{"id":15509,"date":"2019-06-24T14:44:58","date_gmt":"2019-06-24T13:44:58","guid":{"rendered":"https:\/\/www.riskinsight-wavestone.com\/?p=15509"},"modified":"2021-06-03T11:20:27","modified_gmt":"2021-06-03T10:20:27","slug":"invoke-cleverspray-jamais-1-sans-3","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2019\/06\/invoke-cleverspray-jamais-1-sans-3\/","title":{"rendered":"Invoke-CleverSpray &#8211; Jamais 1 sans 3"},"content":{"rendered":"<div class=\"separator\" style=\"clear: both; text-align: center;\">\n<figure id=\"post-15929 media-15929\" class=\"align-center\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-15929\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/06\/header.png\" alt=\"\" width=\"640\" height=\"268\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/06\/header.png 640w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/06\/header-437x183.png 437w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/06\/header-71x30.png 71w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><\/figure>\n<\/div>\n<div class=\"separator\" style=\"clear: both; text-align: center;\"><\/div>\n<div><\/div>\n<div class=\"separator\" style=\"clear: both; text-align: center;\"><\/div>\n<div style=\"text-align: justify;\">Avant l&#8217;existence du niveau fonctionnel Windows Server 2003, lorsqu&#8217;un utilisateur tentait de s&#8217;authentifier \u00e0 l&#8217;aide d&#8217;un mot de passe n&#8217;\u00e9tant pas le sien, son nombre de tentative d&#8217;authentification \u00e9chou\u00e9e (repr\u00e9sent\u00e9 par l&#8217;attribut &#8220;<b>badPwdCount<\/b>&#8220;) se voyait automatiquement incr\u00e9ment\u00e9e.<\/div>\n<div style=\"text-align: justify;\">Depuis l&#8217;introduction du niveau fonctionnel Windows Server 2003, lorsqu\u2019un utilisateur essaie de s&#8217;authentifier \u00e0 l&#8217;aide d&#8217;un de ses deux pr\u00e9c\u00e9dents mots de passe, l&#8217;attribut &#8220;<b>badPwdCount<\/b>&#8221; n&#8217;est plus incr\u00e9ment\u00e9. D&#8217;une part, cette fonctionnalit\u00e9 permet de limiter les verrouillages de comptes utilisateurs dues \u00e0 des tentatives de connexion \u00e9mises par des applications suite \u00e0 une modification de mot de passe non r\u00e9percut\u00e9e sur ces derni\u00e8res (Exchange, Skype, etc.).\u00a0 D&#8217;autre part, cette \u00e9volution a pour objectif de limiter le nombre de verrouillages de comptes utilisateur et ainsi les interventions futiles des \u00e9quipes de support. En effet, les mauvaises tentatives d&#8217;authentification \u00e9manant d&#8217;utilisateurs l\u00e9gitimes sont plus susceptibles d&#8217;\u00eatre la cause de tentatives d&#8217;authentification \u00e0 l&#8217;aide de mots de passe pr\u00e9c\u00e9demment valides.<\/div>\n<h3>Fonctionnement du m\u00e9canisme de verrouillage de compte utilisateur<\/h3>\n<div style=\"text-align: justify;\">Diff\u00e9rents param\u00e8tres interviennent au sein du m\u00e9canisme de verrouillage de compte utilisateur :<\/div>\n<div style=\"text-align: justify;\"><\/div>\n<style type=\"text\/css\">\n    .w-table {<br \/>        width: 100;<br \/>        border-spacing: 0;<br \/>        border-collapse: collapse;<br \/>    }<\/p>\n<p>    .w-table td {<br \/>        text-align: center;<br \/>        border: 1px solid rgb(80, 48, 120);<br \/>        padding: 5px;<br \/>    }<\/p>\n<p>    .w-table thead td {<br \/>        background: rgb(80, 48, 120);<br \/>        font-weight: bold; color: white;<br \/>        border-left: 1px solid white;<br \/>        border-right: 1px solid white;<br \/>    }<\/p>\n<p>    .w-table thead td:first {<br \/>        border-left: 1px solid rgb(80, 48, 120);<br \/>    }<\/p>\n<p>    .w-table thead td:last {<br \/>        border-right: 1px solid rgb(80, 48, 120);<br \/>    }<br \/><\/style>\n<table class=\"w-table\">\n<thead>\n<tr>\n<td>Attribut Active Directory<\/td>\n<td>Propri\u00e9t\u00e9 PowerShell<\/td>\n<td>Param\u00e8tre de la strat\u00e9gie de groupe<\/td>\n<td style=\"width: 15%;\">P\u00e9rim\u00e8tre<\/td>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>lockoutThreshold<\/td>\n<td>LockoutThreshold<\/td>\n<td>Seuil de verrouillage<\/td>\n<td>Domaine<\/td>\n<\/tr>\n<tr>\n<td>lockoutDuration<\/td>\n<td>LockoutDuration<\/td>\n<td>Dur\u00e9e du verrouillage<\/td>\n<td>Domaine<\/td>\n<\/tr>\n<tr>\n<td>lockoutObservationWindow<\/td>\n<td>LockoutObservationWindow<\/td>\n<td>Fen\u00eatre d\u2019observation du verrouillage<\/td>\n<td>Domaine<\/td>\n<\/tr>\n<tr>\n<td>pwdHistoryLength<\/td>\n<td>PasswordHistoryCount<\/td>\n<td>Nombre de mots de passe ant\u00e9rieurs \u00e0 conserver<\/td>\n<td>Domaine<\/td>\n<\/tr>\n<tr>\n<td>lockoutTime<\/td>\n<td>AccountLockoutTime<\/td>\n<td>&#8211;<\/td>\n<td>Utilisateur<\/td>\n<\/tr>\n<tr>\n<td>logonCount<\/td>\n<td>&#8211;<\/td>\n<td>&#8211;<\/td>\n<td>Utilisateur<\/td>\n<\/tr>\n<tr>\n<td>pwdLastSet<\/td>\n<td>PasswordLastSet<\/td>\n<td>&#8211;<\/td>\n<td>Utilisateur<\/td>\n<\/tr>\n<tr>\n<td>pwdProperties<\/td>\n<td>ComplexityEnabled<\/td>\n<td>Mot de passe doit respecter des exigences de complexit\u00e9<\/td>\n<td>Utilisateur<\/td>\n<\/tr>\n<tr>\n<td>badPwdCount<\/td>\n<td>BadLogonCount<\/td>\n<td>&#8211;<\/td>\n<td>Utilisateur<\/td>\n<\/tr>\n<tr>\n<td>badPasswordTime<\/td>\n<td>LastBadPasswordAttempt<\/td>\n<td>&#8211;<\/td>\n<td>Utilisateur<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<div style=\"text-align: justify;\"><\/div>\n<div class=\"separator\" style=\"clear: both; text-align: center;\"><\/div>\n<div style=\"text-align: justify;\"><\/div>\n<div style=\"text-align: justify;\">La majeure partie de ces attributs disposent d&#8217;un nom autoporteur. N\u00e9anmoins, il convient de pr\u00e9ciser que la fen\u00eatre d&#8217;observation du verrouillage (&#8220;<b>lockoutObservationWindow<\/b>&#8220;) ne repr\u00e9sente pas la dur\u00e9e pendant laquelle les tentatives d&#8217;authentification infructueuses doivent avoir lieu pour verrouiller un compte, ni le temps n\u00e9cessaire \u00e0 la r\u00e9initialisation de l&#8217;attribut &#8220;<b>badPwdCount<\/b>&#8221; si aucune tentative infructueuse de connexion n&#8217;est conduite. Au contraire, c&#8217;est la dur\u00e9e n\u00e9cessaire \u00e0 la r\u00e9initialisation de l&#8217;attribut &#8220;<b>badPwdCount<\/b>&#8221; depuis la derni\u00e8re mise \u00e0 jour de l&#8217;attribut &#8220;<b>badPasswordTime<\/b>&#8220;.<\/div>\n<div style=\"text-align: justify;\"><\/div>\n<div style=\"text-align: justify;\">Par ailleurs, les attributs &#8220;<b>badPwdCount<\/b>&#8221; et &#8220;<b>badPasswordTime<\/b>&#8221; ne sont pas r\u00e9pliqu\u00e9s au sein du domaine mais seulement sauvegard\u00e9s sur le contr\u00f4leur de domaine sur lequel l&#8217;utilisateur essaye de s&#8217;authentifier. N\u00e9anmoins, ces attributs sont synchronis\u00e9s sur le contr\u00f4leur de domaine disposant du r\u00f4le FSMO d\u2019\u00e9mulateur de contr\u00f4leur principal de domaine (ou PDCe).<\/div>\n<div style=\"text-align: justify;\"><\/div>\n<div style=\"text-align: justify;\">Seuls les protocoles Kerberos et NTLM utilis\u00e9s lors d&#8217;une authentification via mot de passe ou Smart Card b\u00e9n\u00e9ficient de cette fonctionnalit\u00e9 (sous r\u00e9serve que le PDCe soit joignable par le contr\u00f4leur de domaine g\u00e9rant la demande d&#8217;authentification).