Password Spraying

Password spraying is an attack that attempts to access a large number of accounts with a single or a few commonly used passwords, also known as the low-and-slow method.

Event IDs Audit Policies Value
4624

├ Category: Logon/Logoff

└─ Sub-category: Logon

Success

4625

├ Category: Logon/Logoff

└─ Sub-category: Logoff

Failure

4771

├ Category: Account Logon

└─ Sub-category: Kerberos Authentication Serviced

Failure

4776

├ Category: Account Logon

└─ Sub-category: Credential Validation

Success and Failure

 

  Requires Sysmon extension No

See also