ET EXPLOIT Possible Local Active Directory Federation Services (AD FS) Replication Attempt

SID: 2032884Rev: 12 views
History
Sourceet/open
CreatedApril 28, 2021
UpdatedApril 28, 2021
Classificationweb-application-attack
alert http $HOME_NET any -> $HOME_NET 80 (msg:"ET EXPLOIT Possible Local Active Directory Federation Services (AD FS) Replication Attempt"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/adfs/services/policystoretransfer"; startswith; fast_pattern; threshold:type limit,track by_src,count 1,seconds 600; reference:url,fireeye.com/blog/threat-research/2021/04/abusing-replication-stealing-adfs-secrets-over-the-network.html; classtype:web-application-attack; sid:2032884; rev:1; metadata:attack_target Server, created_at 2021_04_28, deployment Internal, confidence Medium, signature_severity Major, updated_at 2021_04_28;)

References

urlfireeye.com/blog/threat-research/2021/04/abusing-replication-stealing-adfs-secrets-over-the-network.html

Metadata

attack targetServer
created at2021_04_28
deploymentInternal
confidenceMedium
signature severityMajor
updated at2021_04_28

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!