A C# tool that detects password spraying attempt by using Active Directory user attributes
This tool is written in C# which check for multiple bad password attempts from the user attributes.
First of all, I am fetching all the accounts using LDAP, that have value of badPwdCount > 0.
Then, I’m leveraging the Active Directory user attributes badPasswordTime and badPwdCount. I checked for the badPwdCount for multiple users and grouping them on basis of badPasswordTime attribute
When I’ll try password spraying for multiple users, it will get detected by the tool Detect-spray as shown in the screenshot:
Blogpost Link - https://rootdse.org/posts/monitoring-realtime-activedirectory-domain-scenarios