Notifications
Clear all
Topic starter
16/05/2022 2:32 am
A security analyst has been asked to investigate a situation after the SOC started to receive alerts from the SIEM.
The analyst first looks at the domain controller and finds the following events:
To better understand what is going on, the analyst runs a command and receives the following output:
Based on the analyst’s findings, which of the following attacks is being executed?
- A . Credential harvesting
- B . Keylogger
- C . Brute-force
- D . Spraying
Suggested Answer: D
Explanation:
If a user tries to authenticate with a wrong password, the domain controller who handles the authentication request will increment an attribute called badPwdCount. As you can see in the image, the badpwdcount attribute for the user states that many passwords were used to try to log in without success. Password spraying is an attack that attempts to access a large number of accounts (usernames) with a few commonly used passwords.
https://www.coalfire.com/the-coalfire-blog/march-2019/password-spraying-what-to-do-and-how-to-avoid-it
https://doubleoctopus.com/security-wiki/threats-and-tools/password-spraying/
Explanation:
If a user tries to authenticate with a wrong password, the domain controller who handles the authentication request will increment an attribute called badPwdCount. As you can see in the image, the badpwdcount attribute for the user states that many passwords were used to try to log in without success. Password spraying is an attack that attempts to access a large number of accounts (usernames) with a few commonly used passwords.
https://www.coalfire.com/the-coalfire-blog/march-2019/password-spraying-what-to-do-and-how-to-avoid-it
https://doubleoctopus.com/security-wiki/threats-and-tools/password-spraying/