Rakesh Sharma

Talk: Spray and Pray: Mastering Password Spraying on M365

Abstract:
Password spraying on M365 services remains a potent technique for compromising organizations. This session will cover executing effective password sprays, from initial reconnaissance to mitigation. It will include gathering usernames, executing sprays, evasion techniques, bypassing Multi-Factor Authentication (MFA), and defending against such attacks through robust policies and continuous monitoring.

Agenda:

Methodology for Effective Password Spraying
Gathering Usernames and Validation
Execution of Password Sprays
Evasion Techniques
Bypassing Multi-Factor Authentication (MFA)
Mitigation Strategies

Rakesh Sharma is a Practice Manager at Optiv Security, where he leads the attack and penetration testing India division. With over 15 years of experience in Information Security, he specializes in Red Team assessments, Social Engineering, Physical Security, Network Exploitation, and Web Application Penetration Testing. He holds OSCP and OSWP certifications and has received bug bounties from over 20 programs, including Microsoft, Paytm, PepsiCo, and NASA.

BSides Kerala 2025 Speakers

Rakesh Sharma

Practice Manager at Optiv Security

Talk: Spray and Pray: Mastering Password Spraying on M365

Rakesh Sharma