
Sign up to save your podcasts
Or


Credential stuffing is no longer the noisy, easily-blocked brute-force attack it once was. In this episode of Cybersecurity, the hosts draw on this six-minute deep dive into evolving credential stuffing defenses to map exactly how attackers have refined their tradecraft — and why organizations that haven't updated their mental model of this threat are already behind. From underground combo-list economies to headless browser farms that mimic human behavior, the episode makes a compelling case that this is one of the most persistently underestimated attack categories in enterprise security today.
Here's what the episode covers:
The episode closes with a strategic reminder that no single control has an indefinite shelf life: red-teaming your own login flows, rotating mitigation providers before entropy sets in, and keeping user education current are all ongoing commitments, not one-time projects. For more on attacker persistence techniques, check out the episode Covert Persistence via Scheduled Task Abuse for a complementary look at how adversaries maintain footholds after initial access.
SEC
By Eric LamannaCredential stuffing is no longer the noisy, easily-blocked brute-force attack it once was. In this episode of Cybersecurity, the hosts draw on this six-minute deep dive into evolving credential stuffing defenses to map exactly how attackers have refined their tradecraft — and why organizations that haven't updated their mental model of this threat are already behind. From underground combo-list economies to headless browser farms that mimic human behavior, the episode makes a compelling case that this is one of the most persistently underestimated attack categories in enterprise security today.
Here's what the episode covers:
The episode closes with a strategic reminder that no single control has an indefinite shelf life: red-teaming your own login flows, rotating mitigation providers before entropy sets in, and keeping user education current are all ongoing commitments, not one-time projects. For more on attacker persistence techniques, check out the episode Covert Persistence via Scheduled Task Abuse for a complementary look at how adversaries maintain footholds after initial access.
SEC