arch4ngel/BruteLoops

Password Spraying

ustayready/fireprox

https://github.com/t3l3machus/psudohash

For O365/ Azure

1. Gather employee info from LinkedIn
   1. Including the breach dumps
2. Password spray the O365 Graph API via fireprox
   1. User has to accept MFA push - do at morning login rush or after lunch.
3. Configure a backup MFA or alt phone number for the user for persistence.
4. Check for Azure AD portal access
   1. Take an offline backup
   2. Dump e-mails for more password spraying
5. Check OneDrive/Sharepoint

   1. Look for implantable file types

      1. Office

      2. Visual Studio projects

      3. scripts

      4. Check recently accessed/modified

      5. If you open the document you can see who has concurrent access

   2. Poison docs

   3. Test to make sure normal intended functionality still works

   4. Persistence methods (need non-admin ones too)

      1. Reg keys for direct persistence
      2. Drop shortcut to lolbin with appropriate options in startup folder
      3. Host or AD recon

https://github.com/t3l3machus/psudohash

With the most basic options, psudohash can generate a wordlist with all possible mutations of one or multiple keywords, based on common character substitution patterns (customizable), case variations, strings commonly used as padding and more.

https://github.com/dafthack/DomainPasswordSpray

DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!

https://github.com/ustayready/SharpHose

SharpHose is a C# password spraying tool designed to be fast, safe, and usable over Cobalt Strike's execute-assembly.