home/categories/debugging/mukul975-anthropic-cybersecurity-skills-skills-detecting-ntlm-relay-with-event-correlation-skill-md
debuggingtools
detecting-ntlm-relay-with-event-correlation
Detect NTLM relay attacks through Windows Security Event correlation by analyzing Event 4624 LogonType 3 for IP-to-hostname mismatches, identifying Responder/LLMNR poisoning artifacts, auditing SMB and LDAP signing enforcement across the domain, and detecting NTLM downgrade attacks from NTLMv2 to NTLMv1 using event log analysis.
maintainer
mukul975
अपडेट किया गया 4/6/2026
स्टार
4240
फोर्क
464
quick start
Installation and usage
Detect NTLM relay attacks through Windows Security Event correlation by analyzing Event 4624 LogonType 3 for IP-to-hostname mismatches, identifying Responder/LLMNR poisoning artifacts, auditing SMB and LDAP signing enforcement across the domain, and detecting NTLM downgrade attacks from NTLMv2 to NTLMv1 using event log analysis.
इंस्टॉलेशन
$ install --globalskills.sh
उपयोग
इंस्टॉल करने के बाद, आप टर्मिनल में यह कमांड चलाकर इस स्किल का उपयोग कर सकते हैं:
skills use detecting-ntlm-relay-with-event-correlation