Versions (6)
Version DetailsCurrent
Rev: 8 • Jul 24, 2025, 5:44 PMATTACK [PTsecurity] Possible Bluekeep RDP exploit CVE-2019-0708 (pkt #12)
alert tcp any any -> any !443 (msg: "ATTACK [PTsecurity] Possible Bluekeep RDP exploit CVE-2019-0708 (pkt #12)"; flow: established, to_server; app-layer-protocol: !tls; content: "|17 03 01 00 20|"; depth: 5; content: "|17 03 01 01 80|"; distance: 32; within: 5; flowint: JoinReq, >=, 7; flowbits: set, BlueKeep.pkt12; flowbits: noalert; reference: cve, 2019-0708; reference: url, github.com/Ekultek/BlueKeep; reference: url, rules.ptsecurity.com; classtype: attempted-admin; sid: 10004865; rev: 8;)
Jul 24, 2025, 5:44 PM
Jul 24, 2025, 5:44 PM
Oct 16, 2025, 10:34 AM
Oct 16, 2025, 10:34 AM
rules/ptopen-attacks.rules