1.Why is password policy enumeration one of the first discovery steps after gaining domain credentials?
2.A domain has a lockout threshold of 5 with a 30-minute reset counter. How would you calculate a safe spray rate?
3.Why does an 8-character minimum password length with complexity enabled still allow crackable passwords?
4.What is a fine-grained password policy, and why would an attacker specifically look for one?
5.Can the domain password policy be retrieved without valid domain credentials?
6.How would you explain to a client that their password policy directly enabled the credential attacks you performed?