TOOLS [PTsecurity] Possible AD Attacking Tool JA3 fingerprint

SID: 10014551Rev: 12 views
History
Sourceptrules/open
CreatedNovember 11, 2025
UpdatedFebruary 10, 2026
Classificationattempted-admin
alert tls any any -> any 636 (msg:"TOOLS [PTsecurity] Possible AD Attacking Tool JA3 fingerprint"; flow:established, to_server; ja3.hash; content:"3dc196313bfd9ef4507f1ab2f3a836e3"; threshold:type limit, track by_src, seconds 300, count 1; reference:url, github.com/fortra/impacket; reference:url, github.com/ly4k/Certipy; reference:url, rules.ptsecurity.com; classtype:attempted-admin; sid:10014551; rev:1;)

References

urlgithub.com/fortra/impacket
urlgithub.com/ly4k/Certipy
urlrules.ptsecurity.com

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!