Question:  What Can I Learn from Password Spraying a 2FA Microsoft Web App Portal?

Carrie Roberts // Answer: Enough to make it worth it! Penetration testers love to perform password spraying attacks against publicly available email portals as described here in this great post by Beau Bullock. Recently I performed a password spray against an Outlook Web App portal that had multi-factor authentication enabled using Microsoft MFA. The login page looked […]

Read the entire post here