1 / 7

Information Assurance Day Course

Information Assurance Day Course. Man-in-the-middle Attacks Devin Cook, Auburn University. Outline. Introduction The Concept of MITM Networking Overview How to become the MITM What can you do with that? The Exercise Jasager Demo. Introduction – MITM. User. Attacker. Service.

gefen
Download Presentation

Information Assurance Day Course

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Assurance Day Course Man-in-the-middle Attacks Devin Cook, Auburn University

  2. Outline • Introduction • The Concept of MITM • Networking Overview • How to become the MITM • What can you do with that? • The Exercise • Jasager Demo

  3. Introduction – MITM User Attacker Service

  4. Introduction – Networking There are many ways that the network can be exploited to start intercepting traffic from a user. There are many components involved in networking, and they are generally represented like so in the OSI model: http://en.wikipedia.org/OSI_model

  5. Introduction – Becoming the MITM We've already discussed some of the attacks, but the easiest and most common ways include ARP spoofing and physically inserting yourself in the middle. The second one is interesting because it doesn't necessarily require any sort of technical exploitation. Think about “free wifi” for a moment... • Restaurants • Hotels • Airports

  6. Introduction – Post-Exploitation So, specifically, what can you do when you control all of a user's traffic? • Inject whatever you want into the pages they view. • Advertisements = $$$$ • Malware • Sniff all data to/from that user. • Blackmail • Steal credentials • Redirect their traffic wherever you want.

  7. Jasager Demo

More Related