Information Assurance Day Course Man-in-the-middle Attacks

Slides:

Advertisements

Similar presentations

Ethical Hacking Module VII Sniffers.

Advertisements

Network Vulnerabilities and Attacks Dr. John Abraham UTPA.

Man in the Middle Attack

SSL Man-in-the-Middle Attack over Wireless Vivek Ramachandran

A Software Keylogger Attack By Daniel Shapiro. Social Engineering Users follow “spoofed” s to counterfeit sites Users “give up” personal financial.

OPSEC Awareness Briefing Man-In-The-Middle Attacks (MITM)

UT Wing Civil Air Patrol. Objective Identify network and cyber vulnerabilities and mitigations Social Media/Metadata/Exfil data MITM Attacks Malware Social.

Man in the Middle Paul Box Beatrice Wilds Will Lefevers.

Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software

Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.

ISNE101 Dr. Ken Cosh Week 14. This Week  Challenges (still) facing Modern IS  Reliability  Security.

IBM Rational Application Security Group (aka Watchfire) Web Based Man In the Middle Attack © 2009 IBM Corporation 1 Active Man in the Middle Attacks The.

Wireless Networking & Security Greg Stabler Spencer Smith.

Easy Traffic Manipulation Techniques Using Scapy

Network Devices and Firewalls Lesson 14. It applies to our class…

SESSION HIJACKING It is a method of taking over a secure/unsecure Web user session by secretly obtaining the session ID and masquerading as an authorized.

Lecture 1 Introduction Dr. nermin hamza 1. Aim of Course Overview Cryptography Symmetric and Asymmetric Key management Researches topics 2.

DNS Security Risks Section 0x02. Joke/Cool thing traceroute traceroute c

It's Everywhere Point of Sale attacks ● The free WiFi is connected to the same DSL or cable service as the PoS computers ● Depending if this free WiFi.

TCP Sliding Windows For each TCP connection each hosts keep two Sliding Windows, send sliding window, and receive sliding window to make sure the correct.

Cyber Security and Computer Safety

Network and System Security Risk Assessment

Network security Vlasov Illia

Intro to Networks (part 1)

Koji Nakao, Dai Arisue NICT, Japan

Cryptography: an overview

HTTP and Abstraction on the Internet

Lesson Objectives Aims You should be able to:

Cybersecurity First Principles

Chapter 7: Identifying Advanced Attacks

Intercept X Early Access Program Root Cause Analysis

Prince Mohammad Bin Fahd University

Man in the middle attacks Demos

RCS v7 Infection Vectors

Google search not working on pc. Google Google is basically an American company Google is specialises in internet services Google have internet services.

Evaluating Existing Systems

LAN Vulnerabilities.

Daniel Kouril, Ivo Nutar Masaryk University

Daniel Kouril Sven Gabriel

Conquering all phases of the attack lifecycle

Cyber Security By: Pratik Gandhi.

Evaluating Existing Systems

Big Picture How many ways can a system be attacked? What can we do about it?

Intro to Ethical Hacking

Introduction Position your online or offline business

Information Assurance Day Course

Computer Networks: Domain Name System 1.

Man-in-the-Middle Attacks

Network Security Payton Turnage, Evan French, Austin Barnett, Zane Womack, Tristan Leavitt, Andrew Hubeli.

CS4622: Computer Networking

– Communication Technology in a Changing World

Network Security: IP Spoofing and Firewall

Malware, Phishing and Network Policies

CompTIA Security+ Study Guide (SY0-501)

ISNE101 Dr. Ken Cosh Week 13.

Intercept X Early Access Program Root Cause Analysis

What Makes a Network Vulnerable?

Unit 1.6 Systems security Lesson 2

Cyber Security and Computer Safety

Lecture 2 - SQL Injection

Faculty of Science IT Department By Raz Dara MA.

Outline Using cryptography in networks IPSec SSL and TLS.

Motivation and Problem Statement

Cyber security and Computer Misuse

Active Man in the Middle Attacks

DNS Cache Poisoning.

Week 7 - Wednesday CS363.

CIS101B Week 4 Class 8 Chapter to To the End of Chapter 12.

Presentation transcript:

Information Assurance Day Course Man-in-the-middle Attacks

Outline Introduction The Exercise The Concept of MITM Networking Overview How to become the MITM What can you do with that? The Exercise Jasager Demo

Introduction – MITM User Attacker Service The concept is relatively simple. If you sit in between a user and the service they're trying to use, you are able to manipulate that interaction in any way you want. This manipulation may be hard to detect for the user, and can be leveraged to gain access to that user's sensitive data or even compromise that user's computer.

Introduction – Networking There are many ways that the network can be exploited to start intercepting traffic from a user. There are many components involved in networking, and they are generally represented like so in the OSI model: Explain the attacks at different layers. * Physical – hubs, tabs (show off our ninja star tap!) * Data Link/Network – ARP spoofing * Presentation/Application – DNS spoofing & poisoning, redirects, SSL weaknesses http://en.wikipedia.org/OSI_model

Introduction – Becoming the MITM We've already discussed some of the attacks, but the easiest and most common ways include ARP spoofing and physically inserting yourself in the middle. The second one is interesting because it doesn't necessarily require any sort of technical exploitation. Think about “free wifi” for a moment... Restaurants Hotels Airports

Introduction – Post-Exploitation So, specifically, what can you do when you control all of a user's traffic? Inject whatever you want into the pages they view. Advertisements = $$$$ Malware Sniff all data to/from that user. Blackmail Steal credentials Redirect their traffic wherever you want.

Jasager Demo