Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Assurance Day Course Man-in-the-middle Attacks

Published byLester Cannon Modified over 5 years ago

Similar presentations

Presentation on theme: "Information Assurance Day Course Man-in-the-middle Attacks"— Presentation transcript:

1 Information Assurance Day Course Man-in-the-middle Attacks

2 Outline Introduction The Exercise The Concept of MITM
Networking Overview How to become the MITM What can you do with that? The Exercise Jasager Demo

3 Introduction – MITM User Attacker Service
The concept is relatively simple. If you sit in between a user and the service they're trying to use, you are able to manipulate that interaction in any way you want. This manipulation may be hard to detect for the user, and can be leveraged to gain access to that user's sensitive data or even compromise that user's computer.

4 Introduction – Networking
There are many ways that the network can be exploited to start intercepting traffic from a user. There are many components involved in networking, and they are generally represented like so in the OSI model: Explain the attacks at different layers. * Physical – hubs, tabs (show off our ninja star tap!) * Data Link/Network – ARP spoofing * Presentation/Application – DNS spoofing & poisoning, redirects, SSL weaknesses

5 Introduction – Becoming the MITM
We've already discussed some of the attacks, but the easiest and most common ways include ARP spoofing and physically inserting yourself in the middle. The second one is interesting because it doesn't necessarily require any sort of technical exploitation. Think about “free wifi” for a moment... Restaurants Hotels Airports

6 Introduction – Post-Exploitation
So, specifically, what can you do when you control all of a user's traffic? Inject whatever you want into the pages they view. Advertisements = $$$$ Malware Sniff all data to/from that user. Blackmail Steal credentials Redirect their traffic wherever you want.

7 Jasager Demo

Download ppt "Information Assurance Day Course Man-in-the-middle Attacks"

Similar presentations

Ethical Hacking Module VII Sniffers.

Ethical Hacking Module VII Sniffers.
Network Vulnerabilities and Attacks Dr. John Abraham UTPA.

Network Vulnerabilities and Attacks Dr. John Abraham UTPA.
Man in the Middle Attack

Man in the Middle Attack
SSL Man-in-the-Middle Attack over Wireless Vivek Ramachandran

SSL Man-in-the-Middle Attack over Wireless Vivek Ramachandran
A Software Keylogger Attack By Daniel Shapiro. Social Engineering Users follow “spoofed” emails to counterfeit sites Users “give up” personal financial.

A Software Keylogger Attack By Daniel Shapiro. Social Engineering Users follow “spoofed” s to counterfeit sites Users “give up” personal financial.
OPSEC Awareness Briefing Man-In-The-Middle Attacks (MITM)

OPSEC Awareness Briefing Man-In-The-Middle Attacks (MITM)
UT Wing Civil Air Patrol. Objective Identify network and cyber vulnerabilities and mitigations Social Media/Metadata/Exfil data MITM Attacks Malware Social.

UT Wing Civil Air Patrol. Objective Identify network and cyber vulnerabilities and mitigations Social Media/Metadata/Exfil data MITM Attacks Malware Social.
Man in the Middle Paul Box Beatrice Wilds Will Lefevers.

Man in the Middle Paul Box Beatrice Wilds Will Lefevers.
Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software

Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software
Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.

Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.
ISNE101 Dr. Ken Cosh Week 14. This Week  Challenges (still) facing Modern IS  Reliability  Security.

ISNE101 Dr. Ken Cosh Week 14. This Week  Challenges (still) facing Modern IS  Reliability  Security.
IBM Rational Application Security Group (aka Watchfire) Web Based Man In the Middle Attack © 2009 IBM Corporation 1 Active Man in the Middle Attacks The.

IBM Rational Application Security Group (aka Watchfire) Web Based Man In the Middle Attack © 2009 IBM Corporation 1 Active Man in the Middle Attacks The.
Wireless Networking & Security Greg Stabler Spencer Smith.

Wireless Networking & Security Greg Stabler Spencer Smith.
Easy Traffic Manipulation Techniques Using Scapy

Easy Traffic Manipulation Techniques Using Scapy
Network Devices and Firewalls Lesson 14. It applies to our class…

Network Devices and Firewalls Lesson 14. It applies to our class…
SESSION HIJACKING It is a method of taking over a secure/unsecure Web user session by secretly obtaining the session ID and masquerading as an authorized.

SESSION HIJACKING It is a method of taking over a secure/unsecure Web user session by secretly obtaining the session ID and masquerading as an authorized.
Lecture 1 Introduction Dr. nermin hamza 1. Aim of Course Overview Cryptography Symmetric and Asymmetric Key management Researches topics 2.

Lecture 1 Introduction Dr. nermin hamza 1. Aim of Course Overview Cryptography Symmetric and Asymmetric Key management Researches topics 2.
DNS Security Risks Section 0x02. Joke/Cool thing traceroute 216.81.59.173 traceroute 216.81.59.173 https://www.youtube.com/watch?v=5_dRqPLP1d c https://www.youtube.com/watch?v=5_dRqPLP1d.

DNS Security Risks Section 0x02. Joke/Cool thing traceroute traceroute c
It's Everywhere Point of Sale attacks ● The free WiFi is connected to the same DSL or cable service as the PoS computers ● Depending if this free WiFi.

It's Everywhere Point of Sale attacks ● The free WiFi is connected to the same DSL or cable service as the PoS computers ● Depending if this free WiFi.
TCP Sliding Windows For each TCP connection each hosts keep two Sliding Windows, send sliding window, and receive sliding window to make sure the correct.

TCP Sliding Windows For each TCP connection each hosts keep two Sliding Windows, send sliding window, and receive sliding window to make sure the correct.

Similar presentations

Ads by Google