Tag
high
advisory
Windows AD Domain Replication ACL Addition
2 rules 2 TTPsThis analytic detects the addition of permissions required for a DCSync attack, specifically DS-Replication-Get-Changes, DS-Replication-Get-Changes-All, and DS-Replication-Get-Changes-In-Filtered-Set, leveraging Windows Security Event Log 5136 to identify when these permissions are granted, which indicates potential preparation for replicating AD objects and exfiltrating sensitive data.
Active Directory +3
attack.persistence
attack.privilege_escalation
attack.t1484
windows
active-directory
2r
2t
high
advisory
PraisonAI Symlink Extraction Bypass Vulnerability
2 rules 2 TTPs 1 CVEPraisonAI versions 2.7.2 through 4.6.35 are vulnerable to an arbitrary file write due to improper validation of symlinks during archive extraction, affecting `recipe pull`, `recipe publish`, and `recipe unpack` flows.
PraisonAI
symlink
arbitrary file write
path traversal
attack.persistence
attack.privilege_escalation
2r
2t
1c