[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Security Operations](https://www.paloaltonetworks.com/cyberpedia/security-operations?ts=markdown) 3. [Cyber Attack](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack?ts=markdown) 4. [What Is Credential Stuffing?](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing?ts=markdown) Table of Contents * [What Is a Cyber Attack?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack?ts=markdown) * [Threat Overview: Cyber Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#threat?ts=markdown) * [Cyber Attack Types at a Glance](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#cyber?ts=markdown) * [Global Cyber Attack Trends](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#global?ts=markdown) * [Cyber Attack Taxonomy](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#taxonomy?ts=markdown) * [Threat-Actor Landscape](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#landscape?ts=markdown) * [Attack Lifecycle and Methodologies](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#methodologies?ts=markdown) * [Technical Deep Dives](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#technical?ts=markdown) * [Cyber Attack Case Studies](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#studies?ts=markdown) * [Tools, Platforms, and Infrastructure](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#tools?ts=markdown) * [The Effect of Cyber Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#effect?ts=markdown) * [Detection, Response, and Intelligence](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#detection?ts=markdown) * [Emerging Cyber Attack Trends](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#trends?ts=markdown) * [Testing and Validation](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#testing?ts=markdown) * [Metrics and Continuous Improvement](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#metrics?ts=markdown) * [Cyber Attack FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#faqs?ts=markdown) * [What Is a Zero-Day Attack? Risks, Examples, and Prevention](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention?ts=markdown) * [Zero-Day Attacks Explained](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#explained?ts=markdown) * [Zero-Day Vulnerability vs. Zero-Day Attack vs. CVE](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#vs?ts=markdown) * [How Zero-Day Exploits Work](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#how?ts=markdown) * [Common Zero-Day Attack Vectors](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#common?ts=markdown) * [Why Zero-Day Attacks Are So Effective and Their Consequences](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#why?ts=markdown) * [How to Prevent and Mitigate Zero-Day Attacks](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#prevent?ts=markdown) * [The Role of AI in Zero-Day Defense](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#role?ts=markdown) * [Real-World Examples of Zero-Day Attacks](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#examples?ts=markdown) * [Zero-Day Attacks FAQs](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#faqs?ts=markdown) * [What Is Lateral Movement?](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement?ts=markdown) * [Why Attackers Use Lateral Movement](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#why?ts=markdown) * [How Do Lateral Movement Attacks Work?](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#how?ts=markdown) * [Stages of a Lateral Movement Attack](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#stages?ts=markdown) * [Techniques Used in Lateral Movement](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#technicques?ts=markdown) * [Detection Strategies for Lateral Movement](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#detection?ts=markdown) * [Tools to Prevent Lateral Movement](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#tools?ts=markdown) * [Best Practices for Defense](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#best?ts=markdown) * [Recent Trends in Lateral Movement Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#recent?ts=markdown) * [Industry-Specific Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#industry?ts=markdown) * [Compliance and Regulatory Requirements](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#compliance?ts=markdown) * [Financial Impact and ROI Considerations](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#financial?ts=markdown) * [Common Mistakes to Avoid](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#common?ts=markdown) * [Lateral Movement FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#faqs?ts=markdown) * [What is a Botnet?](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet?ts=markdown) * [How Botnets Work](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet#how?ts=markdown) * [Why are Botnets Created?](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet#why?ts=markdown) * [What are Botnets Used For?](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet#what?ts=markdown) * [Types of Botnets](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet#types?ts=markdown) * [Signs Your Device May Be in a Botnet](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet#signs?ts=markdown) * [How to Protect Against Botnets](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet#protect?ts=markdown) * [Why Botnets Lead to Long-Term Intrusions](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet#intrusions?ts=markdown) * [How To Disable a Botnet](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet#disable?ts=markdown) * [Tools and Techniques for Botnet Defense](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet#tools?ts=markdown) * [Real-World Examples of Botnets](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet#examples?ts=markdown) * [Botnet FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet#faqs?ts=markdown) * [What is a Payload-Based Signature?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-payload-based-signature?ts=markdown) * [Importance of Payload-Based Signatures](https://www.paloaltonetworks.com/cyberpedia/what-is-a-payload-based-signature#important?ts=markdown) * [How Payload-Based Signatures Work](https://www.paloaltonetworks.com/cyberpedia/what-is-a-payload-based-signature#how?ts=markdown) * [Advantages of Payload-Based Signatures](https://www.paloaltonetworks.com/cyberpedia/what-is-a-payload-based-signature#advantages?ts=markdown) * [Use Cases of Payload-Based Signatures in Cybersecurity](https://www.paloaltonetworks.com/cyberpedia/what-is-a-payload-based-signature#usecases?ts=markdown) * [Payload-Based Signatures FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-payload-based-signature#faqs?ts=markdown) * [Dark Web Leak Sites: Key Insights for Security Decision Makers](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site?ts=markdown) * [Dark Web Leak Sites Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site#dark?ts=markdown) * [Evolving Extortion Tactics](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site#tactics?ts=markdown) * [The Role of Leak Sites in Ransomware Double Extortion](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site#role?ts=markdown) * [Critical Risks Exposed by Data Leak Sites](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site#critical?ts=markdown) * [Anatomy of a Dark Web Leak Site](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site#anatomy?ts=markdown) * [Proactive