ATTACK [PTsecurity] MS Exchange 2010-2019 Possible privilege escalation (CVE-2018-8581)

SID: 10004420Rev: 10 views

Sourceptresearch/attackdetection

CreatedDecember 13, 2021

UpdatedDecember 13, 2021

Classificationattempted-admin

alert http any any -> any any (msg:"ATTACK [PTsecurity] MS Exchange 2010-2019 Possible privilege escalation (CVE-2018-8581)"; flow:established, to_server; content:"POST"; http_method; content:"SOAPAction"; http_header; content:"Authorization: NTLM"; http_header; content:"m:SendNotificationResponseMessage"; http_client_body; reference:url, dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/; reference:cve, 2018-8581; reference:url, github.com/ptresearch/AttackDetection; classtype:attempted-admin; sid:10004420; rev:1;)

References

url	dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/
cve	2018-8581
url	github.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!