In general, brute force attacks involve using trial and error to work through possible user name and password combinations in order to compromise an account.Īccount enumeration is a more specific type of brute force attack where the attacker is attempting to guess the valid usernames of users within a network. What are Account Enumeration and Brute Force? It uses a challenge/response mechanism for authentication which allows users to prove their identities without sending a password over the network.ĭespite being replaced by more secure authentication protocols and having multiple known vulnerabilities, NTLM is still widely deployed today because of its compatibility with legacy systems and applications. NTLM or “New Technology LAN Manager” is a protocol developed by Microsoft to authenticate users and computers on the network. “This really opened my eyes to AD security in a way defensive work never did.” Featured Webinar DatAlert Master Class On Demand Watch Now.Get a Personalized Varonis Demo (In-Person or Online) Schedule Now.Data Classification Engine Sensitive Data Discovery.Data Security Platform Product Suite Overview.See How you Rank Data Risk Assessment Non-intrusive, hassle-free.