Defense: How Organizations Can Mitigate Dark Web Leaks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site#proactive?ts=markdown) * [Dark Web Leak Site FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site#faqs?ts=markdown) * [What to Do If Your Organization Appears on a Dark Web Leak Site](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site#appears?ts=markdown) * [What is Spyware?](https://www.paloaltonetworks.com/cyberpedia/what-is-spyware?ts=markdown) * [Cybercrime: The Underground Economy](https://www.paloaltonetworks.com/cyberpedia/cybercrime-the-underground-economy?ts=markdown) * [Products](https://www.paloaltonetworks.com/cyberpedia/cybercrime-the-underground-economy#products?ts=markdown) * [Services](https://www.paloaltonetworks.com/cyberpedia/cybercrime-the-underground-economy#services?ts=markdown) * [Cybercrime FAQs](https://www.paloaltonetworks.com/cyberpedia/cybercrime-the-underground-economy#faqs?ts=markdown) * [What Is Cross-Site Scripting (XSS)?](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting?ts=markdown) * [XSS Explained](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#xss?ts=markdown) * [Evolution in Attack Complexity](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#evolution?ts=markdown) * [Anatomy of a Cross-Site Scripting Attack](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#anatomy?ts=markdown) * [Integration in the Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#integration?ts=markdown) * [Widespread Exposure in the Wild](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#widespread?ts=markdown) * [Cross-Site Scripting Detection and Indicators](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#indicators?ts=markdown) * [Prevention and Mitigation](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#mitigation?ts=markdown) * [Response and Recovery Post XSS Attack](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#response?ts=markdown) * [Strategic Cross-Site Scripting Risk Perspective](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#strategic?ts=markdown) * [Cross-Site Scripting FAQs](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#faqs?ts=markdown) * [What Is a Dictionary Attack?](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack?ts=markdown) * [Dictionary Attack Explained](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack#dictionary?ts=markdown) * [How Dictionary Attacks Work](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack#how?ts=markdown) * [Dictionary Attack in the Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack#lifecycle?ts=markdown) * [Dictionary Attack in the Real World](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack#examples?ts=markdown) * [Dictionary Attack Detection and Indicators](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack#indicators?ts=markdown) * [Preventing and Mitigating Dictionary Attack](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack#preventing?ts=markdown) * [Attack Response and Recovery](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack#recovery?ts=markdown) * [Dictionary Attack FAQs](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack#faqs?ts=markdown) * [What Is a Credential-Based Attack?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-credential-based-attack?ts=markdown) * [Credential-Based Attack Overview](https://www.paloaltonetworks.com/cyberpedia/what-is-a-credential-based-attack#credential?ts=markdown) * [How Credential-Based Attacks Work](https://www.paloaltonetworks.com/cyberpedia/what-is-a-credential-based-attack#how?ts=markdown) * [Variations on Credential-Based Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-credential-based-attack#variations?ts=markdown) * [Preventing Credential-Based Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-credential-based-attack#preventing?ts=markdown) * [Credential-Based Attack FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-credential-based-attack#faqs?ts=markdown) * [What Is a Denial of Service (DoS) Attack?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos?ts=markdown) * [How Denial-of-Service Attacks Work](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#how?ts=markdown) * [Denial-of-Service in Adversary Campaigns](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#denial?ts=markdown) * [Real-World Denial-of-Service Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#attacks?ts=markdown) * [Detection and Indicators of Denial-of-Service Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#detection?ts=markdown) * [Prevention and Mitigation of Denial-of-Service Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#prevention?ts=markdown) * [Response and Recovery from Denial-of-Service Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#response?ts=markdown) * [Operationalizing Denial-of-Service Defense](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#defense?ts=markdown) * [DoS Attack FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#faqs?ts=markdown) * [What Is Hacktivism?](https://www.paloaltonetworks.com/cyberpedia/hacktivism?ts=markdown) * [Hacktivism Explained](https://www.paloaltonetworks.com/cyberpedia/hacktivism#explained?ts=markdown) * [Origins and Definitions](https://www.paloaltonetworks.com/cyberpedia/hacktivism#origins?ts=markdown) * [Forms and Methods](https://www.paloaltonetworks.com/cyberpedia/hacktivism#forms?ts=markdown) * [Related Practices](https://www.paloaltonetworks.com/cyberpedia/hacktivism#related?ts=markdown) * [Who Do Hacktivists Target?](https://www.paloaltonetworks.com/cyberpedia/hacktivism#who?ts=markdown) * [What Motivates Hacktivists?](https://www.paloaltonetworks.com/cyberpedia/hacktivism#what?ts=markdown) * [Is Hacktivism Ethical?](https://www.paloaltonetworks.com/cyberpedia/hacktivism#ethical?ts=markdown) * [Hacktivism FAQs](https://www.paloaltonetworks.com/cyberpedia/hacktivism#faqs?ts=markdown) * [What Is a DDoS Attack?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack?ts=markdown) * [Threat Overview](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack#threat?ts=markdown) * [How Distributed Denial-of-Service Attacks Work](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack#how?ts=markdown) * [DDoS in Multistage Attack Campaigns](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack#ddos?ts=markdown) * [Real-World DDoS Incidents and Organizational Impact](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack#impact?ts=markdown) * [DDoS Attack Detection Indicators](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack#indicators?ts=markdown) * [DDoS Prevention and Mitigation](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack#mitigation?ts=markdown) * [DDoS Response and Recovery](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack#recovery?ts=markdown) * [Distributed Denial of Service FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack#faqs?ts=markdown) * [What Is CSRF (Cross-Site Request Forgery)?](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery?ts=markdown) * [CSRF Explained](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#csrf?ts=markdown) * [How Cross-Site Request Forgery Works](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#how?ts=markdown) * [Where CSRF Fits in the Broader Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#where?ts=markdown) * [CSRF in Real-World Exploits](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#exploits?ts=markdown) * [Detecting CSRF Through Behavioral and Telemetry