Crush Cred Stuffing: A Method for Neutralizing Credential Stuffing Attacks
RSA Conference 2024 · Track Session
In this insightful talk from RSAC 2024, Alex Katz, a Senior Security Researcher at ThreatX, presented a practical and battle-tested methodology for identifying and neutralizing credential stuffing attacks. Born out of countless urgent pages and sleepless nights in a Security Operations Center (SOC) environment, Katz's approach emphasizes the crucial distinction between credential stuffing and traditional brute force attacks, highlighting the unique challenges posed by widely distributed campaigns. The core of his method revolves around synthesizing multiple data points to paint a comprehensive picture of an ongoing attack, enabling rapid and effective mitigation.