Detections
Analytics
Brute Force: Password Guessing (Windows)
Description
Adversaries with no prior knowledge of legitimate credentials within the system or environment may guess passwords to attempt access to accounts. Without knowledge of the password for an account, an adversary may opt to systematically guess the password using a repetitive or iterative mechanism. An adversary may guess login credentials without prior knowledge of system or environment passwords during an operation by using a list of common passwords. Password guessing may or may not take into account the target's policies on password complexity or use policies that may lock accounts out after a number of failed attempts.
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable Identity Exposure | Active Directory | Authenticated AD user | LDAP/S(389/636) | Domain User | ||
| Tenable Identity Exposure | Password Sync | Active Directory | Privileged AD user | RPC (135 + high ports) | User Password | Plugin ID: 50-C-PASSWORD-HASHES-ANALYSIS:R-WEAK-USER-PASSWORD |
References
Attack Path Technique Details
Framework: MITRE ATT&CK
Family: Credential Access
Technique: Brute Force
Sub-Technique: Password Guessing
Platform: Windows
Products Required: Tenable Identity Exposure
Tenable Release Date: 2022 Q3