<?xml version="1.0" encoding="utf-8"?>
<rss version="2.0"><channel><title>Peakhour.IO - Threat Detection</title><link>https://www.peakhour.io/</link><description></description><lastBuildDate>Sun, 26 Jul 2026 09:00:00 +1000</lastBuildDate><item><title>Two Lineages of TLS Fingerprinting: JA3, JA4 and Cisco Mercury</title><link>https://www.peakhour.io/blog/two-lineages-tls-fingerprinting/</link><description>&lt;p&gt;JA4 did not descend from Cisco Mercury. The two projects come from different strands of TLS fingerprinting research and solve different operational problems.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Sun, 26 Jul 2026 09:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2026-07-26:/blog/two-lineages-tls-fingerprinting/</guid><category>Security</category><category>TLS Fingerprinting</category><category>JA3</category><category>JA4</category><category>Cisco Mercury</category><category>Network Fingerprinting</category><category>Threat Detection</category></item><item><title>API Bot Abuse Does Not Stay in One Endpoint</title><link>https://www.peakhour.io/blog/api-bot-abuse-login-checkout-account-journeys/</link><description>&lt;p&gt;API bot abuse moves across login, checkout, and account journeys. Defenders need route-aware bot, rate, and account controls that follow the campaign rather than treating each endpoint as a separate incident.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Fri, 19 Jun 2026 00:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2026-06-19:/blog/api-bot-abuse-login-checkout-account-journeys/</guid><category>API Security</category><category>API Bot Protection</category><category>Bot Management</category><category>Account Protection</category><category>Rate Limiting</category><category>API Security</category><category>Threat Detection</category></item><item><title>API Protection and Account Protection Are One Request-Path Problem</title><link>https://www.peakhour.io/blog/api-protection-account-protection-request-path/</link><description>&lt;p&gt;Account protection does not stop at the login form. The same request path carries API, bot, rate, token, and account-risk evidence, and that is where the decision needs to happen.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Fri, 19 Jun 2026 00:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2026-06-19:/blog/api-protection-account-protection-request-path/</guid><category>API Security</category><category>API Security</category><category>Account Protection</category><category>Bot Management</category><category>Rate Limiting</category><category>Threat Detection</category><category>Fraud Prevention</category></item><item><title>How Residential Proxies Changed API and Account Abuse</title><link>https://www.peakhour.io/blog/residential-proxies-api-account-abuse/</link><description>&lt;p&gt;Residential proxies have changed account abuse from obvious bursts into distributed, low-noise workflows across login, account, and API routes. Treat proxy use as a risk signal, not a blunt block rule.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Fri, 19 Jun 2026 00:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2026-06-19:/blog/residential-proxies-api-account-abuse/</guid><category>API Security</category><category>API Security</category><category>Account Protection</category><category>Residential Proxies</category><category>Bot Management</category><category>Rate Limiting</category><category>Threat Detection</category></item><item><title>Shadow APIs Are Account-Abuse Paths</title><link>https://www.peakhour.io/blog/shadow-apis-account-abuse/</link><description>&lt;p&gt;Shadow APIs matter because attackers do not care whether a route is documented. Mobile, partner, browser-backed, and legacy APIs can all become account-abuse paths when they remain outside normal controls.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Fri, 19 Jun 2026 00:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2026-06-19:/blog/shadow-apis-account-abuse/</guid><category>API Security</category><category>API Security</category><category>Shadow APIs</category><category>Account Protection</category><category>Bot Management</category><category>Threat Detection</category><category>DevSecOps</category></item><item><title>Agentic AI vs. Your API</title><link>https://www.peakhour.io/blog/agentic-ai-vs-your-api/</link><description>&lt;p&gt;Understand the shift from scripted bots to reasoning AI agents and how to adapt your security strategy for this new reality.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Mon, 01 Sep 2025 00:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2025-09-01:/blog/agentic-ai-vs-your-api/</guid><category>AI</category><category>Bot Management</category><category>API Security</category><category>Threat Detection</category><category>DevSecOps</category><category>Machine Learning</category><category>Credential Stuffing</category></item><item><title>Anatomy of a Credential Stuffing Attack</title><link>https://www.peakhour.io/blog/anatomy-of-a-credential-stuffing-attack/</link><description>&lt;p&gt;A deep dive into how credential stuffing attacks work, the tools used, and how to build a multi-layered defense.