Burpsuite can be used to password spray other websites that aren't Microsoft's. You can set failure flags in Intruder -> Options or you can use the status code as an indicator of success or failure.
Be cautious about account lockouts still
Last updated 1 year ago
