The Agent Skills Directory

[SAFE]: The skill provides scripts and documentation for security auditing and threat hunting. The behavior of the included scripts matches the stated purpose of detecting NTLM relay attacks through log analysis and configuration checks.
[COMMAND_EXECUTION]: The script scripts/agent.py uses subprocess.run() to execute reg query. This is used for local auditing of security-related registry keys such as SMB signing, NTLM compatibility levels, and LLMNR status to evaluate system vulnerability. This is standard behavior for security assessment tools.
[EXTERNAL_DOWNLOADS]: The skill references reputable cybersecurity organizations and research blogs, including MITRE, Fox-IT, CrowdStrike, and NCC Group, for technical documentation and attack analysis. These are trusted information sources in the cybersecurity domain.

detecting-ntlm-relay-with-event-correlation