I would like to better understand the workflow around which the specific feature works.
My idea of password bruteforcing is that,
- It has different levels, (as per public documentation)
- It bruteforces actual logins. ( Login attempts will be recorded by Windows)
- It can only bruteforce local Windows accounts.
- You can have your own list by having a list similar to this:
- Scanning domain controller will bruteforce all user accounts
However, can I have a list with a domain specified?
Can someone give me a better idea of the limitations and actual workflow of this feature?
My idea of password auditing via PC is that:
- Dissolvable agent will access password hashes and compare it to given passwords
- It has three levels as well, the last being able to create custom list
- The list is just a list of passwords:
Can I use this to audit domain accounts in a domain controller?
Does this only apply for local windows accounts?
What is the workflow behind this?
Links of references so you won't have to: