ATTACK AD [PTsecurity] Possibly successful Coerce attack. Machine account NTLM Hash leak

SID: 10006670Rev: 222 views
History
Sourceptrules/open
CreatedJune 24, 2025
UpdatedJune 24, 2025
Classificationattempted-admin
alert smb any any -> any any (msg:"ATTACK AD [PTsecurity] Possibly successful Coerce attack. Machine account NTLM Hash leak"; flow:established, to_server; content:"NTLMSSP|00 03 00 00 00|"; byte_jump:4, 36, relative, little, post_offset -55; content:"|00 24 00|"; within:3; xbits:isset, CoercedAuth, track ip_src; reference:url, github.com/p0dalirius/windows-coerced-authentication-methods; reference:url, rules.ptsecurity.com; classtype:attempted-admin; sid:10006670; rev:2;)

References

urlgithub.com/p0dalirius/windows-coerced-authentication-methods
urlrules.ptsecurity.com

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!