Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Learn how hackers execute password spraying attacks against Microsoft Entra ID (formerly Azure AD) accounts in this cybersecurity tutorial. Explore the tools and techniques used in real-world brute force attacks targeting Microsoft online services, including demonstrations of OpenBullet2, MSOLSpray, EntraSpray, and TeamFiltration frameworks. Discover how attackers bypass security measures using proxy rotation tools like FireProx, OmniProx, and IPSpinner to avoid detection while conducting large-scale password spraying campaigns. Examine recent attack campaigns that targeted over 80,000 Microsoft Entra ID accounts and understand the methodologies behind these sophisticated attacks. Gain insights into the technical aspects of password spraying, including how attackers use common passwords against multiple accounts to avoid account lockouts, and learn about the infrastructure and anonymization techniques employed through tools like Tor. Understand the defensive perspective by exploring how organizations can detect and prevent these attacks, with practical examples of attack patterns and indicators of compromise that security teams should monitor.
