TGI HUNT NTLM Null Session Authentication Attempt via HTTP (ANONYMOUS LOGON/NT AUTHORITY)
Sourcetgreen/hunting
CreatedNovember 28, 2025
UpdatedNovember 28, 2025
Classificationbad-unknown
alert tcp any any -> $HOME_NET any (msg:"TGI HUNT NTLM Null Session Authentication Attempt via HTTP (ANONYMOUS LOGON/NT AUTHORITY) "; flow:established; http.header; content:"TlRMTVNTUAADAAAAAQABAEgAAAAAAAAASQAAAAAAAABIAAAAAAAAAEgAAAAAAAAASAAAABAAEABJAAAANYKJ4AAAAAAAAAAAAEkIUrOKi10Sk8ki/EV6PpA"; reference:url,blog.leakix.net/2022/03/bypassing-ntlm-auth-over-http/; classtype:bad-unknown; sid:2610879; rev:1;)
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!