Detection Engineering
Detecting NTLM Relay Attacks
How to detect and defend against NTLM relay — coercion primitives, the CVE-2025-24054 case, ADCS ESC8 audit events, and the SMB/LDAP signing plus EPA that stop it.
1 article
How to detect and defend against NTLM relay — coercion primitives, the CVE-2025-24054 case, ADCS ESC8 audit events, and the SMB/LDAP signing plus EPA that stop it.