This brief details the detection of DNS-based Kerberos coercion attacks, where adversaries inject marshaled credential structures into DNS records to spoof SPNs and redirect authentication, as seen in CVE-2025-33073, using Suricata and Sysmon event ID 22.
PoC
Fortinet edge appliances +28
kerberos
coercion
dns
cve-2025-33073
3r
3t
5c
2i
updated