home/categories/debugging/mukul975-anthropic-cybersecurity-skills-skills-detecting-rdp-brute-force-attacks-skill-md
debuggingtools
detecting-rdp-brute-force-attacks
Detect RDP brute force attacks by analyzing Windows Security Event Logs for failed authentication patterns (Event ID 4625), successful logons after failures (Event ID 4624), NLA failures, and source IP frequency analysis.
maintainer
mukul975
Updated 4/6/2026
Stars
4240
Forks
464
quick start
Installation and usage
Detect RDP brute force attacks by analyzing Windows Security Event Logs for failed authentication patterns (Event ID 4625), successful logons after failures (Event ID 4624), NLA failures, and source IP frequency analysis.
Installation
$ install --globalskills.sh
Usage
Once installed, you can use this skill by running the following command in your terminal:
skills use detecting-rdp-brute-force-attacks