Skip to content

Brute-Force Credentials

Description

brute-force credentials module executes a password brute-force attack on a target identity in Entra ID. Brute-force attempts to gain access to an account when the password for the account is unknown.

This module requires a password list in txt file format as input for bruteforce. Placed the password file in \MAAD-AF directory.

If the brute-force is successful, this module stores the cracked credentials in MAAD Credential Store for use in future.

Trigger

MAAD Attack Arsenal -> "Pre-Attack" -> 2

MITRE ATT&CK Information

Tactic Technique
Credential Access Brute Force

Additional Details

  • Brute-force is attempted against the reporting web service endpoint: https://reports.office365.com/ecp/reportingwebservice/reporting.svc