Successfully investigate brute force and account enumeration attacks made over NTLM protocol

%3CLINGO-SUB%20id%3D%22lingo-sub-1121844%22%20slang%3D%22en-US%22%3ESuccessfully%20investigate%20brute%20force%20and%20account%20enumeration%20attacks%20made%20over%20NTLM%20protocol%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1121844%22%20slang%3D%22en-US%22%3E%3CP%3ESecurity%20research%20shows%20most%20successful%20enumeration%20and%20brute%20force%20attacks%20use%20either%20NTLM%20or%20Kerberos%20authentication%20protocols%20for%20entry.%20In%20fact%2C%20they%E2%80%99re%20the%20most%20popular%20discovery-phase%20attacks%20Azure%20ATP%20observed%20in%20the%20past%2012%20months.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20understand%26nbsp%3B%3CSTRONG%3EWhy%20does%20account%20enumeration%20matter%3F%2C%26nbsp%3B%3C%2FSTRONG%3E%3CSTRONG%3EWhat%20is%20NTLM%20and%20how%20does%20it%20work%3F%20%3C%2FSTRONG%3Eand%26nbsp%3B%3CSTRONG%3EHow%20does%20Azure%20ATP%20provide%20visibility%20into%20NTLM%20authentications%3F%20%3C%2FSTRONG%3Eread%20our%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fsecurity-privacy-and-compliance%2Fazure-atp-investigation-of-brute-force-and-account-enumeration%2Fba-p%2F1121006%22%20target%3D%22_self%22%3Enew%20blog%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Microsoft

Security research shows most successful enumeration and brute force attacks use either NTLM or Kerberos authentication protocols for entry. In fact, they’re the most popular discovery-phase attacks Azure ATP observed in the past 12 months.

 

To understand Why does account enumeration matter?, What is NTLM and how does it work? and How does Azure ATP provide visibility into NTLM authentications? read our new blog.

 

 

0 Replies