It’s Complicated: The Special Risks of Password Spraying to AD and Azure AD and How to Prevent and Detect

Webinar Registration

At first glance password spraying would seem hardly worth the effort for an attacker against an organization with decent security. In a perfect world password spraying wouldn’t be so effective. But in the world we live it’s quite the opposite.

Password spraying is effective for a number or reasons:

Humans don’t usually pick good passwords
The audit events you need to monitor are fragmented across multiple systems and clouds
The signal to noise ratio of password spraying is low

But password spraying takes an exponential leap higher in effectiveness when you can’t even get the audit events which is a potential problem with Azure Active Directory as reported by Ars Technica and SecureWorks. Moreover, a bad password in on-prem AD exposes lots of other stuff in the cloud thanks to the coupled security risks of today’s hybrid environment.

In this real training for free event, we’ll explain:

how password spraying works and distinguish it from other attacks like credential stuffing
various ways that AD and AAD interact from a password standpoint (password hash sync, passthrough, ADFS)
why AD is attractive for password sprays
risks arcane to hybrid AD and AAD environments
the importance of Azure’s new Azure Password Protection for on-prem AD
why password spraying is difficult to detect

This will be a technical and practical session and the very knowledgeable Matthew Vinton, Strategic Systems Consultant, from our sponsor Quest Software will talk about what makes it difficult to detect, how it gets more useful the bigger the target, what can be done with regular credentials. (at minimum, recon). Matthew will also demonstrate how Quest On Demand Audit provides a single audit plane across AD and AAD, and can perform anomaly detection at scale across those two platforms.

To prevent AD password sync from making the cloud vulnerable, we will discuss:

Enforce MFA across all users
Eliminate external AD auth points
Deploy Azure AD Password Protection on-prem
Perform login anomaly detection against AD to detect unusual rises in unsuccessful sign-in activities

Please join us for this real training for free session.

First Name:	Required
Last Name:	Required
Work Email:	Required Invalid email address
Phone:	Required
Job Title:	Required
Organization:	Required
Country:	Required
State:	Required
Zip/Postal Code:	Required
	Your information will be shared with the sponsor. By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor. Tweet

Upcoming Webinars

Anatomy of a Cloud Hack: The Cloudflare/Okta Compromise – A Story of Tokens, Lateral Movement, Persistence and the Salvation of Zero Trust and Hard MFA Tokens

Additional Resources

User name:
Password:
	/ Forgot?
	Register

April 2024 Patch Tuesday	"Patch Tuesday - One Zero Day and Record Number of Patches! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.