In the course of RedTeam campaigns, specialists have to constantly face protection controls in the Customer’s organization, which, by the way, are becoming more sophisticated. In a modern enterprise network, one antivirus and security web gateway won’t surprise anyone, even if it’s Kaspersky with FireEYE. An increasingly common is symbiosis of security solutions with modern SIEM and Threat Intelligence systems, which significantly complicates the work of RedTeam specialists. One such solution from Microsoft, namely MS ATA, will be discussed in the report. Let us examine what it is and how its «features» help to fight it (bypass it) in a RedTeam campaign.