Password Spraying

Password spraying is an attack that attempts to access a large number of accounts with a single or a few commonly used passwords, also known as the low-and-slow method.

Event IDs	Audit Policies	Value
4624	├ Category: Logon/Logoff └─ Sub-category: Logon	Success
4625	├ Category: Logon/Logoff └─ Sub-category: Logoff	Failure
4771	├ Category: Account Logon └─ Sub-category: Kerberos Authentication Serviced	Failure
4776	├ Category: Account Logon └─ Sub-category: Credential Validation	Success and Failure
	Requires Sysmon extension	No

See also

• Credential Dumping: LSASS Memory

• DCShadow

• DCSync

• DNSAdmins

• Domain Backup Key Extraction

• Enumeration of Local Administrators

• GoldenTicket

• Kerberoasting

• Massive Computers Reconnaissance

• NTDS Extraction

• Password Guessing

• PetitPotam