Question

An attacker has successfully exfiltrated several non-salted password hashes from an online

system. Given the logs below: Which of the following BEST describes the type of password attack the attacker is performing?
A. Dictionary
B. Pass-the-hash
C. Brute-force
D. Password spraying

Answer 1

The attacker is performing a password-spraying attack, trying a small number of commonly used passwords against many different accounts.

Step-by-step explanation:

The attacker is performing a password spraying attack. This type of attack involves trying a small number of commonly used passwords against a large number of user accounts. It is different from a brute-force attack, which involves systematically trying every possible combination of characters until the correct password is found. In a password spraying attack, the attacker is not attempting to guess a specific user's password, but rather trying a few common passwords against many different accounts to increase the chances of a successful login.