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Mon, 01 Sep 2025 00:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2025-09-01:/blog/anatomy-of-a-credential-stuffing-attack/</guid><category>Security</category><category>Credential Stuffing</category><category>Account Protection</category><category>Fraud Prevention</category><category>Residential Proxies</category><category>DNS</category><category>Threat Detection</category></item><item><title>Key Considerations for Effective Bot Management</title><link>https://www.peakhour.io/blog/key-considerations-effective-bot-management/</link><description>&lt;p&gt;With nearly half of all internet traffic being automated, a robust bot management strategy is essential. This article explores the key considerations for effective bot detection, classification, and response in the face of evolving threats.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Mon, 01 Sep 2025 00:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2025-09-01:/blog/key-considerations-effective-bot-management/</guid><category>Bots</category><category>Bot Management</category><category>Threat Detection</category><category>API Security</category><category>Residential Proxies</category><category>Credential Stuffing</category><category>Account Protection</category></item><item><title>The Bot Spectrum</title><link>https://www.peakhour.io/blog/the-bot-spectrum-good-bad-grey-bots/</link><description>&lt;p&gt;Learn to classify bots into good, bad, and grey categories and apply the right management strategy for each.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Mon, 01 Sep 2025 00:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2025-09-01:/blog/the-bot-spectrum-good-bad-grey-bots/</guid><category>Bots</category><category>Bot Management</category><category>API Security</category><category>Threat Detection</category><category>DDoS</category><category>Residential Proxies</category><category>Rate Limiting</category></item><item><title>How to Use Bot Management for IAM Use Cases</title><link>https://www.peakhour.io/blog/bot-management-for-iam-use-cases/</link><description>&lt;p&gt;Bots are part of account takeover, fraud, scraping, and other abuse. Identity and access management leaders need a clear business case for bot management, or their organisations face avoidable account takeover losses and will be less prepared for the risks introduced when customers use AI agents.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Wed, 20 Aug 2025 00:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2025-08-20:/blog/bot-management-for-iam-use-cases/</guid><category>Security</category><category>Bot Management</category><category>Account Protection</category><category>Credential Stuffing</category><category>API Security</category><category>Threat Detection</category><category>Fraud Prevention</category></item><item><title>Protecting Against a Share Point Zero Day Vulnerability with Network Fingerprinting</title><link>https://www.peakhour.io/blog/protecting-against-share-point-zero-day/</link><description>&lt;p&gt;Analysis of attempts to exploit a recent Share Point zero day vulnerability reveal network fingerprinting and classification is a robust defense.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Dan</dc:creator><pubDate>Wed, 23 Jul 2025 13:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2025-07-23:/blog/protecting-against-share-point-zero-day/</guid><category>Security</category><category>Threat Detection</category><category>Credential Stuffing</category><category>Account Protection</category><category>DevSecOps</category><category>DDoS</category><category>Application Security</category></item><item><title>Why We Can't Trust IP Addresses</title><link>https://www.peakhour.io/blog/residential-proxies-trust-issues/</link><description>&lt;p&gt;The proliferation of residential proxy networks has undermined traditional IP-based security, enabling attackers to bypass protection measures while appearing as legitimate users.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Tue, 11 Mar 2025 14:00:00 +1100</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2025-03-11:/blog/residential-proxies-trust-issues/</guid><category>Residential Proxies</category><category>Residential Proxies</category><category>DDoS</category><category>Credential Stuffing</category><category>DNS</category><category>Threat Detection</category><category>Account Protection</category></item><item><title>How AI Agents Are Writing Custom Exploits</title><link>https://www.peakhour.io/blog/ai-agents-custom-exploits/</link><description>&lt;p&gt;AI agents with reasoning capabilities like DeepSeek are revolutionizing exploit development, marking the end of traditional security approaches based on static rules and patterns.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Mon, 17 Feb 2025 14:00:00 +1100</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2025-02-17:/blog/ai-agents-custom-exploits/</guid><category>Security</category><category>Application Security</category><category>Threat Detection</category><category>DevSecOps</category><category>Bot Management</category><category>API Security</category><category>DDoS</category></item><item><title>Data-Driven Risk Management</title><link>https://www.peakhour.io/blog/data-driven-risk-management-contextual-security/</link><description>&lt;p&gt;How Peakhour's contextual security aligns with Visa's data-driven risk management approach in the 2025-2028 Security Roadmap.