Hunting For Ntlm Relay Attacks

Other v1.0.0 · 1 month ago · 6 downloads
hunting for ntlm relay attacks

Detect NTLM relay attacks by analyzing Windows Event 4624 logon type 3 with NTLMSSP authentication, identifying IP-to-hostname mismatches, Responder traffic signatures, SMB signing status, and suspicious authentication patterns across the domain.

Detect NTLM relay attacks by analyzing Windows Event 4624 logon type 3 with NTLMSSP authentication, identifying IP-to-hostname mismatches, Responder traffic signatures, SMB signing status, and suspicious authentication patterns across the domain.
Download Skill

6 downloads

Original Source

View on GitHub

Related Skills

Product Self Knowledge
9 downloads
Carrier Relationship Management
11 downloads
Customs Trade Compliance
10 downloads