Description
In today's digital landscape, the battle between industry and automated bots is an ever-evolving challenge. Attackers are leveraging advanced techniques such as residential proxies, CAPTCHA farms, and AI-enhanced fingerprint rotations to evade detection and execute functional abuse attacks, including web scraping, denial of inventory, and SMS pumping.
This talk will explore ongoing efforts to detect and mitigate these automated threats in a real-world environment, focusing on new work-in-progress approaches. We will delve into new strategies to counter the rise of automated attacks, such as AI-driven detection models, reputation databases, and timing measurements. Additionally, we will discuss the usage of techniques like mirroring real websites to lure and mislead attackers, and the shift towards analyzing functional behavior rather than relying solely on fingerprinting. Throughout the talk, we will consider the challenges and limitations of implementing these solutions within a large-scale, real-world company, and invite discussion on how to overcome these obstacles.
Infos pratiques
Prochains exposés
-
Should I trust or should I go? A deep dive into the (not so reliable) web PKI trust model
Orateur : Romain Laborde - University of Toulouse
The padlock shown in the URL bar of our favorite web browser indicates that we are connected using a secure HTTPS connection and providing some sense of security. Unfortunately, the reality is slightly more complex. The trust model of the underlying Web PKI is invalid, making TLS a colossus with feet of clay. In this talk, we will dive into the trust model of the web PKI ecosystem to understand[…]-
SoSysec
-
Protocols
-
Network
-