Knowledgebase
External Penetration Test
3. Attacking Login Portals
Active Directory

Active Directory

AD Account Lockout Policy

It’s important to collect the Active Directory Account Lockout Policy from the project sponsor prior to performing any attacks on login portals.

This will ensure that account lockouts do not occur during the External Penetration Test. If it does occur, it can be extremely disruptive for all organisational accounts to be locked out for 15 to 30 minutes, just imagine if 5000 staff couldn’t use their devices in that time, it could be considered a major disruption that would require the project sponsor to complete a post-incident report.

If the AD Account Lockout Policy is set for 5 password attempts per 15 minutes, it is better to be on the safe side and still only do 2 password attempts per 15-20 minutes.

Office 365 Login

Work in progress.

Microsoft Exchange

Work in progress.

https://github.com/dafthack/MailSniper