Versions (6)
Version DetailsCurrent
Rev: 5 • Jul 24, 2025, 5:44 PMATTACK [PTsecurity] Possible Bluekeep RDP exploit CVE-2019-0708 (pkt #2)
alert tcp any any -> any !443 (msg: "ATTACK [PTsecurity] Possible Bluekeep RDP exploit CVE-2019-0708 (pkt #2)"; flow: established, to_server; app-layer-protocol: !tls; content: "|17 03 01 00 20|"; depth: 5; content: "|17 03 01 00 30|"; distance: 32; within: 5; fast_pattern; flowbits: isset, BlueKeep.pkt1; flowbits: set, BlueKeep.pkt2; flowbits: noalert; reference: cve, 2019-0708; reference: url, github.com/Ekultek/BlueKeep; reference: url, rules.ptsecurity.com; classtype: attempted-admin; sid: 10004862; rev: 5;)
Jul 24, 2025, 5:44 PM
Jul 24, 2025, 5:44 PM
Oct 16, 2025, 10:34 AM
Oct 16, 2025, 10:34 AM
rules/ptopen-attacks.rules