: Windows Event Logs, SIEM events, and certain protocols to the Domain Controller. Microsoft is working to push an update before Black Hat USA in Las Vegas next month.”]
Source: https://www.darkreading.com/attacks-breaches/hacker-bypasses-microsoft-ata-for-admin-access