George, recently fired as an IT analyst, wants to break into the company network by cracking service accounts. Which password cracking technique should he use in this situation?

Rule-based attacks take dictionary words and apply a set of transformation rules to generate likely password variants that fit common security policies. Service accounts often follow corporate rules that demand complexity, but users tend to modify familiar words in predictable ways—capitalizing letters, substituting symbols or digits for letters, adding numbers at the end, or appending common suffixes. By encoding these patterns into rules, the attacker can quickly produce a focused set of plausible passwords without trying every possible character combination. This makes the approach far more efficient than brute force, which becomes impractical for long, complex passwords, and more effective than a plain dictionary attack, which would miss common mutations. A syllable-based technique isn’t aligned with typical policy-driven password modifications and would generally be less effective in this scenario. So, using rule-based transformations to dictionary words best matches how service accounts are commonly protected while remaining computationally practical.