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Fri, 07 Feb 2025 00:00:00 +1100</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2025-02-07:/blog/data-driven-risk-management-contextual-security/</guid><category>Account Protection</category><category>Account Protection</category><category>Application Security</category><category>Credential Stuffing</category><category>API Security</category><category>Threat Detection</category><category>PCI DSS</category></item><item><title>Did Residential Proxies enable a $600 Billion loss?</title><link>https://www.peakhour.io/blog/residential-proxies-deepseek/</link><description>&lt;p&gt;How residential proxy networks may have enabled DeepSeek to bypass AI platform protections, leading to Nvidia's historic market value loss&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Fri, 31 Jan 2025 00:00:00 +1100</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2025-01-31:/blog/residential-proxies-deepseek/</guid><category>Residential Proxies</category><category>Residential Proxies</category><category>CDN</category><category>Bot Management</category><category>Machine Learning</category><category>API Security</category><category>Threat Detection</category></item><item><title>Preventing Enumeration Attacks</title><link>https://www.peakhour.io/blog/preventing-enumeration-attacks-visa-roadmap/</link><description>&lt;p&gt;An analysis of how Peakhour's solutions help prevent enumeration attacks, aligning with Visa's Security Roadmap 2025-2028 priorities.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Fri, 24 Jan 2025 00:00:00 +1100</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2025-01-24:/blog/preventing-enumeration-attacks-visa-roadmap/</guid><category>Security</category><category>Account Protection</category><category>Credential Stuffing</category><category>PCI DSS</category><category>API Security</category><category>Fraud Prevention</category><category>Threat Detection</category></item><item><title>How MTU Fingerprinting Identifies VPNs and Mobile Users</title><link>https://www.peakhour.io/blog/mtu-fingerprinting-vpn-mobile-detection/</link><description>&lt;p&gt;Learn how MTU fingerprinting reveals VPN usage, mobile connections, and network technologies through TCP handshake analysis. Discover practical SQL techniques for dynamic network intelligence.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Wed, 15 Jan 2025 14:00:00 +1100</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2025-01-15:/blog/mtu-fingerprinting-vpn-mobile-detection/</guid><category>Bots</category><category>Threat Detection</category><category>Fingerprinting</category><category>Networking</category><category>Residential Proxies</category><category>TLS Fingerprinting</category><category>DDoS</category></item><item><title>Anti-Detect Browsers</title><link>https://www.peakhour.io/blog/anti-detect-browsers-application-security-threat/</link><description>&lt;p&gt;Anti-detect browsers represent one of the most sophisticated threats facing modern web applications and APIs. Learn how these tools work, why they pose a significant threat to application security, and how modern security platforms can detect and mitigate their use.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Wed, 15 Jan 2025 10:00:00 +1100</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2025-01-15:/blog/anti-detect-browsers-application-security-threat/</guid><category>Bots</category><category>Bot Management</category><category>Threat Detection</category><category>Application Security</category><category>Browser Fingerprinting</category><category>Fingerprinting</category><category>DevSecOps</category></item><item><title>Residential Proxies - The Growing Threat to Ad Campaigns</title><link>https://www.peakhour.io/blog/residential-proxy-ad-fraud/</link><description>&lt;p&gt;Learn how distributed bot networks using residential IPs are evolving to evade traditional fraud detection&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Mon, 30 Dec 2024 00:00:00 +1100</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2024-12-30:/blog/residential-proxy-ad-fraud/</guid><category>Residential Proxies</category><category>Residential Proxies</category><category>Bot Management</category><category>Threat Detection</category><category>Fraud Prevention</category><category>Credential Stuffing</category><category>DDoS</category></item><item><title>Next-Generation Application Security Defence Strategies</title><link>https://www.peakhour.io/blog/ai-powered-cyber-threats-application-security-defence/</link><description>&lt;p&gt;Comprehensive analysis of AI-powered cyber threats and how modern application security platforms defend against machine learning-driven attacks. Learn advanced defence strategies for the AI cybersecurity arms race.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Fri, 15 Nov 2024 14:00:00 +1100</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2024-11-15:/blog/ai-powered-cyber-threats-application-security-defence/</guid><category>Security</category><category>Threat Detection</category><category>Machine Learning</category><category>DevSecOps</category><category>Bot Management</category><category>DDoS</category><category>Application Security</category></item><item><title>Your Anti-Fraud Residential Proxy Detection Sucks</title><link>https://www.peakhour.io/blog/anti-fraud-residential-proxy-detection/</link><description>&lt;p&gt;Your anti fraud IP Intelligence service is no longer fit for purpose. Learn about the challenges in detecting residential proxies and why traditional methods don't work.