This is a comprehensive NTLM relay attack playbook that covers the full chain from credential capture to privilege escalation. It walks through Responder poisoning, mitm6 IPv6 takeover, and ntlmrelayx configurations for SMB, LDAP, ADCS, and MSSQL targets. The signing requirement matrix is especially useful since it clarifies which protocols can be relayed where. Includes decision trees for choosing between RBCD, shadow credentials, and ESC8 certificate attacks, plus cross-protocol relay gotchas like SMB to LDAP constraints. Load this when you're doing internal pentests and need to escalate from network access to domain admin through authentication relay chains.
npx skills add https://github.com/yaklang/hack-skills --skill ntlm-relay-coercion