EXPLORE
Sign In
← Back to Explore
T1201

Password Policy Discovery

Adversaries may attempt to access detailed information about the password policy used within an enterprise network or cloud environment. Password policies are a way to enforce complex passwords that are difficult to guess or crack through [Brute Force](https://attack.mitre.org/techniques/T1110). This information may help the adversary to create a list of common passwords and launch dictionary and/or brute force attacks which adheres to the policy (e.g. if the minimum password length should be 8,...

WindowsLinuxmacOSIaaSNetwork DevicesIdentity ProviderSaaSOffice Suite
20
Detections
4
Sources
3
Threat Actors

BY SOURCE

9splunk_escu6sigma3elastic2kql

PROCEDURES (15)

Process Creation Monitoring2 detections

Auto-extracted: 2 detections for process creation monitoring

Process Creation Monitoring2 detections

Auto-extracted: 2 detections for process creation monitoring

Command Line Monitoring2 detections

Auto-extracted: 2 detections for command line monitoring

Privilege2 detections

Auto-extracted: 2 detections for privilege

Powershell1 detections

Auto-extracted: 1 detections for powershell

Api1 detections

Auto-extracted: 1 detections for api

General Monitoring1 detections

Auto-extracted: 1 detections for general monitoring

Service1 detections

Auto-extracted: 1 detections for service

Authentication Monitoring1 detections

Auto-extracted: 1 detections for authentication monitoring

Powershell1 detections

Auto-extracted: 1 detections for powershell

Network Connection Monitoring1 detections

Auto-extracted: 1 detections for network connection monitoring

General Monitoring1 detections

Auto-extracted: 1 detections for general monitoring

Service1 detections

Auto-extracted: 1 detections for service

Azure1 detections

Auto-extracted: 1 detections for azure

Authentication Monitoring1 detections

Auto-extracted: 1 detections for authentication monitoring

THREAT ACTORS (3)

ChimeraOilRigTurla

DETECTIONS (20)

AWS High Number Of Failed Authentications For User
splunk_escu
AWS Password Policy Changes
splunk_escu
Cisco Discovery
sigmalow
Detect net(1).exe Discovery Activities
kql
Entra ID Sign-in BloodHound Suite User-Agent Detected
elasticmedium
Entra ID Sign-in TeamFiltration User-Agent Detected
elasticmedium
Get ADDefaultDomainPasswordPolicy with Powershell
splunk_escu
Get ADDefaultDomainPasswordPolicy with Powershell Script Block
splunk_escu
Get ADUserResultantPasswordPolicy with Powershell
splunk_escu
Get ADUserResultantPasswordPolicy with Powershell Script Block
splunk_escu
Get DomainPolicy with Powershell
splunk_escu
Get DomainPolicy with Powershell Script Block
splunk_escu
HackTool - CrackMapExec Execution
sigmahigh
List net(1).exe discovery activities
kql
Net.EXE Execution
sigmalow
Password Policy Discovery - Linux
sigmalow
Password Policy Discovery With Get-AdDefaultDomainPasswordPolicy
sigmalow
Password Policy Enumerated
sigmamedium
PowerShell Suspicious Discovery Related Windows API Functions
elasticlow
Windows Password Policy Discovery with Net
splunk_escu