Tag

Pass-the-Hash

1 brief RSS

Detecting Potential PowerShell Pass-the-Hash/Relay Scripts

This rule detects PowerShell scripts associated with NTLM relay or pass-the-hash tooling and SMB/NTLM negotiation artifacts, indicating potential credential access and lateral movement attempts by attackers.

Windows credential-access pass-the-hash ntlm-relay powershell

2r 2t Jul 3, 2024