22sh sofianeelhor
sofianeelhor
/ silentspray.go
Last active
February 26, 2025 16:38
This tool leverages a flaw in the Azure AD Seamless SSO service. Failed authentication attempts using the autologon endpoint aren't properly logged, allowing for (undetected?) username probing and password spray attacks. Ideal for red teaming
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //https://www.secureworks.com/research/undetected-azure-active-directory-brute-force-attacks | |
| package main | |
| import ( | |
| "bufio" | |
| "fmt" | |
| "io/ioutil" | |
| "net/http" | |
| "net/url" | |
| "os" |