SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP Microsoft SharePoint WebControls AdRotator NTLM relay attempt
This rule looks for creation of an ASPX SharePoint site abusing AdRotator via a CopyIntoItems SOAP request.
This rule alerts on an NTLM relay attempt in Microsoft SharePoint WebControls System.Web.UI.WebControls.AdRotator.
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE::ATT&CK Framework::Enterprise::Privilege Escalation::Exploitation for Privilege Escalation
MITRE::ATT&CK Framework::Enterprise::Discovery::Account Discovery::Domain Account
None
No information provided
None