Skip to main content

SX - AD - NTLM Relay NP01

This Playbook is part of the ActiveDirectoryHygiene Pack.#

This playbook is triggered by the discovery of an exposure allowing adversary initiate an NTLM attack. The exposure is a misconfiguration found in Active Directory by an auditing tool. The playbook takes the analyst through the steps that are required to remediate this Active Directory exposure and generates a help html file for further explanation of the risk identified and remediated.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • SX - AD - NTLM Relay Manual Mitigation


This playbook does not use any integrations.


  • SXCreateNTLMRelayHTMLPage
  • FileCreateAndUpload


This playbook does not use any commands.

Playbook Inputs#

There are no inputs for this playbook.

Playbook Outputs#

There are no outputs for this playbook.

Playbook Image#

Setup Account