Contact Us

OFX: The Next Battleground

By Mayank Dhiman on Sep 12, 2017 7:10:00 PM

OFX (Open Financial Exchange) is an XML based protocol which essentially behaves like an API and enables the exchange of financial information between interested parties. This API has been around since 1997 and is usually used to pull financial information by "aggregators" or client-side software. Common examples include Quickbooks, GnuCash, and Microsoft Money. This API sits on top of HTTP and the communications are always encrypted using TLS. 

Continue Reading

Breaking Bots : the Good, the Bad and the Unwanted

By Stealth Security Team on Sep 7, 2017 2:46:00 PM

Not all bot traffic on your website is bad. Blindly blocking all bot traffic can lead to loss of revenue and bad customer experience. Watch this talk by our CTO and Co-founder Shreyans Mehta at nginx.conf 17 and learn how to break up bots based on intent.
Topics: NGINX Events
Continue Reading

Gigamon and Stealth Security Partner Up to Detect and Mitigate Automated Attacks and Unwanted Traffic

By Stealth Security Team on Sep 1, 2017 2:56:00 PM

Integrated with the Gigamon GigaSECURE Security Delivery Platform, Stealth Security provides the first solution to use real-time network traffic analysis, behavioral analytics, machine learning, and artificial intelligence technologies to dynamically adapt to the latest attack patterns for accurate detection and mitigation of automated attacks—with no effect on legitimate user traffic.

Topics: Partnerships
Continue Reading

SentryMBA : Peek into the Underground Economy

By Will Glazier on Aug 9, 2017 3:33:00 PM

Credential Exploitation is a growing problem, affecting enterprises of all sizes. For those observing this problem and assessing how to combat it, some questions arise:

Who is being affected? 
How big is this problem? 
How do attackers monitize their activity?

We ventured to seek answers to these questions by delving into attacker forums in the underground of cyberspace.

Continue Reading


By Mayank Dhiman on Aug 4, 2017 3:10:00 PM

以前の記事では、資格情報搾取の問題の定義をしました。この問題は、大規模なログイン資格情報の悪 用を特徴とする攻撃の方法論を用いています。私たちは、攻撃者が他の場所でダンプされた資格情報を 再利用し、どのようにアカウントの乗っ取るのかについて大きく焦点をあてました。私たちまた、そのような攻撃に対して、防御するための適切な防御フレームワークについても議論しました。今日のポストでは、従来の「資格情報の検証」やブルートフォース攻撃よりも深刻な問題が発生する事例について です。また、同じ防御フレームワークが、さまざまな自動化された攻撃を防御するのに役立つことを理 解できます。

Continue Reading

Implementing a Dynamic Sampling Strategy in Spark Streaming

By Nikunj Bansal on Jul 12, 2017 3:19:00 PM

Hi, I’m Nikunj, Principal Engineer here at Stealth Security. I’m responsible for our Data processing infrastructure. Following up on the Introduction Post, today we will take a look at one of the ways to keep a 24x7 Spark Streaming application up and running. We will introduce Dynamic Sampling and how to implement a version of it.

Continue Reading

Using Apache Spark at Stealth Security

By Nikunj Bansal on Jun 7, 2017 3:48:00 PM

Hi, I’m Nikunj and I’m a Principal Engineer here at Stealth Security. I’m responsible for our data processing infrastructure. Previously, I have spent 10+ years helping build and use data processing engines at Tibco, Informatica and MapR.

Continue Reading

Advanced Credential Exploitation: Beyond Credential Verification Attacks

By Mayank Dhiman on May 17, 2017 3:52:00 PM

Hi, I am Mayank Dhiman, and I am the Principal Security Researcher here at Stealth Security.

In our earlier post, we defined the problem of Credential Exploitation, an attack methodology characterized by the abuse of login credentials at scale. We focused largely on how attackers takeover accounts which are reusing credentials that have been dumped elsewhere. We also discussed the proper defensive framework to defend against such attacks. For today’s post, we’ll make the case that the problem runs deeper than traditional “credential verification” or brute-force attacks, and that the same defensive framework can help defend against a wide variety of automation-based attacks.

Continue Reading

Credential Exploitation: A Defender’s Perspective

By Mayank Dhiman on May 3, 2017 3:35:00 PM

 For today’s post, we’re classifying a new and increasingly common type of attack that our research team has been following — Credential Exploitation. Our definition of Credential Exploitation is an increasingly popular attack methodology characterized by the abuse of login credentials at scale. Specifically, it targets the Application Interfaces of Web, mobile, and API end-points. These attacks encompass the misuse of credentials for Account-Take-Over (ATO) attacks, Credential Brute-force, and abuse of API keys to take advantage of API endpoints. As the Principal Security Researcher here at Stealth Security, I’m leading a team that has carefully reviewed these attacks in volume. This is our overview of our findings regarding the  source of this issue, as well as what can be done to mitigate its impact.

Continue Reading

Web API Security: A story of authentication, God’s Eye View, and corporate espionage

By Michael Barrett on Apr 18, 2017 3:56:00 PM

Hi, Michael Barrett here, CEO and co-founder of Stealth Security.

As a security guy, I tend to think of the world through a relatively simple lens, and use mental models that have worked for our industry before. I have long suspected that we have been ignoring — or at least oversimplifying — the problem of web API security. And then, last week, there was a case-study making announcement about the discovery of the so-called Hell application, that was allegedly used by Uber to identify Lyft driver locations as well as which drivers used both services. I am not going to comment on the allegations themselves except to note that many CISOs run into situations occasionally that make them ask (usually just to themselves) “what were they thinking?”…

Continue Reading