Given how often we see this tactic used, we’re going to break down the basics. We want to help you understand how password spraying works, along with some effective steps you can take to prevent it from being used against your organization.
What is password spraying?
Resources
Blog
External Testing
Keep up to date with the latest offensive security news, knowledge, and resources.
It’s tempting to re-use the same password for multiple online accounts. Many of us have done it (it’s OK; this is a safe space). Convenient as it seems, this action puts you at high risk to get hacked via credential stuffing.
Over the past years, we’ve urged companies to start using Multi-factor authentication (MFA) – and many have followed through. Unfortunately, we have a long way to go.
First, the good news. MFA protects by adding a layer of security using an out-of-band authentication step, making it harder for attackers to gain access to an organization. Not to mention, it keeps security...
This is the start of a series I'm calling Autored. My goal is to quickly stand up temporary systems I commonly use during an engagement. In this post I'll cover how to deploy an Empire server in AWS in less than 3 minutes from the command line.
