ATTACK AD [PTsecurity] DCShadow Replication Attempt - DRSUAPI_REPLICA_ADD

SID: 10002570Rev: 11 views
Sourceptresearch/attackdetection
CreatedMarch 30, 2022
UpdatedMarch 30, 2022
Classificationattempted-admin
alert dcerpc any any -> $HOME_NET any (msg:"ATTACK AD [PTsecurity] DCShadow Replication Attempt - DRSUAPI_REPLICA_ADD"; flow:established; dce_iface:e3514235-4b06-11d1-ab04-00c04fc2dcd2; dce_opnum:5; reference:url, blog.alsid.eu/dcshadow-explained-4510f52fc19d; classtype:attempted-admin; reference:url, github.com/ptresearch/AttackDetection; sid:10002570; rev:1;)

References

urlblog.alsid.eu/dcshadow-explained-4510f52fc19d
urlgithub.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!