Skip to content

Hide Navigation Hide TOC

NTLMv1 Logon Between Client and Server (e9d4ab66-a532-4ef7-a502-66a9e4a34f5d)

Detects the reporting of NTLMv1 being used between a client and server. NTLMv1 is insecure as the underlying encryption algorithms can be brute-forced by modern hardware.

Cluster A Galaxy A Cluster B Galaxy B Level
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern NTLMv1 Logon Between Client and Server (e9d4ab66-a532-4ef7-a502-66a9e4a34f5d) Sigma-Rules 1
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 2