Emerging Threats
CVE2021
CVE-2021-42287
2Rules
2References
1Folders
2023-04-14Latest
Summary
CVE-2021-42287 is tracked here through 2 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2021. Coverage centers on windows / security, windows / system.
Related Detections
Search this threatEmerging Threatmediumtest
Potential CVE-2021-42287 Exploitation Attempt
The attacker creates a computer object using those permissions with a password known to her. After that she clears the attribute ServicePrincipalName on the computer object. Because she created the object (CREATOR OWNER), she gets granted additional permissions and can do many changes to the object.
Windowssystem
TA0006 · Credential AccessT1558.003 · Kerberoastingdetection.emerging-threatscve.2021-42287
François HubautWed Dec 152021
Emerging Threathightest
Suspicious Computer Account Name Change CVE-2021-42287
Detects the renaming of an existing computer account to a account name that doesn't contain a $ symbol as seen in attacks against CVE-2021-42287
Windowssecurity
TA0004 · Privilege EscalationTA0005 · StealthTA0003 · PersistenceT1036 · Masquerading+3
Florian Roth (Nextron Systems)Wed Dec 222021
References