Signals](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#detecting?ts=markdown) * [Defending Against Cross-Site Request Forgery](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#defending?ts=markdown) * [Responding to a CSRF Incident](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#responding?ts=markdown) * [CSRF as a Strategic Business Risk](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#risk?ts=markdown) * [Key Priorities for CSRF Defense and Resilience](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#key?ts=markdown) * [Cross-Site Request Forgery FAQs](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#faqs?ts=markdown) * [What Is Spear Phishing?](https://www.paloaltonetworks.com/cyberpedia/what-is-spear-phishing?ts=markdown) * [Spear Phishing Email Tactics](https://www.paloaltonetworks.com/cyberpedia/what-is-spear-phishing#what?ts=markdown) * [How Does Spear Phishing Work?](https://www.paloaltonetworks.com/cyberpedia/what-is-spear-phishing#how?ts=markdown) * [Types of Spear Phishing Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-spear-phishing#types?ts=markdown) * [Examples of Spear Phishing Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-spear-phishing#examples?ts=markdown) * [How to Protect Yourself from Spear Phishing](https://www.paloaltonetworks.com/cyberpedia/what-is-spear-phishing#protect?ts=markdown) * [If You Fall Victim to Spear Phishing](https://www.paloaltonetworks.com/cyberpedia/what-is-spear-phishing#victim?ts=markdown) * [Spear Phishing FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-spear-phishing#faq?ts=markdown) * [What Is Brute Force?](https://www.paloaltonetworks.com/cyberpedia/brute-force?ts=markdown) * [How Brute Force Functions as a Threat](https://www.paloaltonetworks.com/cyberpedia/brute-force#how?ts=markdown) * [How Brute Force Works in Practice](https://www.paloaltonetworks.com/cyberpedia/brute-force#practice?ts=markdown) * [Brute Force in Multistage Attack Campaigns](https://www.paloaltonetworks.com/cyberpedia/brute-force#brute?ts=markdown) * [Real-World Brute Force Campaigns and Outcomes](https://www.paloaltonetworks.com/cyberpedia/brute-force#outcomes?ts=markdown) * [Detection Patterns in Brute Force Attacks](https://www.paloaltonetworks.com/cyberpedia/brute-force#detection?ts=markdown) * [Practical Defense Against Brute Force Attacks](https://www.paloaltonetworks.com/cyberpedia/brute-force#defense?ts=markdown) * [Response and Recovery After a Brute Force Incident](https://www.paloaltonetworks.com/cyberpedia/brute-force#response?ts=markdown) * [Brute Force Attack FAQs](https://www.paloaltonetworks.com/cyberpedia/brute-force#faqs?ts=markdown) * [What is a Command and Control Attack?](https://www.paloaltonetworks.com/cyberpedia/command-and-control-explained?ts=markdown) * [How a Command and Control Attack Works](https://www.paloaltonetworks.com/cyberpedia/command-and-control-explained#how?ts=markdown) * [Types of Command and Control Techniques](https://www.paloaltonetworks.com/cyberpedia/command-and-control-explained#types?ts=markdown) * [Devices Targeted by C\&C](https://www.paloaltonetworks.com/cyberpedia/command-and-control-explained#devices?ts=markdown) * [What Hackers Can Accomplish Through Command and Control](https://www.paloaltonetworks.com/cyberpedia/command-and-control-explained#what?ts=markdown) * [Command and Control FAQs](https://www.paloaltonetworks.com/cyberpedia/command-and-control-explained#faqs?ts=markdown) * [What Is an Advanced Persistent Threat?](https://www.paloaltonetworks.com/cyberpedia/what-is-advanced-persistent-threat-apt?ts=markdown) * [Characteristics of Advanced Persistent Threats](https://www.paloaltonetworks.com/cyberpedia/what-is-advanced-persistent-threat-apt#characteristics?ts=markdown) * [What Techniques Are Used for APT Attacks?](https://www.paloaltonetworks.com/cyberpedia/what-is-advanced-persistent-threat-apt#techniques?ts=markdown) * [What Are the Stages of an APT Attack?](https://www.paloaltonetworks.com/cyberpedia/what-is-advanced-persistent-threat-apt#stages?ts=markdown) * [What Is the Defense Against APT?](https://www.paloaltonetworks.com/cyberpedia/what-is-advanced-persistent-threat-apt#defense?ts=markdown) * [Real-World Example of an APT Attack](https://www.paloaltonetworks.com/cyberpedia/what-is-advanced-persistent-threat-apt#realworld?ts=markdown) * [Advanced Persistent Threat FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-advanced-persistent-threat-apt#faqs?ts=markdown) * [What is an Exploit Kit?](https://www.paloaltonetworks.com/cyberpedia/what-is-an-exploit-kit?ts=markdown) * [Landing Page](https://www.paloaltonetworks.com/cyberpedia/what-is-an-exploit-kit#landing?ts=markdown) * [Exploit](https://www.paloaltonetworks.com/cyberpedia/what-is-an-exploit-kit#exploit?ts=markdown) * [Payload](https://www.paloaltonetworks.com/cyberpedia/what-is-an-exploit-kit#payload?ts=markdown) * What Is Credential Stuffing? * [Credential Stuffing Explained](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#credential?ts=markdown) * [Automated Exploitation of Reused Credentials](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#automated?ts=markdown) * [Integration in the Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#integration?ts=markdown) * [Credential Stuffing Attacks in the Real World](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#stuffing?ts=markdown) * [Responding and Recovering from Credential Stuffing](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#responding?ts=markdown) * [Credential Stuffing FAQs](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#faqs?ts=markdown) * [What Is Smishing?](https://www.paloaltonetworks.com/cyberpedia/what-is-smishing?ts=markdown) * [How to Spot a Smishing Attempt](https://www.paloaltonetworks.com/cyberpedia/what-is-smishing#spot-smishing-attempt?ts=markdown) * [How to Avoid Being Smished](https://www.paloaltonetworks.com/cyberpedia/what-is-smishing#avoid-being-smished?ts=markdown) * [Smishing FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-smishing#faqs?ts=markdown) * [What is Social Engineering?](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering?ts=markdown) * [The Role of Human Psychology in Social Engineering](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#role?ts=markdown) * [How Has Social Engineering Evolved?](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#historical?ts=markdown) * [How Does Social Engineering Work?](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#how?ts=markdown) * [Phishing vs Social Engineering](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#phishing?ts=markdown) * [What is BEC (Business Email Compromise)?](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#bec?ts=markdown) * [Notable Social Engineering Incidents](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#notable?ts=markdown) * [Social Engineering Prevention](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#social?ts=markdown) * [Consequences of Social Engineering](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#consequences?ts=markdown) * [Social Engineering FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#faqs?ts=markdown) * [What Is a Honeypot?](https://www.paloaltonetworks.com/cyberpedia/honeypots?ts=markdown) * [Threat Overview: Honeypot](https://www.paloaltonetworks.com/cyberpedia/honeypots#threat?ts=markdown) * [Honeypot Exploitation and Manipulation Techniques](https://www.paloaltonetworks.com/cyberpedia/honeypots#honeypot?ts=markdown) * [Positioning Honeypots in