Password spraying is an attack involving an attempt to log into an exposed service using one common password and a longer list of usernames or email addresses
- Kerbrute for Userenum and Password Spraying
- statistically-likely-usernames (jsmith.txt)
- Use a common password such as Welcome1 or the season followed by the current year (i.e. Summer2022)
- Password Spray w/ Kerbrute
{% embed url="https://github.com/insidetrust/statistically-likely-usernames" %} GitHub Repository {% endembed %}
 (1) (1) (1) (2).png)