CPE
Windows Snipping Tool NTLMv2 Hash Hijack Vulnerability (CVE-2026-33829)
2 rules 1 TTP 1 CVEA local exploit has been published for Windows Snipping Tool (CVE-2026-33829), enabling NTLMv2 Hash Hijacking by forcing authentication to a remote SMB server via a crafted ms-screensketch:edit URI, potentially leading to credential theft and lateral movement.
Potential Privileged Escalation via SamAccountName Spoofing (CVE-2021-42278)
2 rules 1 TTP 1 CVEThis rule detects potential privilege escalation attempts by exploiting CVE-2021-42278, which involves spoofing the samAccountName attribute to impersonate a domain controller and elevate privileges from a standard domain user to a domain administrator by identifying suspicious computer account name rename events where a machine account name is renamed to a user-like account name.
Potential Privilege Escalation via InstallerFileTakeOver (CVE-2021-41379)
2 rules 1 TTP 1 CVEThis rule detects potential exploitation of the InstallerTakeOver vulnerability (CVE-2021-41379), where successful exploitation allows an unprivileged user to escalate privileges to SYSTEM.