the Adversary Kill Chain](https://www.paloaltonetworks.com/cyberpedia/honeypots#positioning?ts=markdown) * [Honeypots in Practice: Breaches, Deception, and Blowback](https://www.paloaltonetworks.com/cyberpedia/honeypots#blowback?ts=markdown) * [Detecting Honeypot Manipulation and Adversary Tactics](https://www.paloaltonetworks.com/cyberpedia/honeypots#tactics?ts=markdown) * [Safeguards Against Honeypot Abuse and Exposure](https://www.paloaltonetworks.com/cyberpedia/honeypots#safeguards?ts=markdown) * [Responding to Honeypot Exploitation or Compromise](https://www.paloaltonetworks.com/cyberpedia/honeypots#compromise?ts=markdown) * [Honeypot FAQs](https://www.paloaltonetworks.com/cyberpedia/honeypots#faqs?ts=markdown) * [What Is Password Spraying?](https://www.paloaltonetworks.com/cyberpedia/password-spraying?ts=markdown) * [Password Spraying Explained](https://www.paloaltonetworks.com/cyberpedia/password-spraying#password?ts=markdown) * [How Password Spraying Works](https://www.paloaltonetworks.com/cyberpedia/password-spraying#works?ts=markdown) * [Password Spraying in the Broader Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/password-spraying#attack?ts=markdown) * [Real-World Examples of Password Spraying Attacks](https://www.paloaltonetworks.com/cyberpedia/password-spraying#realworld?ts=markdown) * [Detection and Indicators](https://www.paloaltonetworks.com/cyberpedia/password-spraying#detection?ts=markdown) * [Preventing and Mitigating Password Spraying Attacks](https://www.paloaltonetworks.com/cyberpedia/password-spraying#mitigating?ts=markdown) * [Responding to Password Spraying](https://www.paloaltonetworks.com/cyberpedia/password-spraying#responding?ts=markdown) * [Password Spraying FAQs](https://www.paloaltonetworks.com/cyberpedia/password-spraying#faqs?ts=markdown) * [How to Break the Cyber Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle?ts=markdown) * [1. Reconnaissance:](https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle#reconnaissance?ts=markdown) * [2. Weaponization and Delivery:](https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle#weaponization?ts=markdown) * [3. Exploitation:](https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle#exploitation?ts=markdown) * [4. Installation:](https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle#installation?ts=markdown) * [5. Command and Control:](https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle#command?ts=markdown) * [6. Actions on the Objective:](https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle#actions?ts=markdown) * [Cyber Attack Lifecycle FAQs](https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle#faqs?ts=markdown) * [What Is Phishing?](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing?ts=markdown) * [Phishing Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#phishing?ts=markdown) * [The Evolution of Phishing](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#?ts=markdown) * [The Anatomy of a Phishing Attack](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#anatomy?ts=markdown) * [Why Phishing Is Difficult to Detect](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#detect?ts=markdown) * [Types of Phishing](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#types?ts=markdown) * [Phishing Adversaries and Motives](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#motives?ts=markdown) * [The Psychology of Exploitation](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#psychology?ts=markdown) * [Lessons from Phishing Incidents](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#lessons?ts=markdown) * [Building a Modern Security Stack Against Phishing](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#building?ts=markdown) * [Building Organizational Immunity](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#immunity?ts=markdown) * [Phishing FAQ](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#faqs?ts=markdown) * [What Is a Rootkit?](https://www.paloaltonetworks.com/cyberpedia/rootkit?ts=markdown) * [Rootkit Classification and Technical Definition](https://www.paloaltonetworks.com/cyberpedia/rootkit#rootkit?ts=markdown) * [Types of Rootkits](https://www.paloaltonetworks.com/cyberpedia/rootkit#types?ts=markdown) * [Rootkit Installation and Execution Flow](https://www.paloaltonetworks.com/cyberpedia/rootkit#installation?ts=markdown) * [Integration in the Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/rootkit#integration?ts=markdown) * [Cyberattacks Involving Rootkits in the News](https://www.paloaltonetworks.com/cyberpedia/rootkit#cyberattacks?ts=markdown) * [Rootkit Detection and Indicators](https://www.paloaltonetworks.com/cyberpedia/rootkit#indicators?ts=markdown) * [Prevention and Mitigation](https://www.paloaltonetworks.com/cyberpedia/rootkit#prevention?ts=markdown) * [Responding to Rootkit-Related Attacks](https://www.paloaltonetworks.com/cyberpedia/rootkit#responding?ts=markdown) * [Rootkit FAQs](https://www.paloaltonetworks.com/cyberpedia/rootkit#faqs?ts=markdown) * [Browser Cryptocurrency Mining](https://www.paloaltonetworks.com/cyberpedia/threat-brief-browser-cryptocurrency-mining?ts=markdown) * [How It Works](https://www.paloaltonetworks.com/cyberpedia/threat-brief-browser-cryptocurrency-mining#works?ts=markdown) * [How to Defend Against It](https://www.paloaltonetworks.com/cyberpedia/threat-brief-browser-cryptocurrency-mining#defend?ts=markdown) * [Browser Cryptocurrency Mining FAQs](https://www.paloaltonetworks.com/cyberpedia/threat-brief-browser-cryptocurrency-mining#faqs?ts=markdown) * [What Is Pretexting?](https://www.paloaltonetworks.com/cyberpedia/pretexting?ts=markdown) * [Pretexting Explained](https://www.paloaltonetworks.com/cyberpedia/pretexting#pretexting?ts=markdown) * [Evolution of the Attack Technique](https://www.paloaltonetworks.com/cyberpedia/pretexting#evolution?ts=markdown) * [How Pretexting Works](https://www.paloaltonetworks.com/cyberpedia/pretexting#how?ts=markdown) * [Integration in the Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/pretexting#integration?ts=markdown) * [Real-World Examples](https://www.paloaltonetworks.com/cyberpedia/pretexting#examples?ts=markdown) * [Pretexting Detection Tactics in Live Environments](https://www.paloaltonetworks.com/cyberpedia/pretexting#detection?ts=markdown) * [Prevention and Mitigation](https://www.paloaltonetworks.com/cyberpedia/pretexting#mitigation?ts=markdown) * [Pretexting FAQs](https://www.paloaltonetworks.com/cyberpedia/pretexting#faqs?ts=markdown) * [What Is Cryptojacking?](https://www.paloaltonetworks.com/cyberpedia/cryptojacking?ts=markdown) * [Understanding Cryptojacking](https://www.paloaltonetworks.com/cyberpedia/cryptojacking#understanding?ts=markdown) * [Types of Cryptojacking and Resource Abuse Attacks](https://www.paloaltonetworks.com/cyberpedia/cryptojacking#types?ts=markdown) * [How Cryptojacking Works](https://www.paloaltonetworks.com/cyberpedia/cryptojacking#how?ts=markdown) * [Cryptojacking in the Adversary Kill Chain](https://www.paloaltonetworks.com/cyberpedia/cryptojacking#chain?ts=markdown) * [Real-World Cases of Cryptojacking](https://www.paloaltonetworks.com/cyberpedia/cryptojacking#cases?ts=markdown) * [Prevention and Mitigation](https://www.paloaltonetworks.com/cyberpedia/cryptojacking#prevention?ts=markdown) * [Response and Recovery](https://www.paloaltonetworks.com/cyberpedia/cryptojacking#response?ts=markdown) * [Cryptojacking FAQs](https://www.paloaltonetworks.com/cyberpedia/cryptojacking#faqs?ts=markdown) # What Is Credential Stuffing? 