Information Assurance Day Course Man-in-the-middle Attacks

Slides:



Advertisements
Similar presentations
Ethical Hacking Module VII Sniffers.
Advertisements

Network Vulnerabilities and Attacks Dr. John Abraham UTPA.
Man in the Middle Attack
SSL Man-in-the-Middle Attack over Wireless Vivek Ramachandran
A Software Keylogger Attack By Daniel Shapiro. Social Engineering Users follow “spoofed” s to counterfeit sites Users “give up” personal financial.
OPSEC Awareness Briefing Man-In-The-Middle Attacks (MITM)
UT Wing Civil Air Patrol. Objective Identify network and cyber vulnerabilities and mitigations Social Media/Metadata/Exfil data MITM Attacks Malware Social.
Man in the Middle Paul Box Beatrice Wilds Will Lefevers.
Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software
Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.
ISNE101 Dr. Ken Cosh Week 14. This Week  Challenges (still) facing Modern IS  Reliability  Security.
IBM Rational Application Security Group (aka Watchfire) Web Based Man In the Middle Attack © 2009 IBM Corporation 1 Active Man in the Middle Attacks The.
Wireless Networking & Security Greg Stabler Spencer Smith.
Easy Traffic Manipulation Techniques Using Scapy
Network Devices and Firewalls Lesson 14. It applies to our class…
SESSION HIJACKING It is a method of taking over a secure/unsecure Web user session by secretly obtaining the session ID and masquerading as an authorized.
Lecture 1 Introduction Dr. nermin hamza 1. Aim of Course Overview Cryptography Symmetric and Asymmetric Key management Researches topics 2.
DNS Security Risks Section 0x02. Joke/Cool thing traceroute traceroute c
It's Everywhere Point of Sale attacks ● The free WiFi is connected to the same DSL or cable service as the PoS computers ● Depending if this free WiFi.
TCP Sliding Windows For each TCP connection each hosts keep two Sliding Windows, send sliding window, and receive sliding window to make sure the correct.
Mitm.
Cyber Security and Computer Safety
Network and System Security Risk Assessment
Network security Vlasov Illia
Intro to Networks (part 1)
Koji Nakao, Dai Arisue NICT, Japan
Cryptography: an overview
HTTP and Abstraction on the Internet
Lesson Objectives Aims You should be able to:
Cybersecurity First Principles
Chapter 7: Identifying Advanced Attacks
Intercept X Early Access Program Root Cause Analysis
Prince Mohammad Bin Fahd University
Man in the middle attacks Demos
RCS v7 Infection Vectors
Google search not working on pc. Google Google is basically an American company Google is specialises in internet services Google have internet services.
Evaluating Existing Systems
LAN Vulnerabilities.
Daniel Kouril, Ivo Nutar Masaryk University
Daniel Kouril Sven Gabriel
Conquering all phases of the attack lifecycle
Cyber Security By: Pratik Gandhi.
Evaluating Existing Systems
Big Picture How many ways can a system be attacked? What can we do about it?
Intro to Ethical Hacking
Introduction Position your online or offline business
Information Assurance Day Course
Computer Networks: Domain Name System 1.
Man-in-the-Middle Attacks
Network Security Payton Turnage, Evan French, Austin Barnett, Zane Womack, Tristan Leavitt, Andrew Hubeli.
CS4622: Computer Networking
– Communication Technology in a Changing World
Network Security: IP Spoofing and Firewall
Malware, Phishing and Network Policies
CompTIA Security+ Study Guide (SY0-501)
ISNE101 Dr. Ken Cosh Week 13.
Intercept X Early Access Program Root Cause Analysis
What Makes a Network Vulnerable?
Unit 1.6 Systems security Lesson 2
Cyber Security and Computer Safety
Lecture 2 - SQL Injection
Faculty of Science IT Department By Raz Dara MA.
Outline Using cryptography in networks IPSec SSL and TLS.
Motivation and Problem Statement
Cyber security and Computer Misuse
Active Man in the Middle Attacks
Layered Tasks.
DNS Cache Poisoning.
Week 7 - Wednesday CS363.
CIS101B Week 4 Class 8 Chapter to To the End of Chapter 12.
Presentation transcript:

Information Assurance Day Course Man-in-the-middle Attacks

Outline Introduction The Exercise The Concept of MITM Networking Overview How to become the MITM What can you do with that? The Exercise Jasager Demo

Introduction – MITM User Attacker Service The concept is relatively simple. If you sit in between a user and the service they're trying to use, you are able to manipulate that interaction in any way you want. This manipulation may be hard to detect for the user, and can be leveraged to gain access to that user's sensitive data or even compromise that user's computer.

Introduction – Networking There are many ways that the network can be exploited to start intercepting traffic from a user. There are many components involved in networking, and they are generally represented like so in the OSI model: Explain the attacks at different layers. * Physical – hubs, tabs (show off our ninja star tap!) * Data Link/Network – ARP spoofing * Presentation/Application – DNS spoofing & poisoning, redirects, SSL weaknesses http://en.wikipedia.org/OSI_model

Introduction – Becoming the MITM We've already discussed some of the attacks, but the easiest and most common ways include ARP spoofing and physically inserting yourself in the middle. The second one is interesting because it doesn't necessarily require any sort of technical exploitation. Think about “free wifi” for a moment... Restaurants Hotels Airports

Introduction – Post-Exploitation So, specifically, what can you do when you control all of a user's traffic? Inject whatever you want into the pages they view. Advertisements = $$$$ Malware Sniff all data to/from that user. Blackmail Steal credentials Redirect their traffic wherever you want.

Jasager Demo

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.