Brute-Force Attack Detection

critical

Language:

Description

Attackers can brute-force or spray passwords to discover new accounts to take a hold on, enabling them to extend their control over the AD infrastructure.

Solution

When a brute-force is detected, it can mean an attacker is currently active on the network. As soon as this attack is detected, an investigation of its origin needs to be performed and efficiently stopped.

Indicator Details

Name: Brute-Force Attack Detection

Codename: C-BAD-PASSWORD-COUNT

Severity: Critical

Attacker Known Tools

SecureAuthCorp: impacket

MIT: kinit

Detections

Analytics