CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
ff2bbcc1b8c59bfa7989cd1510cf00eb048dd644
hayabusa/rules/kerberoast/as-rep-roasting.yml
T
Alan Smithee 99b640adaa Add rule of Kerberoasting and AS-REP Roasting #91 (#101) 
* Feature/call error message struct#66 (#69)

* change  way to use write trait #66

* change call error message struct #66

* erase finished TODO #66

* erase comment in error message format test #66

* resolve conflict #66

* Feature/call error message struct#66 (#71)

* change ERROR writeln struct #66

* add Kerberoasting & AS-REP Roasting Rule #91

* fix rule and add alias #91
2021-05-13 22:52:15 +09:00

19 lines
600 B
YAML
Raw Blame History

title: AS-REP Roasting
description: For each account found without preauthentication, an adversary may send an AS-REQ message without the encrypted timestamp and receive an AS-REP message with TGT data which may be encrypted with an insecure algorithm such as RC4.
enabled: true
author: Yea
logsource:
product: windows
detection:
selection:
Channel: Security
EventID: 4768
TicketEncryptionType: '0x17'
PreAuthType: 0
falsepositives:
- unknown
level: medium
output: 'Detected AS-REP Roasting Risk Actvity.'
creation_date: 2021/4/31
updated_date: 2021/4/31
Reference in New Issue View Git Blame Copy Permalink