5 min. read Table of Contents * * [Credential Stuffing Explained](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#credential?ts=markdown) * [Automated Exploitation of Reused Credentials](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#automated?ts=markdown) * [Integration in the Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#integration?ts=markdown) * [Credential Stuffing Attacks in the Real World](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#stuffing?ts=markdown) * [Responding and Recovering from Credential Stuffing](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#responding?ts=markdown) * [Credential Stuffing FAQs](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#faqs?ts=markdown) 1. Credential Stuffing Explained * * [Credential Stuffing Explained](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#credential?ts=markdown) * [Automated Exploitation of Reused Credentials](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#automated?ts=markdown) * [Integration in the Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#integration?ts=markdown) * [Credential Stuffing Attacks in the Real World](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#stuffing?ts=markdown) * [Responding and Recovering from Credential Stuffing](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#responding?ts=markdown) * [Credential Stuffing FAQs](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#faqs?ts=markdown) Credential stuffing is an automated attack where threat actors use stolen username-password pairs from previous breaches to gain unauthorized access to other accounts, exploiting password reuse across services at massive scale. ## Credential Stuffing Explained Credential stuffing is a high-volume, automated attack that tests stolen username-password pairs across multiple services, exploiting password reuse. It's one of the most prevalent causes of account takeovers, fraud, and API abuse --- particularly in organizations with consumer-facing portals, federated identity, or weak session intelligence. Unlike [brute-force attacks](https://www.paloaltonetworks.com/cyberpedia/brute-force?ts=markdown), credential stuffing uses valid credentials exposed in unrelated [data breaches](https://www.paloaltonetworks.com/cyberpedia/data-breach?ts=markdown), making it difficult to detect through traditional failed login thresholds. Attackers bypass CAPTCHAs, rotate IP addresses, and mimic human behavior using purpose-built tools. Once inside, they exploit trust to steal data, perform unauthorized transactions, or escalate to supply chain compromise. Credential stuffing exposes a fundamental weakness in the identity layer. Its low cost, high success rate, and scalability make it a strategic risk across sectors --- from retail and finance to healthcare and [SaaS](https://www.paloaltonetworks.com/cyberpedia/what-is-saas?ts=markdown). Organizations must treat it as a systemic failure of credential-based authentication, not just a user hygiene problem. ### Credential Stuffing as an Automated Access Technique Credential stuffing is a tactic and technique used in [cyber attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack?ts=markdown) to automate the use of previously compromised username-password pairs across multiple applications and domains. It targets systems that rely on static credentials for authentication --- especially those exposed to the internet or integrated via single sign-on (SSO). In the [MITRE ATT\&CK framework](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack?ts=markdown), credential stuffing aligns with T1110.004: [Brute Force](https://www.paloaltonetworks.com/cyberpedia/brute-force?ts=markdown) -- Credential Stuffing, under the broader tactic of Initial Access. It may also play a role in Persistence when used against session-based or token-based authentication flows. The defining characteristics of credential stuffing are scale, speed, and success rate. Attackers cycle through massive credential lists using tools that support IP rotation, CAPTCHA evasion, and advanced session handling. Once a valid login is identified, the account may be exploited directly or sold on underground markets. ### Related Terms and Context Credential stuffing is often conflated with: * **Brute-force attacks**: Trial-and-error guessing, typically against a single account. Brute force tests many passwords for one username, while credential stuffing tests one password per account --- at scale. * **Password spraying**: Attempts a small number of common passwords across many accounts to avoid lockouts. Credential stuffing uses exact matches from breach data. * **Account takeover (ATO)**: The outcome of a successful credential stuffing attempt, not the method itself. * **Credential reuse attacks**: A broader category encompassing credential stuffing as the most automated form. Many credential stuffing campaigns are powered by [botnets](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet?ts=markdown), proxy networks, or PhaaS (Phishing-as-a-Service) kits that include credential testing capabilities as part of a larger exploitation pipeline. ### Evolution and Operational Sophistication Early credential stuffing relied on static breach dumps and simple scripts to automate login attempts. Today's campaigns are highly adaptive, often using: * **Distributed bot frameworks** that mimic real user behavior * **Session-aware testing** to navigate MFA prompts or SSO redirects * **Device fingerprinting evasion** to bypass anomaly detection * **API endpoint targeting**, where login flows may lack proper throttling or behavioral controls Attackers also shift to mobile apps, gaming platforms, or lower-visibility interfaces where identity telemetry is limited. In many sectors, credential stuffing now accounts for over 80% of login traffic during observed attack spikes. Credential stuffing is not a vulnerability in the codebase. It's a failure mode in how identity, authentication, and session management intersect under real-world user behavior and infrastructure design. Preventing it requires an architectural response. ## Automated Exploitation of Reused Credentials Credential stuffing exploits the widespread reuse of passwords across unrelated platforms. Attackers begin with credential dumps --- often sourced from breaches of third-party services --- and automate authentication attempts across a targeted application or service. The process is designed to evade traditional security controls while operating at high scale and low cost. The core technique involves one-to-one testing: one password per username per service. This avoids lockout thresholds and distributes the attack across a wide set of users. Success relies on the probability that a portion of the target population has reused the same password previously exposed in a breach. ### Technical Workflow of a Credential Stuffing Attack #### Acquire Breached Credential Data Attackers purchase or scrape large lists of leaked credentials, often found on dark web marketplaces or aggregated in public breach repositories like "Collection #1." #### Prepare Target Login Interface The attacker identifies a login endpoint or API that lacks adequate rate limiting, CAPTCHA enforcement, or session intelligence. #### Distribute Load Across Infrastructure Using proxy networks, botnets, or residential IP rotation services (e.g., Bulletproof Proxies, Selenium farms), the attacker prepares a distributed authentication assault. #### Launch Credential