Announcement

Collapse
No announcement yet.

Arik Atar - Top-performing account crackers business modules, architecture, and techniques: why ...

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Arik Atar - Top-performing account crackers business modules, architecture, and techniques: why ...

    Arik Atar - Top-performing account crackers business modules, architecture, and techniques: why did you lose the last PS5 restock to a bot? 45 min talk.




    Arik Atar, Threat Intelligence Researcher, PerimeterX
    Top-performing account crackers business modules, architecture, and techniques: why did you lose the last PS5 restock to a bot? 45 min talk.

    Top-performing account crackers business modules, architecture, and techniques: why did you lose the last PS5 restock to a bot? 45 min talk.


    Abstract

    The rise of the machines.

    Whenever you buy online, especially if it's a limited stock item, you compete against bots and most likely lose miserably.

    Have you tried to buy a GPU/PS5 or even baby formula and couldn't understand how stock ran out after 3 minutes?

    Maybe, you tried to online schedule an appointment with government services but couldn't find available spots for the next months?

    Have you ever seen your favorite artist's concert tickets - sold for 4-5X of his original price?

    Bots operators are to blame.

    Every bot user can simulate thousands of concurrent human-like web interactions.

    They will buy everything you want before you even google it, take appointment spots with government services you will pay for later, win at every online auction you attend, and fake positive reviews that will make you buy scam products.

    Even when you are asleep, there's a good chance that a bot is trying to log into one of the 200+ digital accounts you own by guessing your ridiculously - predicted password.

    Malicious automation is here to stay, serving tens of thousands of hackers and retail scalpers while driving billions of dollars worth of marketplaces.

    During my talk, we will dive deep into the fascinating architecture, business modules, and techniques top-performing account crackers and retail bots developer uses to maximize their success rate and revenue.

    If you're:
    • In the hacking community: you'll learn techniques top-performers probably won't share so they won't lose their relative advantage over you.
    • Part of the CyberSec community: this talk will trigger many research leads you probably never thought of.
    • Own E-shop - you'll learn how bots sabotage your supply, stock, client experience, and marketing analytics.
    • Sneakerhead/Gamer - get to know how your GPU/PS5/Sneakers sellers really get their stock.

    Arik's Bio

    For the last four years, Arik spent most of his time on darknet and deep web marketplaces, hunting threat intelligence and interacting with hackers under 64 identities.

    As a Threat Intelligence Researcher in PerimeterX, Arik trades cracking tools and executes multiple honeypot operations that provide valuable intelligence about web-automated attacks and their actors. Arik's research focuses primarily on retail bots, NTF bots, and account take-over vectors: brute-force and cookie infostealers.

    Previously, Arik worked as the first Threat Researcher at BrightData (Formally Luminati networks). Between 2018 and 2020, Arik was responsible for investigating, limiting, and blocking 50K$/Month+ clients that misused the Brightdata residential proxy network for cyberattacks.
    Analyzing the proxy server logs exposed him to complex fraud operations - from the attacker's perspective.

    As a proxy network gatekeeper, he investigated and enticed app-sec hackers to share their pain points, hacking mindsets, and techniques,
    information He leverages in his current role at PerimeterX when researching relevant attack groups and increasing the accuracy of the company's products.


    REFERENCES:
    • Human intelligence - discord chats/Skype video calls I had with bot developers and brutforce attackers.
    • Deep and darkweb hackers' - 46 marketplaces
    • Discord - 86 servers
    • Telegram - 200+ Channels.
    • Stolen accounts trading - 5 platforms.

    []
    Last edited by number6; June 29, 2022, 03:07.
Working...
X