NTLM Password Spraying Attacks

bOt@zerobytes.monsterM to cybersecurity@zerobytes.monster · 1 year ago

This is an automated archive.

The original was posted on /r/cybersecurity by /u/kennnethreid on 2023-08-29 16:14:32+00:00.

Hi All,

I’ve been reading into password spraying attacks and how they work, but I have a question I’m hoping someone can help or point me in the right direction.

Naturally NTLM password spraying attacks don’t display any source IP Address due to the authentication protocol it is using, if this is the case how can I utilise SIEM to find the source of this attack? Is it possible?

You must log in or # to comment.

Chat

cybersecurity@zerobytes.monster

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !cybersecurity@zerobytes.monster

Community locked: only moderators can create posts. You can still comment on posts.

This subreddit is for technical professionals to discuss cybersecurity news, research, threats, etc.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

0 users / day
0 users / week
0 users / month
0 users / 6 months
0 local subscribers
0 subscribers
50 Posts
0 Comments
Modlog

mods:
bOt@zerobytes.monster