Testing Tools like Sentry MBA, Snipr, or custom scripts launch credential attempts. Each attempt tests a username-password pair for success, records the result, and may optionally capture the session token. #### Validate Successful Logins Accounts that successfully authenticate are triaged for resale, immediate fraud, data exfiltration, or session hijacking. #### Optional Post-Access Automation If integrated with browser automation frameworks (e.g., Puppeteer, Playwright), attackers simulate user behavior post-login --- navigating dashboards, initiating transactions, or injecting further payloads. ### Tools and Infrastructure Commonly Used Credential stuffing toolkits include: * **Sentry MBA**: One of the earliest and most widespread credential stuffing tools. Supports custom configuration files (configs) tailored to specific web applications. * **Snipr and BlackBullet**: Modern successors to Sentry MBA with GUI interfaces, CAPTCHA handling, and credential checking against APIs and JSON-based login endpoints. * **OpenBullet**: Modular, scriptable credential testing platform often used in advanced campaigns. Supports proxy chaining, logic scripting, and custom token handling. Supporting infrastructure: * **Residential proxy services**: Hide origin IPs and evade geolocation or velocity checks. * **CAPTCHA solvers**: Either human-powered or automated solvers (e.g., 2Captcha, CapMonster) bypass visual challenge mechanisms. * **Combo lists**: Curated username-password pairs, often cleaned for formatting and grouped by geography, email domain, or breach source. ### Exploited Weaknesses in Application and Identity Layers Credential stuffing does not rely on flaws in cryptography or logic. It exploits weaknesses in design assumptions and insufficient defense-in-depth: * **Lack of MFA enforcement** : Even when [MFA](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-factor-authentication?ts=markdown) is available, failure to enforce it universally creates opportunity for attackers to bypass it entirely. * **Inadequate rate limiting or IP throttling**: Applications that allow high volumes of login attempts per IP or device profile become ideal targets. * **Static authentication models**: Systems that rely on password-only login without behavioral analytics or device-based context provide no adaptive risk response. * **Credential reuse**: The most human-centric failure, reused passwords across services create a multiplier effect for every breach. [Cloud-native](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native?ts=markdown) platforms are particularly exposed when login endpoints are separated from infrastructure-level controls. API-based authentication often lacks the visibility of web UI-based systems, making them easier to attack in stealth. ### Real-World Variants and Delivery Mechanisms Credential stuffing is not always overt. Modern variants include: * **Low and slow attacks**: Spread out login attempts over weeks using diverse proxies and natural user-agent strings to avoid detection. * **Mobile app targeting**: Attackers reverse-engineer authentication flows in mobile APIs where rate limiting is weaker and CAPTCHA is absent. * **SSO redirection abuse**: Applications that embed identity provider login flows can be tested indirectly if session tokens aren't tightly bound to device or IP. * **Multi-platform chaining**: A successful login on one platform is followed by immediate testing on others using the same email and password combination --- amplifying impact across banking, email, and enterprise portals. Credential stuffing has evolved into a business model. Many attackers never use compromised accounts themselves. Instead, they sell working logins --- often complete with geolocation, device fingerprint, and account metadata --- to fraud networks or [ransomware](https://www.paloaltonetworks.com/cyberpedia/what-is-ransomware?ts=markdown) operators for downstream use. ## Integration in the Attack Lifecycle ### Credential Stuffing as an Entry Strategy Credential stuffing is most often used for initial access. It's a non-invasive, high-scale tactic that leverages known-good credentials to silently test the outermost edge of an organization's identity surface --- typically through public login portals, mobile APIs, or third-party integrations. The goal is simple: find valid logins with as little noise as possible. Attackers use it early in a campaign to bypass detection, identify exposed services, and gain access without triggering alarms typically associated with vulnerability exploitation or malware delivery. In many cases, it's the first step in an operation that escalates into fraud, [lateral movement](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement?ts=markdown), data theft, or an [advanced persistent threat](https://www.paloaltonetworks.com/cyberpedia/what-is-advanced-persistent-threat-apt?ts=markdown). ### Dependencies and Enabling Conditions Credential stuffing succeeds because identity surfaces remain highly exposed and structurally under-defended. Its success relies on five common conditions: * **Credential reuse**: Victims have used the same credentials across multiple services. * **Breach data availability**: Credentials have been leaked in prior breaches and are accessible via dark web marketplaces, PhaaS services, or public repositories. * **No adaptive access controls**: Applications lack behavioral analysis or device-based trust scoring. * **Inconsistent MFA coverage**: Not all accounts or interfaces enforce multi-factor authentication. * **Minimal session intelligence**: Applications fail to link login attempts to abnormal session patterns, geolocation mismatches, or timing anomalies. Attackers often begin by parsing combo lists (email and password pairs), then testing them against login endpoints in a distributed, stealthy fashion. ### Post-Access Workflow and Adversary Objectives Once access is achieved, attackers pursue one of three broad objectives: #### 1. Fraud or Financial Theft After successfully logging in, especially to retail, banking, or loyalty platforms, the attacker may: * Extract payment card data or stored PII * Initiate purchases or transfers * Harvest internal account value (e.g., gift cards, coupons) * Link new devices or create mules for cash-out operations #### 2. Lateral Movement and Privilege Escalation In enterprise environments or federated systems, attackers use stolen credentials to: * Access internal portals via [VPN](https://www.paloaltonetworks.com/cyberpedia/what-is-a-vpn?ts=markdown) or SSO * Identify adjacent systems with trust relationships * Abuse OAuth tokens, service accounts, or shared passwords * Escalate through weak [access controls](https://www.paloaltonetworks.com/cyberpedia/access-control?ts=markdown) or misconfigured roles Credential stuffing may be paired with [phishing](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing?ts=markdown) to complete MFA bypass or to socially engineer access elevation. #### 3. Persistent Access and Token Abuse When used strategically, credential stuffing becomes a launchpad for token hijacking, device registration abuse, or OAuth session planting. Attackers establish long-term access by: * Capturing session cookies and JWTs * Generating refresh tokens tied to attacker-controlled devices * Registering malicious third-party apps in OAuth flows * Enabling persistent logins through "remember me" tokens In cloud-native systems, the post-stuffing pivot is often API-based. Attackers call backend APIs directly