Skip to content

GracefulSecurity

  • Home
  • About Me
  • vlogs
  • Web App
  • Infrastructure
  • More
    • Hardware
    • Build Security
    • Cheat Sheets
    • Cloud
  • Home
  • About Me
  • vlogs
  • Web App
  • Infrastructure
  • More
    • Hardware
    • Build Security
    • Cheat Sheets
    • Cloud

Tag: Observation Window

Infrastructure

The Myth of Account Lockout: Observation Windows

by HollyGracefulJanuary 2, 2016February 3, 2020

During Penetration Tests I often gain access to a selection of domain user accounts on my path to compromising a domain admin account. This is often a requirement these days for enumerating domain policy and also it’s quite common to find standard user accounts that have access to interesting information, such as HR or Finance accounts with access to staff and payroll information or a user with VPN access. During the post-engagement meeting with clients they’re often shocked at how I could launch online brute-force attacks against accounts without locking them out.

Read More

Latest Vlog

https://www.youtube.com/watch?v=lybXKp_9eh4
Copyright © 2020 GracefulSecurity. Powered by WordPress and Bam.