Further abusing the badPwdCount attribute

How to remediate the issue

Further abusing the badPwdCount attribute

At Fox-IT, we often do internal penetration tests for our customers. One of the attacks that we perform is password spraying. In a password spraying attack the attacker tries to authenticate as one of the user accounts that is found in Active Directory using a common password. These passwords vary from Summer2017 to Welcome01 and often yield a promising lead to continue towards the goal of becoming domain administrator.

The whole blog is available here.

Now at Fox-IT

Contact us

+31 (0) 15 284 79 99

fox@fox-it.com

Delft