You have
Login portal
list of employees/emails
Password strategies to employ
Current / past season with year and !, * etc
City - Local Sport Team
Address
Colleges
Company name
Number and characters as vowels (a β @, e β 3)
O365 is linked with everything (VPN, access etc)
https://github.com/blacklanternsecurity/TREVORspray
β O365 spraying tool
delay (base 30s) to avoid being detected
--no-current-ip
e.g.
<aside> π Look for 2022 used tools
</aside>
Donβt want to block everything then ask for lock policy.
Use free VM on AWS etc for --ssh flag, be sure to accept fingerprint before use TREVORspray
<aside> β οΈ VPN often detect very quickly
</aside>
> msfconsole
> search owa
> use auxiliary/scanner/http/owa_login
<aside> π Detect valid user delay but donβt detect lock account
</aside>
<aside> π Burp Suite proxy and intruder
</aside>