Ever noticed that when you host a new website, it almost immediately starts receiving a surprising number of requests from all over the world? Most of these aren’t real users; they're automated bots probing your application to learn more about your system.

Every request contains hidden clues: technical details that can reveal what (or who) is actually calling your service. In this talk, we’ll dissect those requests and explore how we can determine, on the server side, whether we’re dealing with a bot or a genuine user.

We can use these techniques to guard our Red teaming infrastructures, to limit detection and block the prying eyes of Soc Analyst and other security vendors. But ofcourse it can be used for any type of application.

Want to see what the bots couldn’t? Watch my talk!