Clankerusecase
MITRE ATT&CK detection coverage
 ← Back to main site
Home/ MITRE Matrix/ Credential Access/ T1557.001

T1557.001Name Resolution Poisoning and SMB Relay

T1557.001 — Name Resolution Poisoning and SMB Relay is a MITRE ATT&CK technique in the Credential Access tactic. Clankerusecase tracks 6 detection use cases covering it and 1 threat-intel article citing it.

Credential AccessCollection
View on the matrix → Filter Detection Library MITRE official spec ↗
6Use cases
1Articles
0Sub-techniques
2Tactics
↑ Parent technique: T1557 · Adversary-in-the-Middle

Use cases covering this technique (6)

Windows Credential Target Information Structure in Commandline ESCU actions · alerting P Windows Kerberos Coercion via DNS ESCU actions · alerting P Windows Short Lived DNS Record ESCU actions · alerting P Windows Theme File Creation in Unusual Location ESCU actions · hunting P DNS Kerberos Coercion ESCU actions · alerting P [LLM] Outbound SMB 445 from PeopleSoft host — NetNTLM hash capture Bespoke actions · alerting DSΣPDDCS

Articles citing this technique (1)

crit ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities art-37