using authenticated sessions, bypassing UI controls and audit trails. ### Integration with Other Tactics Credential stuffing often connects with adjacent techniques to create layered attack chains: * **Credential stuffing + phishing** : After identifying a valid login, attackers [phish](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing?ts=markdown) for the MFA token to complete the session. * **Credential stuffing + CSRF** : In environments without [CSRF](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery?ts=markdown) protection, attackers hijack valid sessions and execute unauthorized actions silently. * **Credential stuffing + enumeration** : Attackers first verify active accounts by probing password reset [endpoints](https://www.paloaltonetworks.com/cyberpedia/what-is-an-endpoint?ts=markdown), then launch stuffing attempts only on live users. * **Credential stuffing + supply chain attacks**: Attackers compromise low-value accounts in integrated third-party tools to pivot into the primary environment. Credential stuffing is not a standalone threat. It's a scalable entry point that enables highly targeted post-compromise activity with minimal friction, making it a preferred tool for APTs, [cybercrime](https://www.paloaltonetworks.com/cyberpedia/cybercrime-the-underground-economy?ts=markdown) groups, and access brokers alike. ## Credential Stuffing Attacks in the Real World ### Ticketmaster (2024): Account Takeovers at Scale In early 2024, Ticketmaster disclosed a surge in fraudulent activity stemming from credential stuffing attacks against user accounts. Attackers leveraged breached credentials to gain access to stored payment methods and event tickets, which were resold through secondary markets. The incident impacted tens of thousands of customers and triggered a wave of chargebacks and customer support escalations. **Impact:** * Financial loss via ticket resale and fraudulent purchases * Brand damage and regulatory scrutiny * Costly mitigation including forced password resets and expanded MFA rollout **Relevance:** * Consumer-facing platform with stored financial assets * Exposed login API used by mobile app was less protected than web interface * Attackers rotated residential IPs and mimicked mobile app behavior to bypass velocity rules ### Canada Revenue Agency (CRA) (2020): Government Identity Fraud The Canada Revenue Agency was forced to shut down multiple services after over 11,000 user accounts were compromised via credential stuffing. Attackers used login credentials obtained from unrelated breaches to access tax and COVID-19 benefit portals. **Impact:** * National disruption of tax services * Identity fraud related to government benefits * Public loss of trust in digital service integrity **Relevance:** * High-value targets with government-issued credentials * Limited MFA coverage at the time * Detection delayed due to distributed login attempts across multiple services ### Robinhood (2022): Credential Stuffing Plus MFA Fatigue In a coordinated campaign, attackers used credential stuffing in conjunction with MFA push fatigue to compromise a subset of Robinhood accounts. Victims received multiple MFA prompts, some of which were eventually accepted under pressure. Account access allowed unauthorized trades and withdrawal attempts. **Impact:** * Financial fraud targeting individual retail investors * Increased scrutiny of MFA usability and bypass vectors * Highlighted gap between authentication strength and user behavior **Relevance:** * Financial services platform with high attack surface * Credential reuse across trading, banking, and email * Underscored need for phishing-resistant MFA methods like FIDO2 ### Metric Snapshot: Industry-Wide Exposure Credential stuffing remains one of the most prevalent forms of automated abuse, with the following metrics illustrating its scope: * **Over 80%** of login traffic during attack spikes in large SaaS platforms is automated credential testing (source: Akamai, 2023) * **1 in 4 users** reused passwords across multiple services as of 2023 (source: Verizon DBIR) * **Billions** of credentials from breaches are available across public and private combo list markets * Average time-to-detection for successful credential stuffing is over **72 hours**, allowing ample window for token harvesting and lateral movement ### Industry-Specific Vulnerability * **Retail and e-commerce**: Frequently targeted due to stored payment methods and weak identity controls across mobile and guest checkout interfaces * **Finance and fintech**: High-value assets attract layered attacks combining credential stuffing with phishing and device spoofing * **Healthcare**: Patient portals often lag in MFA adoption and are vulnerable to account-based access to sensitive data * **SaaS platforms**: Federated identity and broad API exposure increase the attack surface across user, admin, and integration layers Credential stuffing is a primary attack vector with documented operational impact across sectors. Organizations that rely on passwords alone aren't defending against a potential compromise. They're accepting an inevitable one. ## Responding and Recovering from Credential Stuffing ### Immediate Containment and Access Control When credential stuffing is detected, response must focus on rapid containment of active sessions and protection of downstream systems. Because attackers often possess valid credentials, traditional perimeter defenses are ineffective post-compromise. Primary containment actions: * **Force password resets**: Immediately invalidate credentials for accounts confirmed or suspected to be compromised. Prioritize based on login anomalies or source IP clusters. * **Revoke session tokens**: Terminate active sessions associated with malicious logins, especially if they involve elevated permissions or sensitive workflows. * **Throttle authentication endpoints**: Apply strict rate limits, user-agent filters, and geofencing on login APIs to stem the flood of requests while maintaining service for legitimate users. * **Block offending infrastructure**: Blacklist known botnet IPs, proxy networks, or automated tool signatures used during the attack window. Containment must be surgical, not reactive. Overly aggressive responses can lock out legitimate users or overload support teams. ### Eradication and Workflow Cleanup Credential stuffing campaigns rarely stop with a login. Once an attacker gains access, follow-on activity such as token generation, data export, or integration abuse is common. Eradication must focus on identifying and neutralizing that activity. Steps to remove attacker footholds: * **Audit API tokens and refresh grants**: Identify tokens generated during the compromise period and revoke them selectively or globally. * **Investigate downstream actions**: Review logs for sensitive actions post-login, such as password changes, payment modifications, or data exports. * **Purge malicious integrations**: If OAuth or third-party app permissions were granted during the attack, revoke them and audit scopes. * **Harden authentication flows**: Immediately enforce MFA for all users, including internal, if it was previously optional. Credential stuffing rarely involves [malware](https://www.paloaltonetworks.com/cyberpedia/what-is-malware?ts=markdown) or code injection. Eradication depends on identity-layer visibility and precise session telemetry --- not forensic disk analysis. ### Internal and External Communication Because credential stuffing often uses breach data from