RelayInformer
Python and BOF utilites to the determine EPA enforcement levels of popular NTLM relay targets from the offensive perspective
Install / Use
/learn @zyn3rgy/RelayInformerREADME
Introduction
These tools were written to compliment research summarized in a blog post / presentation by @Tw1sm and myself.
NTLM relay is still a widely abused attack vector during pentests and red teams alike. Depending on your network access perspective, setting up for a relay can be an involved and error-prone process (e.g. over C2). The goal of this toolset is to better inform your NTLM relays, especially in cases where Extended Protection for Authentication (EPA) could be enforced as a mitigation.
Usage
See the RelayInformer [Python] and RelayInformer [BOFs] documentation for details and example usage.
Acknowledgements
- Alex Demine - initial effort in MSSQL EPA research
- @Defte_ - “A journey implementation Channel Binding on MSSQLClient.py”
- @lowercase_drm - early open-source implementation of LDAP channel binding in LDAP3 library
- Pierre Milioni & Geoffrey Bertoli - "A study on Windows HTTP Authentication (Part II)
- Adam Crosser - "Relaying to ADFS Attacks"
- Open-source developers contributing to libraries such as Impacket, msldap, LdapSignCheck, and many more
Related Skills
next
A beautifully designed, floating Pomodoro timer that respects your workspace.
product-manager-skills
31PM skill for Claude Code, Codex, Cursor, and Windsurf: diagnose SaaS metrics, critique PRDs, plan roadmaps, run discovery, and coach PM career transitions.
devplan-mcp-server
3MCP server for generating development plans, project roadmaps, and task breakdowns for Claude Code. Turn project ideas into paint-by-numbers implementation plans.
