{"uuid": "e5268189-c3b5-4ef7-9490-1430d6087155", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-17049", "type": "seen", "source": "https://t.me/suboxone_chatroom/133", "content": "Both Falcon ITDR modules provide visibility to \u201crogue credential\u201d or behavior anomalies:\n\u2022 Access from a forbidden country\n\u2022 Adding a user to a privileged group\n\u2022 Anomalous DCE/RPC\n\u2022 Bronze Bit (CVE-2020-17049)\n\u2022 Custom threat detection using policy rules\n\u2022 Excessive access (servers)\n\u2022 Excessive access (services)\n\u2022 Excessive access (workstations)\n\u2022 Hidden object detected\n\u2022 Identity verification denied\n\u2022 Identity verification timeout\n\u2022 Service account misuse\n\u2022 Suspicious VPN connections \u2014 unusual user geolocation\n\u2022 Unusual access to a server\n\u2022 Unusual access to a service\n\u2022 Unusual protocol implementation\n\u2022 Usage of IP with a bad reputation\n\u2022 Use of stale endpoint", "creation_timestamp": "2024-12-27T11:55:02.000000Z"}