Log In Through the Front Door: Automating Defense Against Credential Attacks
Barath Subramaniam
BSidesSF 2025 — Here Be Dragons · Day 1 · Main
Attackers increasingly bypass technical defenses entirely by using stolen credentials to simply log in as legitimate users — a technique implicated in one out of every three breaches. Barath Subramaniam, Senior Product Security Engineer at Adobe, outlines a two-phase framework for building an automated credential monitoring program, walking through the threat landscape, data sources, detection pipelines, and remediation workflows that security teams can deploy today. ---
AI review
Solid credential monitoring framework from Adobe's Subramaniam — well-structured, grounded in real breach data, and genuinely actionable for organizations starting from zero. But it's a how-to guide, not a research contribution, and experienced practitioners won't find anything they don't already know. Good talk for the 80% of the audience still not running a credential monitoring program.