home/categories/security/mukul975-anthropic-cybersecurity-skills-skills-hunting-for-ntlm-relay-attacks-skill-md
securitytesting-security
hunting-for-ntlm-relay-attacks
Detect NTLM relay attacks by analyzing Windows Event 4624 logon type 3 with NTLMSSP authentication, identifying IP-to-hostname mismatches, Responder traffic signatures, SMB signing status, and suspicious authentication patterns across the domain.
maintainer
mukul975
Updated 4/6/2026
Stars
4240
Forks
464
quick start
Installation and usage
Detect NTLM relay attacks by analyzing Windows Event 4624 logon type 3 with NTLMSSP authentication, identifying IP-to-hostname mismatches, Responder traffic signatures, SMB signing status, and suspicious authentication patterns across the domain.
Installation
$ install --globalskills.sh
Usage
Once installed, you can use this skill by running the following command in your terminal:
skills use hunting-for-ntlm-relay-attacks