drop system evtx csv and sysmon evtx csv · detect netbios and llmnr poisoning artifacts · identify name resolution anomalies used for credential capture · surface nbt-ns and llmnr abuse patterns · runs locally
UDP 5355 LLMNR · UDP 137 NBT-NS · UDP 5353 mDNS · Event 1014 DNS failures · EnableMulticast protection
drop system evtx csv · sysmon event 3 csv · optional registry export