ATTACK AD [PTsecurity] Krbrelayx Malicious DNS Resolve to Kerberos Relay
Sourceptrules/open
CreatedJune 24, 2025
UpdatedJune 24, 2025
Classificationattempted-admin
alert udp any any -> any 5355 (msg:"ATTACK AD [PTsecurity] Krbrelayx Malicious DNS Resolve to Kerberos Relay"; flow:to_server; content:"1UWhRCAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; nocase; content:"YBAAAA"; distance:0; nocase; reference:url, https://www.synacktiv.com/publications/relaying-kerberos-over-smb-using-krbrelayx; reference:url, rules.ptsecurity.com; classtype:attempted-admin; sid:10012800; rev:2;)
References
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!