TOOLS [PTsecurity] Possible AD Attacking Tool JA3 fingerprint

SID: 10014548Rev: 13 viewsHistory

Sourceptrules/open

CreatedNovember 11, 2025

UpdatedFebruary 10, 2026

Classificationattempted-admin

alert tls any any -> any 636 (msg:"TOOLS [PTsecurity] Possible AD Attacking Tool JA3 fingerprint"; flow:established, to_server; ja3.hash; content:"a417a71ed5c13f099bb930ea68f6104e"; threshold:type limit, track by_src, seconds 300, count 1; reference:url, github.com/layer8secure/SilentHound; reference:url, github.com/Pennyw0rth/NetExec; reference:url, github.com/dirkjanm/ldapdomaindump; reference:url, github.com/SpecterOps/BloodHound; reference:url, github.com/franc-pentest/ldeep; reference:url, rules.ptsecurity.com; classtype:attempted-admin; sid:10014548; rev:1;)

References

url	github.com/layer8secure/SilentHound
url	github.com/Pennyw0rth/NetExec
url	github.com/dirkjanm/ldapdomaindump
url	github.com/SpecterOps/BloodHound
url	github.com/franc-pentest/ldeep
url	rules.ptsecurity.com

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!