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Dan</dc:creator><pubDate>Fri, 04 Oct 2024 13:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2024-10-04:/blog/anti-fraud-residential-proxy-detection/</guid><category>Residential Proxies</category><category>Residential Proxies</category><category>Fraud Prevention</category><category>Threat Detection</category><category>Credential Stuffing</category><category>DNS</category><category>Account Protection</category></item><item><title>The Australian epidemic of Account Takeover attacks</title><link>https://www.peakhour.io/blog/credential-stuffing-threat-australian-businesses/</link><description>&lt;p&gt;An in-depth look at the growing threat of credential stuffing attacks on Australian businesses, including recent case studies, defense challenges, and practical recommendations.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Mon, 29 Jul 2024 10:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2024-07-29:/blog/credential-stuffing-threat-australian-businesses/</guid><category>Account Protection</category><category>Account Protection</category><category>Credential Stuffing</category><category>Fraud Prevention</category><category>Residential Proxies</category><category>Threat Detection</category><category>DNS</category></item><item><title>The Challenge of Proxy Detection</title><link>https://www.peakhour.io/blog/proxy-detection-challenges-existing-solutions/</link><description>&lt;p&gt;Examine why current security solutions fail to detect and mitigate threats from residential proxies, and the need for comprehensive protection strategies.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Fri, 19 Jul 2024 10:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2024-07-19:/blog/proxy-detection-challenges-existing-solutions/</guid><category>Residential Proxies</category><category>Residential Proxies</category><category>Bot Management</category><category>Credential Stuffing</category><category>Account Protection</category><category>API Security</category><category>Threat Detection</category></item><item><title>Quantifying The Residential Proxy Threat</title><link>https://www.peakhour.io/blog/residential-proxy-detection-quantifying-hidden-threat/</link><description>&lt;p&gt;Explore the complexities of residential proxy detection and its impact on organisational risk, with a focus on quantifying the threat and reframing security approaches.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Thu, 18 Jul 2024 10:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2024-07-18:/blog/residential-proxy-detection-quantifying-hidden-threat/</guid><category>Residential Proxies</category><category>Residential Proxies</category><category>Threat Detection</category><category>Credential Stuffing</category><category>Account Protection</category><category>DDoS</category><category>Bot Management</category></item><item><title>Application Security Beyond MFA</title><link>https://www.peakhour.io/blog/why-mfa-is-an-incomplete-defence/</link><description>&lt;p&gt;MFA helps, but it does not stop social engineering, residential proxy abuse, credential stuffing, or session risk on its own.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Mon, 15 Jul 2024 10:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2024-07-15:/blog/why-mfa-is-an-incomplete-defence/</guid><category>Account Protection</category><category>Account Protection</category><category>Credential Stuffing</category><category>Bot Management</category><category>API Security</category><category>Residential Proxies</category><category>Threat Detection</category></item><item><title>Addressing Key Cloud Security Categories</title><link>https://www.peakhour.io/blog/peakhour-cloud-security-post-wiz/</link><description>&lt;p&gt;An analysis of Peakhour's role in addressing key cloud security categories identified in recent industry analysis, demonstrating its comprehensive approach to modern cloud security challenges.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Wed, 01 May 2024 10:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2024-05-01:/blog/peakhour-cloud-security-post-wiz/</guid><category>Security</category><category>API Security</category><category>Threat Detection</category><category>Account Protection</category><category>DevSecOps</category><category>Application Security</category><category>CDN</category></item><item><title>Managing Breached Credential Usage</title><link>https://www.peakhour.io/blog/breached-credentials-protection-application-security-platform/</link><description>&lt;p&gt;How breached credential checks and risk signals help detect credential stuffing without adding unnecessary login friction.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Fri, 15 Mar 2024 00:00:00 +1100</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2024-03-15:/blog/breached-credentials-protection-application-security-platform/</guid><category>Account Protection</category><category>Credential Stuffing</category><category>Account Protection</category><category>DevSecOps</category><category>Application Security</category><category>Threat Detection</category><category>API Security</category></item><item><title>Rate Limiting for API Security</title><link>https://www.peakhour.io/blog/introducing-advanced-rate-limiting/</link><description>&lt;p&gt;How advanced rate limiting protects modern applications and APIs from sophisticated threats including proxy networks, distributed attacks, and automated abuse in enterprise security environments.