We now use XDR Pro. We recently had an internal pen test, XDR detected port scanning, etc., but it did not detect and prevent nbns spoofing with Kali responder, some hash was captured but luckily they were not able to crack them. I ran responder on the same lan where I have a windows 10 with XDR pro. I rebooted Windows 10 and I was able to capture hashes with Kali responder. I looked a the XDR logs but I am having a hard time finding IOC/BIOC for detecting responder..any thoughts on this? Thanks.
... View more