Re: [Emerging-Sigs] DCSYNC rule

[James Lay via Snort-sigs <snort-sigs () lists snort org>]

On 2020-02-28 08:48, Kevin Ross wrote:
> Try taking a look at these for lateral stuff and modifying
> https://github.com/MrAnde7son/Snort/blob/master/local rules. Zeeks
> bzar mitre plugin might work too for lateral movement stuff.
>
> On Fri, 28 Feb 2020, 15:36 James Lay, <jlay () slave-tothe-box net>
> wrote:
>
> > Anyone know if this was updated?
> https://blog.didierstevens.com/2017/10/08/quickpost-mimikatz-dcsync-detection/
> > IN a recent engagement I did not see this hit.  Thank you!
> >
> > James
> > _______________________________________________
> > Emerging-sigs mailing list
> > Emerging-sigs () lists emergingthreats net
> > https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> >
> > Support Emerging Threats! Subscribe to Emerging Threats Pro
> > http://www.emergingthreats.net

Thanks Kevin!

James
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" 
https://snort.org/downloads/#rule-downloads";>emerging threats</a>!