Register to stream ATT&CKcon 2.0 October 29-30


Responder is an open source tool used for LLMNR, NBT-NS and MDNS poisoning, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. [1]

ID: S0174
Type: TOOL
Platforms: Windows
Version: 1.0

Techniques Used

Domain ID Name Use
Enterprise T1171 LLMNR/NBT-NS Poisoning and Relay Responder is used to poison name services to gather hashes and credentials from systems within a local network. [1]
Enterprise T1040 Network Sniffing Responder captures hashes and credentials that are sent to the system after the name services have been poisoned. [1]

Groups That Use This Software

ID Name References
G0007 APT28 [2]