Attack Simulator for Office 365 Threat Intelligence – Brute Force Password Attack

Pirate,

A Brute Force Attack is the simplest method to gain access to a site or server. It is an automated, trial-and-error method of generating multiple password guesses from a dictionary file against a user’s password. Automated software is used to generate a large number of consecutive guesses as to the value of the desired data. An attack of this nature can be time- and resource-consuming. Hence the name “brute force attack;” success is usually based on computing power and the number of combinations tried rather than an ingenious algorithm.

This is the third part of the Attack Simulator for Office 365 Threat Intelligence series:

Brute-force attack when an attacker uses a set of predefined values to attack a target and analyze the response until he succeeds. Success depends on the set of predefined values. If it is larger, it will take more time, but there is better probability of success. The most common and easiest to understand example of the brute-force attack is the dictionary attack to crack the password. In this, attacker uses a password dictionary that contains millions of words that can be used as a password. Then the attacker tries these passwords one by one for authentication. If this dictionary contains the correct password, attacker will succeed.

In traditional brute-force attack, attacker just tries the combination of letters and numbers to generate password sequentially. However, this traditional technique will take longer when the password is long enough. These attacks can take several minutes to several hours or several years depending on the system used and length of password.

Give the attack a random name.

…select the user on which you want to affect the attack

Now you can enter the passwords that you want to proof or you can add a password dictionary list. You can find password lists everywhere in the internet. For demo’s I often take the lists from this github repository.

If you then launch the attack you can see the status of it in the simulate attacks overview.

If you click into the attack details you will find the users that got compromised by any of the parameters.

Check out the last part of the series which is: the password spray attack.

Have fun!

*Cpt

References:

Attack Simulator in Office 365

Submit a comment on “Attack Simulator for Office 365 Threat Intelligence – Brute Force Password Attack” Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.