Versions (6)
Version DetailsCurrent
Rev: 6 • Jul 24, 2025, 5:44 PMATTACK [PTsecurity] Possible Bluekeep RDP exploit CVE-2019-0708
alert tcp any any -> any !443 (msg:"ATTACK [PTsecurity] Possible Bluekeep RDP exploit CVE-2019-0708"; flow:established, from_server; app-layer-protocol:!tls; stream_size:client, <, 3500; stream_size:server, <, 3000; content:"|17 03 01 01 d0|"; depth:5; flowbits:isset, BlueKeep.pkt12; flowbits:set, BlueKeep.pkt13; reference:cve, 2019-0708; reference:url, github.com/Ekultek/BlueKeep; reference:url, rules.ptsecurity.com; classtype:attempted-admin; sid:10004867; rev:6;)
Jul 24, 2025, 5:44 PM
Jul 24, 2025, 5:44 PM
Oct 16, 2025, 10:34 AM
Oct 16, 2025, 10:34 AM
rules/ptopen-attacks.rules