Automated Account Takeover - The Rise of Single Request Attacks

Explore the rise of single request attacks in account takeovers through this 49-minute conference talk from AppSecCali 2019. Delve into real-world case studies showcasing how attackers scale automated account takeovers using sophisticated techniques like headless browsers, JavaScript execution, and dynamic fingerprinting. Examine the limitations of traditional mitigation strategies and understand the growing incentives for attackers across various industries. Learn about tested pathways for preventing and mitigating single request attacks, and gain insights from Kevin Gosschalk, Founder and CEO of Arkose Labs, on distinguishing between computers and humans on the Internet. Cover topics including eye nerve mapping, the Kinect, fingerprinting, ITIN telemetry, photo image challenges, and specific examples from industries such as ticketing, gift cards, and credit cards.

Intro
Eye Nerve Mapping
The Kinect
Single Request Attacks
Account Takeover
Have I IB
What about the fingerprint
ITIN telemetry
Recapture
Photo Image Challenge
Single Request Attack Example
Who is ACDC
Ticket Inventory
Ticketnet
Gift Cards
Credit Cards
Story Time
The Software
Pokemon Go
Death Master File
How do we stop ATO