ATTACK AD [PTsecurity] NTLM Reflection (CVE-2025-33073). Malicious Hostname in SMB request

SID: 10014026Rev: 135 views
History
Sourceptrules/open
CreatedJune 24, 2025
UpdatedJune 24, 2025
Classificationattempted-admin
alert smb any any -> any any (msg:"ATTACK AD [PTsecurity] NTLM Reflection (CVE-2025-33073). Malicious Hostname in SMB request"; flow:established, to_server; content:"1|00|U|00|W|00|h|00|R|00|C|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A|00|A"; nocase; content:"Y|00|B|00|A|00|A|00|A|00|A"; distance:0; nocase; reference:cve, 2025-33073; reference:url, www.synacktiv.com/publications/ntlm-reflection-is-dead-long-live-ntlm-reflection-an-in-depth-analysis-of-cve-2025; reference:url, rules.ptsecurity.com; classtype:attempted-admin; sid:10014026; rev:1;)

References

cve2025-33073
urlwww.synacktiv.com/publications/ntlm-reflection-is-dead-long-live-ntlm-reflection-an-in-depth-analysis-of-cve-2025
urlrules.ptsecurity.com

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!