Fake User Account with Multiple Passwords to Detect Password Spray? (possible or not ?) #5
Comments
|
If this post should be in the other repo or if this is out of scope, then please let me know. Thank you! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm attempting to modify or improve the creation of decoy user accounts from your lab (AppliedPurpleTeaming/APT-9S22: APT-9S22). The question becomes whether this is possible from a Windows AD perspective and then from the perspective of the DO-LAB environment.
My goal is to figure out if it's possible to configure a decoy user account that can allow for more than one password for login. By doing so, I could cover larger lists of common or breached passwords without needing to create more accounts which would make the deception more noticeable. Based on some other resources I found, this definitely doesn't seem to be possible out of the box, but maybe there is a third party option for identity providers that could make it possible. In my mind, I was thinking of a boolean logic statement like "pw1 OR pw2 OR pw3." Ultimately, I just want to know if this could ever be a possibility or if I would need to rely on creating more decoy accounts with an optimized list of passwords for them to use.
My question is thoroughly outlined in this post I made on security Stack Exchange - active directory - Windows AD - Fake User Account with Multiple Passwords to Detect Password Spray - Information Security Stack Exchange
The text was updated successfully, but these errors were encountered: