Password login attacks, especially credential stuffing attacks, are still one of the most common cyberattacks on the Internet. F5 Labs and Shape Security extensively looked at the patterns and trends associated with credential stuffing in the 2021 Credential Stuffing Report.

In part 2 of this series on credential stuffing tools and techniques, we dive deeper into how attackers actually “stuff” credentials. In part 1, we explored how cyberattackers configure credential stuffing attack tools. We used OpenBullet, a common credential attack tool, as our example. In this second part, we look at how attackers use different tools, take over a mailbox, and overcome simple defenses.

Launching a Credential Stuffing Attack

Previously we showed you how attackers configure the OpenBullet credential stuffing tool. Now, attackers can try launching the attack in the tool’s Runner section, as shown in Figure 1. This is where they can choose how many bots to run at a time. They can also run attacks against multiple sites simultaneously.