Presentation is loading. Please wait.

Presentation is loading. Please wait.

MIS 5212.001 Week 9 Site:

Published byDamon Gilbert Modified over 8 years ago

Similar presentations

Presentation on theme: "MIS 5212.001 Week 9 Site:"— Presentation transcript:

1 MIS 5212.001 Week 9 Site: http://community.mis.temple.edu/mis5212sec001s16/ http://community.mis.temple.edu/mis5212sec001s16/

2  In the news  Last Presentations  WebGoat Issues  Ettercap  Next Week 2MIS 5212.001

3 3

4  Submitted  http://krebsonsecurity.com/2016/03/seagate-phish- exposes-all-employee-w-2s/ http://krebsonsecurity.com/2016/03/seagate-phish- exposes-all-employee-w-2s/  http://www.cnet.com/news/not-in-my-house-amazons- unencrypted-devices-a-sitting-target-cybersecurity- experts-say/ http://www.cnet.com/news/not-in-my-house-amazons- unencrypted-devices-a-sitting-target-cybersecurity- experts-say/  http://thehackernews.com/2016/03/subgraph-secure- operating-system.html http://thehackernews.com/2016/03/subgraph-secure- operating-system.html  http://www.bbc.com/news/technology-31042477 (Chips under skin) http://www.bbc.com/news/technology-31042477  http://www.philly.com/philly/news/20160226_Apple_f ights_FBI_s_iPhone_demand_as__oppressive_.html http://www.philly.com/philly/news/20160226_Apple_f ights_FBI_s_iPhone_demand_as__oppressive_.html  http://www.bbc.com/news/uk-35750127 (GCHQ on Apple) http://www.bbc.com/news/uk-35750127 MIS 5212.0014

5  Submitted  http://www.homelandsecuritynewswire.com/dr2016020 4-vulnerability-found-in-in-twofactor- authentication?page=0,1 http://www.homelandsecuritynewswire.com/dr2016020 4-vulnerability-found-in-in-twofactor- authentication?page=0,1  http://www.afr.com/technology/web/security/pwc- creates-cyber-security-game-to-let-board-members-play- as-hackers-20160229-gn713x http://www.afr.com/technology/web/security/pwc- creates-cyber-security-game-to-let-board-members-play- as-hackers-20160229-gn713x  http://n4bb.com/amazon-shocks-cybersecurity-experts- disables-fire-os-5-encryption-update-promises-reverse/ http://n4bb.com/amazon-shocks-cybersecurity-experts- disables-fire-os-5-encryption-update-promises-reverse/  http://thehackernews.com/2016/03/mac-os-x- ransomware.html http://thehackernews.com/2016/03/mac-os-x- ransomware.html  http://techcrunch.com/2016/03/07/apple-has-shut- down-the-first-fully-functional-mac-os-x-ransomware/ http://techcrunch.com/2016/03/07/apple-has-shut- down-the-first-fully-functional-mac-os-x-ransomware/ MIS 5212.0015

6  What I noted  http://www.latimes.com/business/technology/la- fi-tn-snapchat-phishing-attack-20160228-story.html http://www.latimes.com/business/technology/la- fi-tn-snapchat-phishing-attack-20160228-story.html  http://www.cnbc.com/2016/03/06/reuters- america-apple-users-targeted-in-first-known-mac- ransomware-campaign.html http://www.cnbc.com/2016/03/06/reuters- america-apple-users-targeted-in-first-known-mac- ransomware-campaign.html  http://www.pcworld.com/article/3041115/security /mits-new-5-atom-quantum-computer-could- transform-encryption.html#tk.rss_all http://www.pcworld.com/article/3041115/security /mits-new-5-atom-quantum-computer-could- transform-encryption.html#tk.rss_all  http://datagenetics.com/blog/september32012/ind ex.html (Pin Guessing) http://datagenetics.com/blog/september32012/ind ex.html MIS 5212.0016

7 7

8  Access Control Flaws  Stage 1  Stage 3  Authentication Flaws  Cross-Site Scripting  Phishing  Stage 1  Stage 5  Reflected XSS Attacks  Improper Error Handling  Fail Open Authentication Scheme MIS 5212.0018

