EXPLORE
Sign In
← Back to Explore
T1201

Password Policy Discovery

Adversaries may attempt to access detailed information about the password policy used within an enterprise network or cloud environment. Password policies are a way to enforce complex passwords that are difficult to guess or crack through [Brute Force](https://attack.mitre.org/techniques/T1110). This information may help the adversary to create a list of common passwords and launch dictionary and/or brute force attacks which adheres to the policy (e.g. if the minimum password length should be 8,...

WindowsLinuxmacOSIaaSNetwork DevicesIdentity ProviderSaaSOffice Suite
17
Detections
3
Sources
3
Threat Actors

BY SOURCE

9splunk_escu5sigma3elastic

PROCEDURES (14)

Network Connection Monitoring2 detections

Auto-extracted: 2 detections for network connection monitoring

Privilege2 detections

Auto-extracted: 2 detections for privilege

Script Block2 detections

Auto-extracted: 2 detections for script block

Brute Force1 detections

Auto-extracted: 1 detections for brute force

Aws1 detections

Auto-extracted: 1 detections for aws

Service1 detections

Auto-extracted: 1 detections for service

Azure1 detections

Auto-extracted: 1 detections for azure

Powershell1 detections

Auto-extracted: 1 detections for powershell

Brute Force1 detections

Auto-extracted: 1 detections for brute force

Process Creation Monitoring1 detections

Auto-extracted: 1 detections for process creation monitoring

Authentication Monitoring1 detections

Auto-extracted: 1 detections for authentication monitoring

Api1 detections

Auto-extracted: 1 detections for api

Powershell1 detections

Auto-extracted: 1 detections for powershell

General Monitoring1 detections

Auto-extracted: 1 detections for general monitoring

THREAT ACTORS (3)

ChimeraOilRigTurla

DETECTIONS (17)

AWS High Number Of Failed Authentications For User
splunk_escu
AWS Password Policy Changes
splunk_escu
Cisco Discovery
sigmalow
Entra ID Sign-in BloodHound Suite User-Agent Detected
elasticmedium
Entra ID Sign-in TeamFiltration User-Agent Detected
elasticmedium
Get ADDefaultDomainPasswordPolicy with Powershell
splunk_escu
Get ADDefaultDomainPasswordPolicy with Powershell Script Block
splunk_escu
Get ADUserResultantPasswordPolicy with Powershell
splunk_escu
Get ADUserResultantPasswordPolicy with Powershell Script Block
splunk_escu
Get DomainPolicy with Powershell
splunk_escu
Get DomainPolicy with Powershell Script Block
splunk_escu
HackTool - CrackMapExec Execution
sigmahigh
Password Policy Discovery - Linux
sigmalow
Password Policy Discovery With Get-AdDefaultDomainPasswordPolicy
sigmalow
Password Policy Enumerated
sigmamedium
PowerShell Suspicious Discovery Related Windows API Functions
elasticlow
Windows Password Policy Discovery with Net
splunk_escu