Unveiling the cloak: A behind-the-scenes look at what happens when you click that link

We are going to introduce you to the world of cloaking: how it evolved from simple IP filtering to the sophisticated platforms used for fraud and bot detection.

Web cloaking is a technique used to circumvent the automatic content analysis systems used by major ad networks and content providers. Cloaking systems are used by those trying to publish content that would otherwise be blocked by content providers. Examples vary from regulated industries like pornography or cryptocurrencies to malware-distributing websites and political propaganda.

You will learn about the demand for services offering moderation circumvention, the levels of sophistication for various players in the market, and what can be done to defeat web cloaking successfully. We will discuss our adventures of buying the most advanced web cloaking service and thoroughly dissecting it. Ilya works with user-generated content platforms and Sergey works on web traffic automation detection. We will discuss how much web cloaking has in common with modern fraud and automated detection systems.
We will go over web cloaking campaign survival time (some systems advertise their services lasting up to 3 months); the techniques developers use to achieve these numbers; and strategies they use to stay undetected for so long.

We will conclude by overviewing existing methodologies used to minimize the negative effects of web cloaking and suggest new defense mechanisms.

Ilya Nesterov


Ilya Nesterov is currently a threat research scientist at Facebook. Before Facebook Ilya worked as a research scientist at Shape Security and managed a team at F5 Networks. His interests include, but are not limited to, modern mobile and web application security threats and countermeasures, botnets, malware, exploits and honeypot development. Ilya also works as an independent security researcher and is a speaker on security topics. He presented at various conferences like BlackHat, OWASP AppSec, PHDays, Power of Community, BSidesSF and many others.

Sergey Shekyan

Shape Security

Sergey Shekyan is an engineer at Shape Security where he is focused on developing tools to detect automated web attacks.

Social sharing