other platforms, organizations may be reluctant to notify affected users. That hesitation can undermine trust and delay downstream containment. Communication best practices: * **Notify users with specific guidance**: Don't just tell users to change passwords. Instruct them on detecting account misuse, reviewing sessions, and enabling MFA. * **Acknowledge scope and origin clearly**: Clarify that the breach source may be external, but the threat is internal to the platform. * **Engage legal and compliance** : Evaluate whether credential-based access led to regulatory exposure (e.g., [GDPR](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance?ts=markdown) Article 33), especially if [PII](https://www.paloaltonetworks.com/cyberpedia/pii?ts=markdown) was accessed. * **Coordinate support teams**: Prepare for a surge in password reset requests, identity verification challenges, and reputational management. Proactive, informed messaging prevents misinformation and helps users understand their role in post-breach remediation. ### Cross-Functional Teams and Tools Credential stuffing spans identity, application, and fraud domains. Effective response demands cross-functional alignment across technical and operational teams. Key stakeholders: * [**Security Operations Center (SOC)**](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc?ts=markdown): Detects and investigates credential anomalies across SIEM and [XDR](https://www.paloaltonetworks.com/cyberpedia/what-is-extended-detection-response-XDR?ts=markdown) platforms. * [**Identity and Access Management (IAM)**](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management?ts=markdown): Enforces session revocation, MFA deployment, and token audits. * **[AppSec](https://www.paloaltonetworks.com/cyberpedia/appsec-application-security?ts=markdown) and [DevOps](https://www.paloaltonetworks.com/cyberpedia/what-is-devops?ts=markdown)**: Implements rate limiting, CAPTCHA challenges, and endpoint telemetry enhancements. * **Fraud and risk teams**: Analyze behavior post-authentication to assess potential business impact. Tooling priorities: * [SIEMs](https://www.paloaltonetworks.com/cyberpedia/what-is-siem?ts=markdown) and behavioral analytics for login anomaly detection * Identity providers (IdPs) with session control and MFA visibility * [Web application firewalls (WAFs)](https://www.paloaltonetworks.com/cyberpedia/what-is-a-web-application-firewall?ts=markdown) with bot mitigation and geo throttling * [API gateways](https://www.paloaltonetworks.com/cyberpedia/what-is-api-gateway?ts=markdown) for token tracking and client fingerprinting ### Post-Mortem and Strategic Hardening Recovery is not complete until the conditions that allowed the attack are eliminated. A structured post-mortem clarifies not just what happened, but why it succeeded. Hardening recommendations: * **Audit MFA coverage**: Ensure all user classes, interfaces, and devices are protected with phishing-resistant MFA. * **Enable adaptive authentication**: Deploy risk-based access scoring, behavioral baselines, and device trust evaluations. * **Refresh credential hygiene policies**: Enforce periodic password rotation and implement credential checks against breach corpuses (e.g., Have I Been Pwned integration). * **Strengthen session telemetry**: Capture login metadata (IP, device, geolocation, timing) to train future detection models. * **Rehearse credential stuffing scenarios**: Integrate simulated attacks into incident response tabletop exercises and red team operations. Credential stuffing is not a one-time incident. It's an ongoing risk that evolves alongside breach data availability and automation tools. Response must evolve in parallel --- with [zero trust](https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture?ts=markdown) at the identity layer and continuous detection at every session boundary. ## Credential Stuffing FAQs ### What Is a Combo List? A combo list is a compiled database of usernames or email addresses paired with plaintext or hashed passwords, typically obtained from multiple breached sources. These lists are cleaned, normalized, and formatted for automated tools used in credential stuffing attacks. They're traded or sold on underground forums and optimized to maximize hit rates across platforms with weak authentication defenses. ### What Is OpenBullet? OpenBullet is a widely used credential stuffing framework that allows attackers to automate login attempts against web applications and APIs. It supports customizable configs to bypass login logic, integrate proxies, solve CAPTCHAs, and parse response data. OpenBullet is modular, scriptable, and often used in attacks against e-commerce, financial, and cloud service platforms. ### What Is Password Spraying? Password spraying is a brute-force technique in which attackers try a few commonly used passwords (e.g., "123456", "Winter2024!") across a large number of user accounts. Unlike credential stuffing, which uses known credential pairs, password spraying spreads login attempts to avoid lockouts and is often used against corporate Active Directory or VPN portals. ### What is MFA fatigue? MFA fatigue, or push bombing, is a social engineering technique where attackers trigger repeated multi-factor authentication prompts to the target's device, hoping they will eventually approve one out of annoyance or confusion. When used after credential stuffing, it can allow attackers to bypass second-factor protections and gain full session access. ### What is device fingerprinting? Device fingerprinting is a method of uniquely identifying client devices based on attributes such as browser type, OS version, installed fonts, screen resolution, and other telemetry. Security platforms use it to detect anomalies, enforce adaptive access policies, and detect credential stuffing bots that rotate IPs but reuse browser fingerprints or automation artifacts. Related content [Access Incident Insights Discover the latest threat actor tactics and get real-world insights and expert recommendations to safeguard your organization better.](https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report?ts=markdown) [IDC 2025 MarketScape Leader for Worldwide IR Services. See why IDC MarketScape recognized us.](http://start.paloaltonetworks.com/idc-incident-response-marketscape-2025) [Credential-Based Attacks Research Learn how Unit 42 details the ecosystem behind how adversaries steal and leverage legitimate credentials to break in and move laterally within organizations.](https://www.paloaltonetworks.com/resources/research/unit-42-credential-based-attacks?ts=markdown) [Defend Against Cyber Attacks: Silence the SecOps Noise Learn how to simplify threats, data, devices, tools and complexity of cyber attacks with the AI-driven intelligence of XSIAM](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20Credential%20Stuffing%3F&body=Credential%20stuffing%20is%20a%20leading%20cause%20of%20account%20takeover.%20This%20guide%20details%20the%20tactics%2C%20risks%2C%20and%20defenses%20organizations%20need%20to%20prevent%20automated%20identity-based%20attacks.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/credential-stuffing) Back to Top [Previous](https://www.paloaltonetworks.com/cyberpedia/what-is-an-exploit-kit?ts=markdown) What is an Exploit Kit? [Next](https://www.paloaltonetworks.com/cyberpedia/what-is-smishing?ts=markdown) What Is Smishing? {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2025 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language