TOOLS [PTsecurity] Possible AD Attacking Tool JA3 fingerprint
Sourceptrules/open
Fileptopen-tools.rules
CreatedNovember 11, 2025
UpdatedFebruary 10, 2026
Classificationattempted-admin
alert tls any any -> any 636 (msg:"TOOLS [PTsecurity] Possible AD Attacking Tool JA3 fingerprint"; flow:established, to_server ; ja3.hash; content:"a417a71ed5c13f099bb930ea68f6104e"; threshold:type limit, track by_src, seconds 300, count 1 ; reference:url, github.com/layer8secure/SilentHound ; reference:url, github.com/Pennyw0rth/NetExec ; reference:url, github.com/dirkjanm/ldapdomaindump ; reference:url, github.com/SpecterOps/BloodHound ; reference:url, github.com/franc-pentest/ldeep ; reference:url, rules.ptsecurity.com ; classtype:attempted-admin; sid:10014548; rev:1;)
References
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!