Automating Cybercrime with Sentry MBA

The most commonly used attack tool for credential stuffing

Published February 2021


Sentry MBA is an automated attack tool used by cybercriminals to take over user accounts on major websites. With Sentry MBA, criminals can rapidly test millions of usernames and passwords to see which ones are valid on a targeted website. The tool has become incredibly popular — the Shape Security research team sees Sentry MBA attack attempts on nearly every website we protect.

In the past, cybercriminals had to master arcane web technologies to launch online attacks. Sentry MBA has a point-and-click graphical user interface, online help forums, and vibrant underground marketplaces to enable large numbers of individuals to become cybercriminals. These individuals no longer need advanced technical skills, specialized equipment, or insider knowledge to successfully attack major websites.

Sentry MBA features advanced capabilities that help attackers elude common web application defenses. For example, the tool can bypass preventative controls (such as IP blacklists or rate limiting) by using proxies to spread the attack across a large number of IP addresses. Sentry MBA can also bypass detective controls (such as referrer checks that ensure visitors were sent to the login page from another, expected page) by spoofing the “referer” header value.

You will have to register, or log in, in order to download this content.

Biting the hand that feeds IT © 1998–2021