Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save maravedi/63433bcb683b1f7c73c6e39deb22dfeb to your computer and use it in GitHub Desktop.
Save maravedi/63433bcb683b1f7c73c6e39deb22dfeb to your computer and use it in GitHub Desktop.
CVE-2021-1675 osquery Script for Domain Controllers
SELECT CASE cnt
WHEN 2 THEN "TRUE"
ELSE "FALSE"
END "Vulnerable"
FROM
(SELECT name,
start_type,
COUNT(name) AS cnt
FROM services
WHERE name = 'NTDS' or (name = 'Spooler' and start_type <> 'DISABLED'))
WHERE Cnt = 2;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment