Breaking Fraud and Bot Detection Solutions
Mayank Dhiman at AppSec California 2018
Browser fingerprinting and user behavior tracking are powerful techniques used by most fraud and bot detection solutions. These are implemented as JavaScript snippets running the user browser. In this presentation, we’ll demystify what kind of signals these snippets collect. We'll then describe why these signals are unreliable, propose attacks against defenses relying on them and finally show demos of POC attacks.
Mayank Dhiman serves as Stealth Security’s Principal Security Researcher. His primary interests include solving problems related to online fraud and internet abuse. His current focus lies in detecting and mitigating malicious automation attacks. Previously, he had worked on fraud and abuse related solutions at Facebook and PayPal. He is the co-author of a number of research papers and book chapters and his work has been presented at USENIX HotSec, NDSS USEC, APWG eCrime, RSA, Botconf, Hack.lu and GreHack. He holds an MS in Computer Science from UC San Diego.
Mayank Dhiman serves as Stealth Security’s Principal Security Researcher. His primary interests include solving problems related to online fraud and internet abuse. His current focus lies in detecting and mitigating malicious automation attacks. Previously, he had worked on fraud and abuse related solutions at Facebook and PayPal. He is the co-author of a number of research papers and book chapters and his work has been presented at USENIX HotSec, NDSS USEC, APWG eCrime, RSA, Botconf, Hack.lu and GreHack. He holds an MS in Computer Science from UC San Diego.