<\/div>\n<h3>Jamais un sans trois<\/h3>\n<div style=\"text-align: justify;\">Du point de vue d&#8217;un attaquant, cette nouvelle fonctionnalit\u00e9 offre la possibilit\u00e9 d&#8217;attaquer non seulement le mot de passe actuel d&#8217;un utilisateur mais aussi ses deux pr\u00e9c\u00e9dents via la v\u00e9rification de l&#8217;incr\u00e9mentation de l&#8217;attribut &#8220;<b>badPwdCount<\/b>&#8221; sur le PDCe suite \u00e0 une tentative d&#8217;authentification. En effet, si la tentative d&#8217;authentification \u00e9choue mais que l&#8217;attribut &#8220;<b>badPwdCount<\/b>&#8221; ne se voit pas incr\u00e9menter, alors un mot de passe pr\u00e9c\u00e9demment valide vient d&#8217;\u00eatre d\u00e9couvert.<\/div>\n<div style=\"text-align: justify;\">La d\u00e9couverte d&#8217;un mot de passe pr\u00e9c\u00e9demment utilis\u00e9 par un utilisateur permet \u00e0 un attaquant d&#8217;identifier une \u00e9ventuelle structure de cr\u00e9ation de mot de passe employ\u00e9e par cet utilisateur, pouvant parfois conduire \u00e0 la d\u00e9couverte de son mot de passe actuel.<\/div>\n<div style=\"text-align: justify;\">D&#8217;autre part, il est fr\u00e9quent que des utilisateurs r\u00e9utilisent leurs anciens mots de passe ; un pr\u00e9c\u00e9dent mot de passe d\u00e9couvert pourrait donc \u00eatre r\u00e9employ\u00e9 par la suite par ce m\u00eame utilisateur.<\/div>\n<div style=\"text-align: justify;\">Enfin, les anciens mots de passe de domaine d\u00e9couverts peuvent parfois \u00eatre encore valides sur certains applicatifs se reposant sur un r\u00e9f\u00e9rentiel n&#8217;imposant aucun changement de mot de passe.<\/div>\n<h3>Invoke-CleverSpray &#8211; Script PowerShell automatisant la d\u00e9couverte de mots de passe (actuel, N-1 et N-2)<\/h3>\n<div style=\"text-align: justify;\">Un script a \u00e9t\u00e9 d\u00e9velopp\u00e9 dans le but d&#8217;identifier, outre les mots de passe actuels des utilisateurs d&#8217;un domaine Windows, les mots de passe pr\u00e9sents dans les historiques des mots de passe utilisateur :<\/div>\n<div class=\"separator\" style=\"clear: both; text-align: center;\">\n<figure id=\"post-15931 media-15931\" class=\"align-center\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-15931\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/06\/1.png\" alt=\"\" width=\"640\" height=\"482\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/06\/1.png 640w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/06\/1-254x191.png 254w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/06\/1-52x39.png 52w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><\/figure>\n<\/div>\n<div style=\"text-align: center;\"><a href=\"https:\/\/github.com\/wavestone-cdt\/Invoke-CleverSpray\"><i><span style=\"font-size: x-small;\">https:\/\/github.com\/wavestone-cdt\/Invoke-CleverSpray<\/span><\/i><\/a><\/div>\n<div style=\"text-align: justify;\">Le sch\u00e9ma de fonctionnement de ce dernier est le suivant :<\/div>\n<div style=\"text-align: justify;\">\n<ul>\n<li>R\u00e9cup\u00e9ration de la liste des utilisateurs du domaine Windows ou au sein d&#8217;un fichier pass\u00e9 en param\u00e8tre ;<\/li>\n<li>Pour chacun des utilisateurs, le contr\u00f4leur de domaine disposant du r\u00f4le de PDCe va \u00eatre contact\u00e9 afin de conna\u00eetre la valeur initiale de l&#8217;attribut &#8220;<b>badPwdCount<\/b>&#8221; de l&#8217;utilisateur, puis, si cette derni\u00e8re est inf\u00e9rieure \u00e0 un seuil d\u00e9fini par l&#8217;attaquant, une tentative de connexion \u00e0 l&#8217;aide d&#8217;un mot de passe sp\u00e9cifi\u00e9 en param\u00e8tre au script (ou pr\u00e9sent au sein d&#8217;une liste de mot de passe pass\u00e9e en param\u00e8tre) va \u00eatre tent\u00e9e ;<\/li>\n<li>Si l&#8217;authentification est r\u00e9ussie :\n<ul>\n<li>Le mot de passe correspond au mot de