Versions (2)
Version DetailsCurrent
Rev: 5 • Apr 23, 2024, 12:00 PM🐾 - 🔔 Kerberos - Brute Force attack to Active Directory 🪟 - Password Cracking 🥷 - T1110.002
alert udp $HOME_NET 88 -> any any (msg:"🐾 - 🔔 Kerberos - Brute Force attack to Active Directory 🪟 - Password Cracking 🥷 - T1110.002"; flow:to_client, stateless; threshold:type threshold, track by_src, count 5, seconds 5; content:"|a0 03 02 01 05 a1 03 02 01|"; fast_pattern; content:"|6b 72 62 74 67 74|"; reference:url,https://attack.mitre.org/techniques/T1110/002/; reference:url,https://github.com/ropnop/kerbrute; metadata:created_at 2024_04_23, updated_at 2025_03_11, signature_severity Major, attack_target Server_Endpoint, affected_product Windows_Server_32_64_Bit, mitre_tactic_id TA0006, mitre_tactic_name Credential_Access, mitre_technique_id T1110_002, mitre_technique_name Brute_Force_Password_Cracking; sid:3301161; rev:5; classtype:attempted-recon;)
Apr 23, 2024, 12:00 PM
Mar 11, 2025, 12:00 PM
Apr 23, 2024, 11:00 PM
May 29, 2025, 11:12 PM
rules/PAW-PATRULES_LATERAL_MOVEMENT.rules