Skip to content

Instantly share code, notes, and snippets.

@henrychoi7

henrychoi7/gist:3bd8d6cbedc894d599d978e15cac87c2

Forked from silence-is-best/gist:435ddb388f872b1a2e332b6239e9150b
Created September 30, 2020 15:50
Show Gist options
  • Save henrychoi7/3bd8d6cbedc894d599d978e15cac87c2 to your computer and use it in GitHub Desktop.
Save henrychoi7/3bd8d6cbedc894d599d978e15cac87c2 to your computer and use it in GitHub Desktop.
Download ZIP
Mimikatz CVE-2020-1472 Zerologon snort suricata
Raw
gistfile1.txt
alert tcp any any -> any ![139,445] (msg:"Possible Mimikatz Zerologon Attempt"; flow:established,to_server; content:"|00|"; offset:2; content:"|0f 00|"; distance:22; within:2; fast_pattern; content:"|00 00 00 00 00 00 00 00 ff ff 2f 21|"; within:90; reference:url,https://github.com/gentilkiwi/mimikatz/releases/tag/2.2.0-20200916; classtype:attempted-admin; sid:20166330; rev:2; metadata:created_at 2020_09_19;)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment