Password Guessing

A brute-force password guessing attack consists of an attacker submitting many passwords or pass phrases and hoping to guess correctly eventually. The attacker systematically checks all possible passwords and pass phrases until it finds the correct one.

Event IDs	Audit Policies	Value
4624	├ Category: Logon/Logoff └─ Sub-category: Logon	Success
4625	├ Category: Logon/Logoff └─ Sub-category: Logoff	Failure
4771	├ Category: Account Logon └─ Sub-category: Kerberos Authentication Serviced	Failure
4776	├ Category: Account Logon └─ Sub-category: Credential Validation	Success and Failure
	Requires Sysmon extension	No

See also

• Credential Dumping: LSASS Memory

• DCShadow

• DCSync

• DNSAdmins

• Domain Backup Key Extraction

• Enumeration of Local Administrators

• GoldenTicket

• Kerberoasting

• Massive Computers Reconnaissance

• NTDS Extraction

• Password Spraying

• PetitPotam