passe actuel de l&#8217;utilisateur cibl\u00e9 ;<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>Si l&#8217;authentification \u00e9choue :\n<ul>\n<li>La valeur de l&#8217;attribut &#8220;<b>badPwdCount<\/b>&#8221; va alors \u00eatre analys\u00e9e :<\/li>\n<li>Si cette derni\u00e8re n&#8217;a pas \u00e9t\u00e9 incr\u00e9ment\u00e9e, le mot de passe essay\u00e9 correspond \u00e0 un des deux mots de passe pr\u00e9c\u00e9demment d\u00e9fini par l&#8217;utilisateur<\/li>\n<li>Si cette derni\u00e8re a \u00e9t\u00e9 incr\u00e9ment\u00e9e, alors le mot de passe ne correspond ni au mot de passe actuel ni a un pr\u00e9c\u00e9demment mot de passe de l&#8217;utilisateur cibl\u00e9. Le script va donc passer \u00e0 l&#8217;utilisateur suivant afin de poursuivre l&#8217;attaque.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/div>\n<div style=\"text-align: justify;\"><\/div>\n<div style=\"text-align: justify;\">\n<p>Il est \u00e0 noter que le seuil de verrouillage d&#8217;un compte utilisateur ne peut \u00eatre collect\u00e9 par un utilisateur standard du domaine. De fait, il convient par s\u00e9curit\u00e9 d&#8217;ex\u00e9cuter le script avec une valeur limite de l&#8217;attribut &#8220;<b>badPwdCount<\/b>&#8221; faible afin d&#8217;\u00e9viter tout verrouillage de compte utilisateur.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Avant l&#8217;existence du niveau fonctionnel Windows Server 2003, lorsqu&#8217;un utilisateur tentait de s&#8217;authentifier \u00e0 l&#8217;aide d&#8217;un mot de passe n&#8217;\u00e9tant pas le sien, son nombre de tentative d&#8217;authentification \u00e9chou\u00e9e (repr\u00e9sent\u00e9 par l&#8217;attribut &#8220;badPwdCount&#8220;) se voyait automatiquement incr\u00e9ment\u00e9e. Depuis l&#8217;introduction du&#8230;<\/p>\n","protected":false},"author":1420,"featured_media":15060,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[36,3854,3225],"tags":[164,3865,3864,3863,3862],"coauthors":[3910],"class_list":["post-15509","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-digital-trust","category-deep-dive","category-ethical-hacking-indicent-response","tag-authentification","tag-cleverspray","tag-invoke","tag-mot-de-passe","tag-utilisateur"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Invoke-CleverSpray - Jamais 1 sans 3 - RiskInsight<\/title>\n<meta name=\"description\" content=\"Avant l&#039;existence du niveau fonctionnel Windows Server 2003, lorsqu&#039;un utilisateur tentait de s&#039;authentifier \u00e0 l&#039;aide d&#039;un mot de passe\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/2019\/06\/invoke-cleverspray-jamais-1-sans-3\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Invoke-CleverSpray - Jamais 1 sans 3 - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"Avant l&#039;existence du niveau fonctionnel Windows Server 2003, lorsqu&#039;un utilisateur tentait de s&#039;authentifier \u00e0 l&#039;aide d&#039;un mot de passe\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/2019\/06\/invoke-cleverspray-jamais-1-sans-3\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2019-06-24T13:44:58+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-06-03T10:20:27+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/02\/Fotolia_62798858_Subscription_Monthly_M.