Versions (4)
Version DetailsCurrent
Rev: 1 • Jun 24, 2025, 4:00 PMATTACK AD [PTsecurity] NTLM Reflection (CVE-2025-33073). Malicious Hostname in SMB request
alert smb any any -> any any (msg:"ATTACK AD [PTsecurity] NTLM Reflection (CVE-2025-33073). Malicious Hostname in SMB request"; flow:established, to_server; content:"1|00|U|00|W|00|h|00|R|00|C|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A"; nocase; content:"Y|00|B|00|A|00|A|00|A|00|A"; distance:0; nocase; reference:cve, 2025-33073; reference:url, www.synacktiv.com/publications/ntlm-reflection-is-dead-long-live-ntlm-reflection-an-in-depth-analysis-of-cve-2025; reference:url, rules.ptsecurity.com; classtype:attempted-admin; sid:10014026; rev:1;)
Jun 24, 2025, 4:00 PM
Jun 24, 2025, 4:00 PM
Oct 16, 2025, 10:34 AM
Oct 16, 2025, 10:34 AM
rules/ptopen-windows.rules