Fake User Account with Multiple Passwords to Detect Password Spray? (possible or not ?) #5
Description
I'm attempting to modify or improve the creation of decoy user accounts from your lab (AppliedPurpleTeaming/APT-9S22: APT-9S22). The question becomes whether this is possible from a Windows AD perspective and then from the perspective of the DO-LAB environment.
My goal is to figure out if it's possible to configure a decoy user account that can allow for more than one password for login. By doing so, I could cover larger lists of common or breached passwords without needing to create more accounts which would make the deception more noticeable. Based on some other resources I found, this definitely doesn't seem to be possible out of the box, but maybe there is a third party option for identity providers that could make it possible. In my mind, I was thinking of a boolean logic statement like "pw1 OR pw2 OR pw3." Ultimately, I just want to know if this could ever be a possibility or if I would need to rely on creating more decoy accounts with an optimized list of passwords for them to use.
My question is thoroughly outlined in this post I made on security Stack Exchange - active directory - Windows AD - Fake User Account with Multiple Passwords to Detect Password Spray - Information Security Stack Exchange