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Wed, 24 Jan 2024 13:00:00 +1100</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2024-01-24:/blog/introducing-advanced-rate-limiting/</guid><category>Application Security</category><category>Rate Limiting</category><category>API Security</category><category>DDoS</category><category>Residential Proxies</category><category>Bot Management</category><category>Threat Detection</category></item><item><title>Dive into CVSS Scores</title><link>https://www.peakhour.io/blog/confluence-cvss-vectors/</link><description>&lt;p&gt;Understand CVSS by examining the Atlassian CVE-2023-22515 and CVE-2023-22518.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Fri, 10 Nov 2023 00:00:00 +1100</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2023-11-10:/blog/confluence-cvss-vectors/</guid><category>Interest</category><category>Threat Detection</category><category>DevSecOps</category><category>Application Security</category><category>Anomaly Detection</category><category>Credential Stuffing</category><category>Core Web Vitals</category></item><item><title>A Risk Based Approach To Vulnerability Scoring</title><link>https://www.peakhour.io/blog/epss-explained/</link><description>&lt;p&gt;An in-depth exploration of EPSS, its data-driven approach to assessing cybersecurity threats, and how it complements CVSS.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Fri, 10 Nov 2023 00:00:00 +1100</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2023-11-10:/blog/epss-explained/</guid><category>Interest</category><category>Threat Detection</category><category>Application Security</category><category>DevSecOps</category><category>Anomaly Detection</category><category>DDoS</category><category>Credential Stuffing</category></item><item><title>A Tale Of Two Scoring Systems</title><link>https://www.peakhour.io/blog/a-tale-of-two-scoring-systems-and-atlassian-confluence/</link><description>&lt;p&gt;Reviewing the CVSS an EPSS CVE scoring systems in light of the Atlassian Confluence-Aggedon&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Wed, 08 Nov 2023 00:00:00 +1100</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2023-11-08:/blog/a-tale-of-two-scoring-systems-and-atlassian-confluence/</guid><category>Security</category><category>Credential Stuffing</category><category>Threat Detection</category><category>Account Protection</category><category>DevSecOps</category><category>SOC 2</category></item><item><title>JA4 and JA4+ Network Fingerprinting</title><link>https://www.peakhour.io/blog/overview-of-ja4-network-fingerprinting/</link><description>&lt;p&gt;How JA4 constructs a TLS client fingerprint, what JA4+ names, and which details sorting and hashing discard.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Wed, 25 Oct 2023 13:00:00 +1100</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2023-10-25:/blog/overview-of-ja4-network-fingerprinting/</guid><category>Security</category><category>TLS Fingerprinting</category><category>Fingerprinting</category><category>Browser Fingerprinting</category><category>TLS</category><category>SOC 2</category><category>Threat Detection</category></item><item><title>ModSecurity’s End-of-Life</title><link>https://www.peakhour.io/blog/modsecurity-eol-modern-application-security-platforms/</link><description>&lt;p&gt;ModSecurity's end-of-life marks a pivotal moment in application security evolution. Discover how modern Application Security Platforms are advancing beyond traditional WAF approaches to provide comprehensive protection for web applications and APIs at the edge.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Mon, 16 Oct 2023 13:00:00 +1100</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2023-10-16:/blog/modsecurity-eol-modern-application-security-platforms/</guid><category>Security</category><category>Application Security</category><category>DevSecOps</category><category>API Security</category><category>DDoS</category><category>Threat Detection</category><category>SOC 2</category></item><item><title>APRA Cybersecurity Guidelines</title><link>https://www.peakhour.io/blog/apra-cybersecurity-application-security-financial-services/</link><description>&lt;p&gt;Comprehensive guide to APRA cybersecurity requirements for Australian financial institutions. Learn how application security platforms help meet CPS 234 compliance and Information Security Manual guidelines for protecting financial services infrastructure.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Dan</dc:creator><pubDate>Thu, 12 Oct 2023 12:31:00 +1100</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2023-10-12:/blog/apra-cybersecurity-application-security-financial-services/</guid><category>Financial Services Security</category><category>Compliance</category><category>Account Protection</category><category>Application Security</category><category>Threat Detection</category><category>GDPR</category><category>PCI DSS</category></item><item><title>Understanding the HTTP/2 Rapid Reset Attack</title><link>https://www.peakhour.io/blog/http-rapid-reset-attack/</link><description>&lt;p&gt;A comprehensive breakdown of the HTTP/2 Rapid Reset flaw and guidance on bolstering defences against potential DDoS attacks.