ATTACK [PTsecurity] PetitPotam (Machine account NTLM Hash leak) successful
Sourceptresearch/attackdetection
CreatedJuly 23, 2021
UpdatedJuly 23, 2021
Classificationattempted-admin
alert tcp any any -> any any (msg:"ATTACK [PTsecurity] PetitPotam (Machine account NTLM Hash leak) successful"; flow:established, to_server; content:"SMB"; content:"NTLMSSP|00 03 00 00 00|"; distance:0; byte_jump:4, 36, relative, little, post_offset -55; content:"|00 24 00|"; within:3; xbits:isset, PetitPotam.Attempt, track ip_src; reference:url, github.com/ptresearch/AttackDetection; reference:url, github.com/topotam/PetitPotam; metadata:Open Ptsecurity.com ruleset; metadata:created_at 2021_07_23, updated_at 2021_07_23; classtype:attempted-admin; sid:10006665; rev:2;)
Metadata
OpenPtsecurity.com ruleset
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!