Play all

Introduction

How Much Does It Cost

Distribute Globally

Cost

Rate Of Return

How To Start

What Are Combo Lists

IP Rate Limiting

CAPTCHAs

Dynamic Sites

Host Header Order

Consumer Browsers

Browser fingerprinting

Fraudfox

Identifying Bots

NonHuman Behavior

Browser Automation Studio

Browser Consistency Check

Browser Fingerprints

Emulation

Multifactor authentication does not stop credential stuffing

How to bypass multifactor authentication

Logging into your bank

Resident script

Browser extensions

Exploit a developer machine

What is beyond credential stuffing

We are raising the cost

Genesis

One Unit

Known Resources

Fingerprints

Risk Scores

Dont Screw Your Buddies

Advanced Malware

Fraud Problems

Description:

Explore the current landscape of credential stuffing attacks and the evolving nature of account takeovers in this comprehensive conference talk. Delve into the economics of these attacks, including costs, distribution methods, and return on investment. Learn about combo lists, various defense mechanisms like IP rate limiting and CAPTCHAs, and the challenges posed by dynamic sites. Examine techniques used to identify bots, including browser fingerprinting and non-human behavior detection. Discover how attackers bypass multifactor authentication and explore advanced fraud techniques such as resident scripts and browser extensions. Gain insights into emerging threats beyond credential stuffing, including Genesis marketplaces and advanced malware. Understand the importance of risk scoring and collaborative efforts in combating fraud.

The State of Credential Stuffing and the Future of Account Takeovers

OWASP Foundation

Add to list

#Conference Talks #Information Security (InfoSec) #Cybersecurity #Programming #Software Development #Software Testing #Selenium #Browser Automation #Credential Stuffing #Web Security #Browser Fingerprinting

-41:02

The State of Credential Stuffing and the Future of Account Takeovers

1 Introduction