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1453\" \/>\n\t<meta property=\"og:image:height\" content=\"1308\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Fran\u00e7ois Leli\u00e8vre\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Fran\u00e7ois Leli\u00e8vre\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2019\/06\/invoke-cleverspray-jamais-1-sans-3\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2019\/06\/invoke-cleverspray-jamais-1-sans-3\/\"},\"author\":{\"name\":\"Fran\u00e7ois Leli\u00e8vre\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/788fdce1638bce5a55e76feae465b8f7\"},\"headline\":\"Invoke-CleverSpray &#8211; Jamais 1 sans 3\",\"datePublished\":\"2019-06-24T13:44:58+00:00\",\"dateModified\":\"2021-06-03T10:20:27+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2019\/06\/invoke-cleverspray-jamais-1-sans-3\/\"},\"wordCount\":1044,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2019\/06\/invoke-cleverspray-jamais-1-sans-3\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/02\/Fotolia_62798858_Subscription_Monthly_M.jpg\",\"keywords\":[\"authentification\",\"cleverspray\",\"invoke\",\"mot de passe\",\"utilisateur\"],\"articleSection\":[\"Cybersecurity &amp; Digital Trust\",\"Deep-dive\",\"Ethical Hacking &amp; Incident Response\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2019\/06\/invoke-cleverspray-jamais-1-sans-3\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/2019\/06\/invoke-cleverspray-jamais-1-sans-3\/\",\"name\":\"Invoke-CleverSpray - Jamais 1 sans 3 - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2019\/06\/invoke-cleverspray-jamais-1-sans-3\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2019\/06\/invoke-cleverspray-jamais-1-sans-3\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/02\/Fotolia_62798858_Subscription_Monthly_M.jpg\",\"datePublished\":\"2019-06-24T13:44:58+00:00\",\"dateModified\":\"2021-06-03T10:20:27+00:00\",\"description\":\"Avant l'existence du niveau fonctionnel Windows Server 2003, lorsqu'un utilisateur tentait de s'authentifier \u00e0 l'aide d'un mot de passe\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2019\/06\/invoke-cleverspray-jamais-1-sans-3\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/2019\/06\/invoke-cleverspray-jamais-1-sans-3\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2019\/06\/invoke-cleverspray-jamais-1-sans-3\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/02\/Fotolia_62798858_Subscription_Monthly_M.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/02\/Fotolia_62798858_Subscription_Monthly_M.jpg\",\"width\":1453,\"height\":1308,\"caption\":\"Vector businessman looking for future trends through binoculars - business and strategy metaphor - illustration in flat style\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2019\/06\/invoke-cleverspray-jamais-1-sans-3\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Invoke-CleverSpray &#8211; Jamais 1 sans 3\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/788fdce1638bce5a55e76feae465b8f7\",\"name\":\"Fran\u00e7ois Leli\u00e8vre\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/francois-lelievre\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Invoke-CleverSpray - Jamais 1 sans 3 - RiskInsight","description":"Avant l'existence du niveau fonctionnel Windows Server 2003, lorsqu'un utilisateur tentait de s'authentifier \u00e0 l'aide d'un mot de passe","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/2019\/06\/invoke-cleverspray-jamais-1-sans-3\/","og_locale":"en_US","og_type":"article","og_title":"Invoke-CleverSpray - Jamais 1 sans 3 - RiskInsight","og_description":"Avant l'existence du niveau fonctionnel Windows Server 2003, lorsqu'un utilisateur tentait de s'authentifier \u00e0 l'aide d'un mot de passe","og_url":"https:\/\/www.riskinsight-wavestone.com\/2019\/06\/invoke-cleverspray-jamais-1-sans-3\/","og_site_name":"RiskInsight","article_published_time":"2019-06-24T13:44:58+00:00","article_modified_time":"2021-06-03T10:20:27+00:00","og_image":[{"width":1453,"height":1308,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/02\/Fotolia_62798858_Subscription_Monthly_M.jpg","type":"image\/jpeg"}],"author":"Fran\u00e7ois