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Wed, 11 Oct 2023 00:00:00 +1100</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2023-10-11:/blog/http-rapid-reset-attack/</guid><category>Security</category><category>DDoS</category><category>Rate Limiting</category><category>DNS</category><category>API Security</category><category>Bot Management</category><category>Threat Detection</category></item><item><title>The Rise of OpenBullet</title><link>https://www.peakhour.io/blog/the-rise-of-openbullet/</link><description>&lt;p&gt;A comprehensive look at OpenBullet, its capabilities, and the implications for cybersecurity in the face of its misuse.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Fri, 01 Sep 2023 14:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2023-09-01:/blog/the-rise-of-openbullet/</guid><category>Security</category><category>Bot Management</category><category>Application Security</category><category>DevSecOps</category><category>Account Protection</category><category>Credential Stuffing</category><category>Threat Detection</category></item><item><title>Enterprise DDoS Protection</title><link>https://www.peakhour.io/blog/enterprise-ddos-protection-microsoft-365-application-security/</link><description>&lt;p&gt;Analysis of the Microsoft 365 DDoS attack by Storm-1359 reveals critical lessons for enterprise application security platforms. Learn advanced Layer 7 DDoS protection strategies and rate limiting techniques for modern applications.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Mon, 19 Jun 2023 00:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2023-06-19:/blog/enterprise-ddos-protection-microsoft-365-application-security/</guid><category>DDoS</category><category>DDoS</category><category>Threat Detection</category><category>Rate Limiting</category><category>Application Security</category><category>Account Protection</category><category>API Security</category></item><item><title>The Rise of the Dragon</title><link>https://www.peakhour.io/blog/camaro-dragon-malware/</link><description>&lt;p&gt;Residential proxy malware, and its implications for traditional cybersecurity measures, emphasising the need for evolving threat detection and mitigation strategies.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Wed, 17 May 2023 13:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2023-05-17:/blog/camaro-dragon-malware/</guid><category>Residential Proxies</category><category>Residential Proxies</category><category>Threat Detection</category><category>Account Protection</category><category>Credential Stuffing</category><category>DDoS</category><category>Bot Management</category></item><item><title>Residential Proxies and MITRE Framework</title><link>https://www.peakhour.io/blog/residential-proxies-mitre-framework/</link><description>&lt;p&gt;Explore residential proxies within the context of the MITRE ATT&amp;amp;CK framework, highlighting the security implications and ethical considerations.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Wed, 17 May 2023 13:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2023-05-17:/blog/residential-proxies-mitre-framework/</guid><category>Residential Proxies</category><category>Residential Proxies</category><category>Account Protection</category><category>Credential Stuffing</category><category>Threat Detection</category><category>DDoS</category><category>DevSecOps</category></item><item><title>Residential Proxy Detection</title><link>https://www.peakhour.io/blog/residential-proxies-unseen-challenges/</link><description>&lt;p&gt;Comprehensive analysis of residential proxy threats and detection strategies for modern application security platforms. Learn how sophisticated threat actors use residential proxies to bypass traditional security measures.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Wed, 17 May 2023 13:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2023-05-17:/blog/residential-proxies-unseen-challenges/</guid><category>Threat Intelligence</category><category>Residential Proxies</category><category>Bot Management</category><category>Threat Detection</category><category>Account Protection</category><category>Credential Stuffing</category><category>DDoS</category></item><item><title>Advanced Anomaly Detection</title><link>https://www.peakhour.io/blog/advanced-anomaly-detection-rrcf-application-security/</link><description>&lt;p&gt;Deep dive into Robust Random Cut Forest (RRCF) implementation for real-time anomaly detection in Application Security Platforms. Learn how advanced machine learning algorithms enhance threat detection and automated response capabilities.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Mon, 15 May 2023 13:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2023-05-15:/blog/advanced-anomaly-detection-rrcf-application-security/</guid><category>Security</category><category>Threat Detection</category><category>Anomaly Detection</category><category>DDoS</category><category>DevSecOps</category><category>Bot Management</category><category>Application Security</category></item><item><title>Double MAD?</title><link>https://www.peakhour.io/blog/double-mad/</link><description>&lt;p&gt;This article explores the use of Double Median Absolute Deviation (Double MAD) for anomaly detection in time series data, particularly in skewed or non-symmetric distributions.