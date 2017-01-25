Cyber attackers have many tools available to them to infiltrate an enterprise network, find that sensitive piece of data they’re looking for, and exfiltrate it from your enterprise. In conversations with customers, I’ve found that some are familiar with these tools; however, many aren’t, or they are not fully aware of how powerful these tools are. My aim with this blog post is to help level the playing field, and help the good guys understand what attack tools the adversaries are using. More importantly, I want to explain how you can detect the use of those tools on your network with Microsoft’s Advanced Threat Analytics (ATA).

ATA is an on-premises product that detects advanced persistent threats by focusing on the post-infiltration phase of an intrusion. Tools that are designed to protect your perimeter—including firewalls, antivirus software, and intrusion prevention/detection services—all focus on the initial moment of infiltration. But, they’re of little assistance once the adversary gets in or if you’re battling an insider threat. This is where ATA can help.

The tools of the attacker trade – research

With an assumed-breach mindset, we assume the attacker has already breached the perimeter and is on the network. Unfortunately, this is when the adversary goes dark to the defender, as the attacker has already breached network defenses as well as antivirus. However, the adversary is anything but inactive. Once the attacker has compromised a host, they’ll start the internal reconnaissance phase by mining any accessible DNS servers or domain controllers, for example, by using the built-in nslookup tool.

Read the entire article here, Cyber Security Attackers Toolkit – What You Need to Know – Enterprise Mobility and Security Blog

via the fine folks at Microsoft.