Leli\u00e8vre","twitter_misc":{"Written by":"Fran\u00e7ois Leli\u00e8vre","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/2019\/06\/invoke-cleverspray-jamais-1-sans-3\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2019\/06\/invoke-cleverspray-jamais-1-sans-3\/"},"author":{"name":"Fran\u00e7ois Leli\u00e8vre","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/788fdce1638bce5a55e76feae465b8f7"},"headline":"Invoke-CleverSpray &#8211; Jamais 1 sans 3","datePublished":"2019-06-24T13:44:58+00:00","dateModified":"2021-06-03T10:20:27+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2019\/06\/invoke-cleverspray-jamais-1-sans-3\/"},"wordCount":1044,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2019\/06\/invoke-cleverspray-jamais-1-sans-3\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/02\/Fotolia_62798858_Subscription_Monthly_M.jpg","keywords":["authentification","cleverspray","invoke","mot de passe","utilisateur"],"articleSection":["Cybersecurity &amp; Digital Trust","Deep-dive","Ethical Hacking &amp; Incident Response"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/2019\/06\/invoke-cleverspray-jamais-1-sans-3\/","url":"https:\/\/www.riskinsight-wavestone.com\/2019\/06\/invoke-cleverspray-jamais-1-sans-3\/","name":"Invoke-CleverSpray - Jamais 1 sans 3 - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2019\/06\/invoke-cleverspray-jamais-1-sans-3\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2019\/06\/invoke-cleverspray-jamais-1-sans-3\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/02\/Fotolia_62798858_Subscription_Monthly_M.jpg","datePublished":"2019-06-24T13:44:58+00:00","dateModified":"2021-06-03T10:20:27+00:00","description":"Avant l'existence du niveau fonctionnel Windows Server 2003, lorsqu'un utilisateur tentait de s'authentifier \u00e0 l'aide d'un mot de passe","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2019\/06\/invoke-cleverspray-jamais-1-sans-3\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/2019\/06\/invoke-cleverspray-jamais-1-sans-3\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/2019\/06\/invoke-cleverspray-jamais-1-sans-3\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/02\/Fotolia_62798858_Subscription_Monthly_M.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/02\/Fotolia_62798858_Subscription_Monthly_M.jpg","width":1453,"height":1308,"caption":"Vector businessman looking for future trends through binoculars - business and strategy metaphor - illustration in flat style"},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/2019\/06\/invoke-cleverspray-jamais-1-sans-3\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Invoke-CleverSpray &#8211; Jamais 1 sans 3"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/788fdce1638bce5a55e76feae465b8f7","name":"Fran\u00e7ois Leli\u00e8vre","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/francois-lelievre\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/15509","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/1420"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=15509"}],"version-history":[{"count":7,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/15509\/revisions"}],"predecessor-version":[{"id":15928,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/15509\/revisions\/15928"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/15060"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=15509"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=15509"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=15509"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=15509"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}