5 Minute Hacks: Credential Stuffing скачать в хорошем качестве

5 Minute Hacks: Credential Stuffing

Welcome to Five Minute Hacks! Today, we delve into the world of "credential stuffing", a common attack technique, and show you how to test your environment for such vulnerabilities using the open-source tool nuclei. We walk you through a real-world scenario of using nuclei to check a self-hosted GitLab server for common username and password combinations. We also demonstrate two effective methods of credential stuffing— 'pitchfork' and 'cluster bomb'. Finally, we touch on some protective measures to guard your organization against such attacks. We believe that with the right knowledge and tools, you can fortify your cybersecurity defenses effectively! Learn more about Credential Stuffing here: https://nux.gg/cred-stuffing-blog Like, share, subscribe for more! Happy hacking! ______________________________________________________ 🔗 Links All tools are on GitHub: https://nux.gg/github Discord: https://nux.gg/discord Twitter: https://nux.gg/twitter #projectdiscovery #credentialstuffing #hacking #oss #bugbounty #pentesting Subscribe:    / @projectdiscovery   ______________________________________________________ Learn more: Website: https://projectdiscovery.io/ GitHub: https://github.com/projectdiscovery Discord:   / discord   LinkedIn:   / projectdiscovery   ______________________________________________________ About ProjectDiscovery: When we started, our goal was to make vulnerability detection a very fast and collaborative process. With more than 1,000 contributors, we've grown from a small project into a robust vulnerability automation framework. We now have over 50 million monthly scans from active users in over 100 countries. Empowering many of the top enterprises in their regular vulnerability workflows. We're excited to announce that we are expanding this offering with enterprise-grade SaaS capabilities. We aim to make automation and collaboration even easier, so you can run it on scale without additional tooling. ______________________________________________________ 00:00 Introduction 00:30 What is Credential Stuffing? 01:30 Nuclei Template for Credential Stuffing 02:30 Testing Known Usernames and Passwords 03:18 Testing Large List of Usernames and Passwords 04:15 Protecting Against Credential Stuffing Attacks 04:48 Conclusion and Outro