Detections
Analytics

Detection of Password Weaknesses

high

Language:

Description

Multiple problems can arise with Active Directory account passwords, leading to a decrease in Active Directory security.

Solution

Good administrative practices for domain user passwords involve using strong and unique passwords, avoiding unchanged default values that relate to domain-authenticated accounts, and securely storing passwords with robust algorithms.

See Also

The 773 Million Record "Collection #1" Data Breach

The Default Password Threat

How to prevent Windows from storing a LAN manager hash of your password in Active Directory and local SAM databases

Indicator Details

Name: Detection of Password Weaknesses

Codename: C-PASSWORD-HASHES-ANALYSIS

Severity: High

MITRE ATT&CK Information:

Tactics: TA0004, TA0006, TA0001

Techniques: T1078

Attacker Known Tools

ropnop: Kerbrute - A tool to quickly bruteforce and enumerate valid Active Directory accounts through Kerberos Pre-Authentication

OpenWall: John the Ripper - A fast password cracker

Jens Steube, Gabriele Gristina: hashcat - advanced password recovery tool