Our goal is to find the easy passwords, and identify what makes them easy to guess. You won’t discover every password, but that’s not the goal here. Instead, you can grab a copy of your Active Directory database and launch an offline attack against that. It can take a long time to discover those key words via a password spray, time we often don’t have. As a blue teamer, we want to set up password filters that prevent the use of these key words. When you’re conducting a password spray, it helps the red teamer a lot to know those terms in advance. As an example in Tuscaloosa, I’m sure the words ‘bama’ and ‘tide’ are used in a huge percentage of passwords. Users go to great lengths to create crappy password patterns, but those patterns vary wildly from company to company.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |