Presentation is loading. Please wait.

Presentation is loading. Please wait.

Man-in-the-Middle Attacks

Published byIrmak Özker Modified over 5 years ago

Similar presentations

Presentation on theme: "Man-in-the-Middle Attacks"— Presentation transcript:

1 Man-in-the-Middle Attacks
By: Eamon Callahan and Matthew Harris

2 Many Abbreviations MiM MItM MitM MITM MIM

3 How It Works Attacker "eavesdrops" on conversation
Impersonates both parties, receives and forwards conversation Goal is to gain information without any party knowing

4

5 How It Works

6 Types: Email Hijacking
Bad guys gain access to account Read s without making changes May eventually send an changing account number to pay to Often aimed at businesses to steal client info Prevention: KEEP YOUR SECURE

7 Types: DNS Spoofing Technique in which the attacker (Chris) supplies false DNS (Domain Naming System) information to the victim host so that they are sent to a fake website at a different IP address than the one they are searching for. 

8 Types: WiFi Eavesdropping
Bad guys set up “Free Wifi” connection and monitor all traffic that goes through it Can grab passwords, user IDs, account numbers, etc Bad guys can use tools like WireShark and simply read packets as they are sent Tools can even reassemble packets into viewable web pages Prevention: DON’T USE UNSECURED WIFI POINTS FOR ANY IMPORTANT LOGIN

9 NSA and GSCHQ Impersonation of Google
September 2013 it was discovered as part of the latest NSA scandal that the agency (along with British counterpart GSCHQ) had the ability to and employed it to hack a target’s Internet router and covertly redirect targeted Google traffic using a fake security certificate so it could intercept the information in unencrypted format. A program called Flying Pig was used to overcome the increase in use of SSL encryption by providers. The system appears to allow it to identify information related to use of the anonymity browser Tor (it has the option to query “Tor events”) and also allows spies to collect information about specific SSL encryption certificates.

10 BlueTooth Vulnerabilites
Devices accessed via Bluetooth Android, iOS, Linux, Windows Bluetooth used to propagate malware Ransomware, BotNets, etc. “These silent attacks are invisible to traditional security controls and procedures. Companies don't monitor these types of device-to-device connections in their environment, so they can't see these attacks or stop them” no-user-action/article/688067/

Download ppt "Man-in-the-Middle Attacks"

Similar presentations

Ethical Hacking Module VII Sniffers.

Ethical Hacking Module VII Sniffers.
Network Vulnerabilities and Attacks Dr. John Abraham UTPA.

Network Vulnerabilities and Attacks Dr. John Abraham UTPA.
SCADA Security, DNS Phishing

SCADA Security, DNS Phishing
Lunker: The Advanced Phishing Framework

Lunker: The Advanced Phishing Framework
Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.

Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.
Session Hijacking Why web security depends on communications security and how TLS everywhere is the only solution. Scott Helme - 6th Aug 2013 - scotthel.me.

Session Hijacking Why web security depends on communications security and how TLS everywhere is the only solution. Scott Helme - 6th Aug scotthel.me.
Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.

Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Introduction to Security Computer Networks Computer Networks Term B10.

Introduction to Security Computer Networks Computer Networks Term B10.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
Phishing – Read Behind The Lines Veljko Pejović

Phishing – Read Behind The Lines Veljko Pejović
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Demonstrating HTTP Session Hijacking through ARP Cache Poisoning and Man-in-the-Middle Attack and exploring HTTPS and VOIP session vulnerabilities Mainuddin.

Demonstrating HTTP Session Hijacking through ARP Cache Poisoning and Man-in-the-Middle Attack and exploring HTTPS and VOIP session vulnerabilities Mainuddin.
Man in the Middle attacks and ARP poisoning explained

Man in the Middle attacks and ARP poisoning explained
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
Session Hijacking & ARP Poisoning Why web security depends on communications security and how TLS everywhere is the only solution.

Session Hijacking & ARP Poisoning Why web security depends on communications security and how TLS everywhere is the only solution.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Cyber Crimes.

Cyber Crimes.
1 Monitoring mobile communication network, how does it work? How to prevent such thing about that? 潘維亞 (P78017058) 周明哲 (P48027049) 劉子揚 (N96011156)

1 Monitoring mobile communication network, how does it work? How to prevent such thing about that? 潘維亞 (P ) 周明哲 (P ) 劉子揚 (N )

Similar presentations

Ads by Google