在「Simplifying Password Spraying」這篇看到,原來這個叫做 Password Spray...
To give a little background, traditional brute force attacks of one username with multiple passwords don't work very well against Windows services. This is because they employ lockout functionality after a set number of login attempts. A Password Spray circumvents the lockout functionality by trying only a few of the most common passwords against multiple user accounts, trying to identify that one person who is using 'Password1' or 'Summer2017'.
這個方法可以避開在同一個帳號的防禦機制...