Techniques
Sample rules
NTLMv1 Logon Between Client and Server
- source: sigma
- technicques:
- t1550
- t1550.002
Description
Detects the reporting of NTLMv1 being used between a client and server. NTLMv1 is insecure as the underlying encryption algorithms can be brute-forced by modern hardware.
Detection logic
condition: selection
selection:
EventID:
- 6038
- 6039
Provider_Name: LsaSrv