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Mon, 15 May 2023 13:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2023-05-15:/blog/double-mad/</guid><category>Technical</category><category>Anomaly Detection</category><category>Threat Detection</category><category>Bot Management</category><category>Residential Proxies</category><category>DDoS</category></item><item><title>Scaling anomaly detection with RRCF</title><link>https://www.peakhour.io/blog/rrcf-scaling/</link><description>&lt;p&gt;Discusses strategies for scaling the Robust Random Cut Forest (RRCF) algorithm for large-scale anomaly detection, including using summary statistics, buffering input, and parallelisation.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Mon, 15 May 2023 13:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2023-05-15:/blog/rrcf-scaling/</guid><category>Technical</category><category>Anomaly Detection</category><category>Threat Detection</category></item><item><title>Applied RRCF - thresholding techniques.</title><link>https://www.peakhour.io/blog/rrcf-thresholding/</link><description>&lt;p&gt;Explores various thresholding techniques like Median Absolute Deviation (MAD), Min/Max, and Z-Score for interpreting Robust Random Cut Forest (RRCF) anomaly scores, crucial for classifying data points as normal or anomalous.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Mon, 15 May 2023 13:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2023-05-15:/blog/rrcf-thresholding/</guid><category>Technical</category><category>Anomaly Detection</category><category>Threat Detection</category></item><item><title>IP Threat Intelligence</title><link>https://www.peakhour.io/blog/ip-threat-intelligence/</link><description>&lt;p&gt;Comprehensive guide to IP threat intelligence for modern application security platforms. Learn how managed IP reputation lists and threat intelligence feeds protect applications from known malicious sources and emerging threats.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Fri, 15 Jul 2022 13:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2022-07-15:/blog/ip-threat-intelligence/</guid><category>Security</category><category>Threat Detection</category><category>DDoS</category><category>Rate Limiting</category><category>API Security</category><category>Bot Management</category><category>Networking</category></item><item><title>Intelligent Rate Limiting</title><link>https://www.peakhour.io/blog/rate-limiting/</link><description>&lt;p&gt;Comprehensive guide to intelligent rate limiting for modern application security platforms. Learn how sophisticated rate limiting protects APIs and web applications from abuse, DDoS attacks, and automated threats whilst maintaining optimal user experience.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Mon, 16 May 2022 13:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2022-05-16:/blog/rate-limiting/</guid><category>DDoS</category><category>Rate Limiting</category><category>DDoS</category><category>API Security</category><category>Bot Management</category><category>Application Security</category><category>Threat Detection</category></item><item><title>Why Manage Bots?</title><link>https://www.peakhour.io/blog/bad-bot-countermeasures/</link><description>&lt;p&gt;Comprehensive guide to enterprise bot management and advanced countermeasures for protecting applications against sophisticated malicious bot threats. Learn proven strategies for bot detection, mitigation, and automated defence systems.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Mon, 30 Nov 2020 13:00:00 +1100</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2020-11-30:/blog/bad-bot-countermeasures/</guid><category>Bots</category><category>Bot Management</category><category>DDoS</category><category>API Security</category><category>Threat Detection</category><category>Residential Proxies</category><category>Credential Stuffing</category></item><item><title>Application Performance Optimisation</title><link>https://www.peakhour.io/blog/introduction-to-website-performance-testing/</link><description>&lt;p&gt;A practical primer for finding where website requests lose time, from cache state and origin work to browser rendering.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Dan</dc:creator><pubDate>Sat, 12 Sep 2020 13:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2020-09-12:/blog/introduction-to-website-performance-testing/</guid><category>Performance</category><category>Application Security</category><category>DevSecOps</category><category>Drupal</category><category>DDoS</category><category>Threat Detection</category><category>Rate Limiting</category></item><item><title>Instant Alerts</title><link>https://www.peakhour.io/blog/instant-alerts/</link><description>&lt;p&gt;Introducing Instant Alerts, a new feature for receiving emails or SMS alerts when events happen on your site.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Dan</dc:creator><pubDate>Fri, 31 May 2019 13:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2019-05-31:/blog/instant-alerts/</guid><category>Features</category><category>DDoS</category><category>Threat Detection</category><category>DNS</category><category>CDN</category><category>Web Performance</category></item></channel></rss>