Hi, I am Mayank Dhiman, and I am the Principal Security Researcher here at Stealth Security.
In our earlier post, we defined the problem of Credential Exploitation, an attack methodology characterized by the abuse of login credentials at scale. We focused largely on how attackers takeover accounts which are reusing credentials that have been dumped elsewhere. We also discussed the proper defensive framework to defend against such attacks. For today’s post, we’ll make the case that the problem runs deeper than traditional “credential verification” or brute-force attacks, and that the same defensive framework can help defend against a wide variety of automation-based attacks.