Password Spraying

Not a great attack method against cloud infrastructure, but it is possible.

Use a single password against multiple users that were enumerated. For Azure, password spray attacks can be done against different API endpoints.

MSOLSpray

Invoke-MSOLSpray -UserList validemails.txt -Password Password123! -Verbose

This is noisy and may lead to detection

PreviousUnauthenticated ReconNextAzure App Service

Last updated