Zeek detection logic for CVE-2022-30216.
CVE-2022-30216 A Zeek package which raises notices for attempts and exploits of CVE-2022-30216, a technique used against Windows Server to force an NTLM authorization to an arbitrary server An attacker can reuse the NTLM token to generate a client certificate, enabling them to request a Kerberos ticket that accesses the domain controller Installation $ zkg install cve-2022-30