Sentry MBA Download

Sentry MBA is an automated attack tool used by cybercriminals to take
over user accounts on major websites. With Sentry MBA, criminals can
rapidly test millions of usernames and passwords to see which ones
are valid on a targeted website. The tool has become incredibly popular
— the Shape Security research team sees Sentry MBA attack attempts
on nearly every website we protect.
In the past, cybercriminals had to master arcane web technologies to
launch online attacks. Sentry MBA has a point-and-click graphical user
interface, online help forums, and vibrant underground marketplaces
to enable large numbers of individuals to become cybercriminals.
These individuals no longer need advanced technical skills, specialized
equipment, or insider knowledge to successfully attack major websites.
Sentry MBA features advanced capabilities that help attackers elude
common web application defenses. For example, the tool can bypass
preventative controls (such as IP blacklists or rate limiting) by using
proxies to spread the attack across a large number of IP addresses.
Sentry MBA can also bypass detective controls (such as referrer
checks that ensure visitors were sent to the login page from another,
expected page) by spoofing the “referer” header value.

passwords across web accounts. Verizon’s 2015 data breach report cites the use of stolen credentials as the most common attack action used against web applications today. Credential stuffing attacks are difficult to stop because they target online user interface elements — like login pages — that are open to all Internet traffic by design. In one such attack, cybercriminals using Sentry MBA targeted the stored-value card program at a large retail corporation. Automation accounted for over 91% of the traffic on the company’s login page. Even though the company had implemented established best practices for online security, online fraud losses still exceeded $25M a year.