Types:
MFA Fatigue Attacks – Social Engineering Cyber attack repeatedly sending MFA requests; SPAM attack;
Pass-The-Hash Attack – Steal Hashed user credentials then use them to create a new session;
Pass-The-Ticket Attack – Steal Kerberos tickets and use them to move laterally through an organisations network;
Kerberoasting – Post compromise attack used for cracking Active Directory service account passwords; Crack the password hash linked to the compromised account
Brute Forcing – Attempting many combinations; Dictionary, hybrid brute force, dictionary-random;
Credential Stuffing – Attacker has stolen credentials and uses botnet to target various services;
LDAP Injection – For network discovery of files, users and devices; user names and passwords; exploits weak or poor validation;
Leave a Reply