9  Injection Flaws:  Command Injection: " & netstat -ant & ifconfig“  Numerical SQL Injection: or 1=1  Log Spoofing  XPATH Injection  String SQL Injection  Modifying Data with SQL Injection  Adding Data with SQL Injection  Blind Numeric SQL Injection  Blind String SQL Injection MIS 5212.0019

10 10  Intercepting traffic Source: http://www.valencynetworks.com/articles/cyber-attacks-explained- man-in-the-middle-attack.html

11  Ettercap supports active and passive dissection of many protocols (including ciphered ones).  Ettercap offers four modes of operation:  IP-based: packets are filtered based on IP source and destination.  MAC-based: packets are filtered based on MAC address, useful for sniffing connections through a gateway.  ARP-based: uses ARP poisoning to sniff on a switched LAN between two hosts (full-duplex).  PublicARP-based: uses ARP poisoning to sniff on a switched LAN from a victim host to all other hosts (half- duplex). MIS 5212.00111

12  Other Features:  Character injection  SSH1 support: the sniffing of a username and password  HTTPS support: the sniffing of HTTP SSL secured data—even  Remote traffic through a GRE tunnel  Plug-in support  Password collectors for: TELNET, FTP, POP, IMAP, rlogin, SSH1, ICQ, SMB, MySQL, HTTP, NNTP, X11, Napster, IRC, RIP, BGP, SOCKS 5, IMAP 4, VNC, LDAP, NFS, SNMP, Half- Life, Quake 3, MSN, YMSG  Packet filtering/dropping  OS fingerprinting  Kill a connection  Passive scanning of the LAN  Hijacking of DNS requests MIS 5212.00112

13  A tool for performing man in the middle attacks  Pre-installed in Kali MIS 5212.00113

14  After Launch: MIS 5212.00114

15  Click “Unified Sniffing” MIS 5212.00115

16  Select Your Network Connection (May not be same) MIS 5212.00116

17  Now we will see who is out there: MIS 5212.00117

18  Available Hosts, I’m going after the last one! MIS 5212.00118

19  Setup to ARP Poison MIS 5212.00119

20  Doesn’t Work in a VM  You will need real machines on a switch to get this fully functioning  A good walkthrough is  http://www.thegeekstuff.com/2012/05/ettercap- tutorial/ http://www.thegeekstuff.com/2012/05/ettercap- tutorial/ MIS 5212.00120

21  In the news  Intro to Wireless MIS 5212.00121

22 ? MIS 5212.00122

Download ppt "MIS 5212.001 Week 9 Site:"

Similar presentations

Ethical Hacking Module VII Sniffers.

Ethical Hacking Module VII Sniffers.
Webgoat.

Webgoat.
Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.

Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.
Security Lab 2 MAN IN THE MIDDLE ATTACK

Security Lab 2 MAN IN THE MIDDLE ATTACK
Man in the Middle Attack

Man in the Middle Attack
Matthew Sullivan Information Assurance Student Group March 8, 2010.

Matthew Sullivan Information Assurance Student Group March 8, 2010.
Sniffing in a Switched Network -With A Recipe To Hack A Switch Using Ettercap and Ethereal -Manu GargManu Garg manugarg at gmail.

Sniffing in a Switched Network -With A Recipe To Hack A Switch Using Ettercap and Ethereal -Manu GargManu Garg manugarg at gmail.
Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.

Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.
Dr. Igor Santos.  Denial of Service  Man in the middle  ICMP attacks 2.

Dr. Igor Santos.  Denial of Service  Man in the middle  ICMP attacks 2.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.

Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.
“All your layer are belong to us” Rogue 802.11 APs, DHCP/DNS Servers, and Fake Service Traps.

“All your layer are belong to us” Rogue APs, DHCP/DNS Servers, and Fake Service Traps.
Network Attacks Mark Shtern.

Network Attacks Mark Shtern.
Man in the Middle Paul Box Beatrice Wilds Will Lefevers.

Man in the Middle Paul Box Beatrice Wilds Will Lefevers.
Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.

Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.
Demonstrating HTTP Session Hijacking through ARP Cache Poisoning and Man-in-the-Middle Attack and exploring HTTPS and VOIP session vulnerabilities Mainuddin.

Demonstrating HTTP Session Hijacking through ARP Cache Poisoning and Man-in-the-Middle Attack and exploring HTTPS and VOIP session vulnerabilities Mainuddin.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
MIS 5212.001 Week 11 Site:

MIS Week 11 Site:
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

Similar presentations

Ads by Google