security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added reference to Kerberos RC4 rule

Browse Source
This commit is contained in:
Thomas Patzke
2018-03-25 23:18:22 +02:00
parent dacc6ae3d3
commit f68af2a5da
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/builtin/win_susp_rc4_kerberos.yml
+2 -1
View File
@@ -2,7 +2,8 @@ title: Suspicious Kerberos RC4 Ticket Encryption
status: experimental
references:
- https://adsecurity.org/?p=3458
description: Detects logons using RC4 encryption type
- https://www.trimarcsecurity.com/single-post/TrimarcResearch/Detecting-Kerberoasting-Activity
description: Detects service ticket requests using RC4 encryption type
logsource:
product: windows
service: security