{"uuid": "0dade34e-d979-4d5a-b958-e0144cf00b49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-17049", "type": "exploited", "source": "https://t.me/suboxone_chatroom/132", "content": "Both Falcon identity protection modules provide Active Directory attack detections:\n\u2022 Account enumeration reconnaissance (BloodHound, Kerberoasting)\n\u2022 Bronze Bit (CVE-2020-17049)\n\u2022 Brute force attacks (LDAP simple bind, NTLM, Kerberos)\n\u2022 Credential scanning (on-premises)\n\u2022 Cloud-based (Azure AD) brute-force/credentials scanning\n\u2022 DCSync \u2014 Active Directory replication\n\u2022 DCShadow\n\u2022 Forged PAC for privilege escalation (Bulletin MS-14-068)\n\u2022 Golden Ticket\n\u2022 Hidden object detected\n\u2022 NTLM Relay Attack (including MS Exchange)\n\u2022 Overpass-the-Hash (Multiple methods - Mimikatz, CrackMapExec)\n\u2022 Pass-the-Hash (Impacket, CrackMapExec, Metasploit)\n\u2022 Pass-the-Ticket\n\u2022 Possible exploitation attempt (CredSSP) CVE-2018-0886\n\u2022 Remote execution attempts\n\u2022 Skeleton Key and Mimikatz Skeleton Key\n\u2022 Suspected NTLM authentication tampering (CVE-2019-1040)\n\u2022 ZeroLogin (CVE-2020-1472)", "creation_timestamp": "2024-12-27T11:55:02.000000Z"}