Defeat Domain User Spraying & Brute Forcing of Passwords

December 28, 2011

This post comes to you from Lamar Spells of http://foxtrot7security.blogspot.com/.
A while back, LaNMaSteR53 (Tim Tomes) discussed a method for brute forcing domain default passwords while avoiding account lockout. This discussion was in response to a video by Dave Hoelzer on using PowerShell to hack domain user accounts.

Tim Tomes

Identity

How identity became the new security battleground

Craig Birch May 21, 2026

Exploits happen in minutes in the AI era – so 43 days to fully remediate just doesn’t cut it today.

Identity

1Password and OpenAI collaborate on secure credential access for AI coding agents

SC StaffMay 20, 2026

The new 1Password Environments MCP Server for Codex establishes a secure runtime environment where secrets are mounted, utilized, and then discarded after use, requiring user authentication for each access.

(Credit: Araki Illustrations – stock.adobe.com)

Identity

New Mini Shai-Hulud attack targets npm ecosystem

Steve ZurierMay 20, 2026

Mini Shai-Hulud campaign hits 323 npm packages, GitHub Actions and VS Code tools.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Defeat Domain User Spraying & Brute Forcing of Passwords

Related

How identity became the new security battleground

1Password and OpenAI collaborate on secure credential access for AI coding agents

New Mini Shai-Hulud attack targets npm ecosystem

Related Events

IAM for MSSPs: Real-World Deployments

Privilege risk is in the lifecycle: A CISO discussion on modernizing identity control

The industrialization of identity compromise

Get daily email updates