OS-WINDOWS -- Snort has detected traffic targeting vulnerabilities in a Windows-based operating system. This does not include browser traffic or other software on the OS, but attacks against the OS itself.
OS-WINDOWS Microsoft Windows NTLM relay attack attempt
This rule looks for DCE/RPC bind requests that are associated with NTLM hash relay attacks. For more information, please see the Microsoft security advisory.
This rule alerts when a Windows DCE/RPC request to bind to a specific Encrypting File System Remote Protocol (EFSR) interface is detected.
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
N/A
Not Applicable
CVE-2021-36942 |
Loading description
|
Tactic: Lateral Movement
Technique: Exploitation of Remote Services
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org