mitm attack demov2
TRANSCRIPT
Man-in-the-Middle Attack Demo
Presented by:
Stan EngelbrechtScott Lukasek
Introductions
– Stan Engelbrecht, 4th year CIS student • Concentration: Network & Security
• Background – Linux / Windows based systems administration – 3 years in IT and End-user support – Extensive experience in Troubleshooting
Introductions
– Scott Lukasek, 4th year CIS student • Concentration: Security • Minor: Communications
• Background – Linux, Mac OS X, Windows based system administration – Java, Python, C, C++, Bash, Shell, and HTML programming – 10 years Project Management / Estimator
Points of Discussion
– Relevancy – Basic Script Explanation
• Contributions by: – Timo Francke, Adrian Van Gemerden, Scott Lukasek
– Sslstrip Man-in-the-Middle Attack Demo – HSTS Mitigation Man-in-the-Middle
Attack Demo – Concluding Remarks – Q&A
Relevancy
– Ubiquitous internet access – Expected free WiFi – Lack of security – Gustav Nipe
Script – Airbase
Script – Sslstrip
Script – Ettercap
Demo - Simple
Mana-toolkit
– Developed by researchers from Sensepost:
• Dominic White and
• Ian de Villiers
Demo – HSTS Mitigated
Concluding Remarks – Pay attention to the URL
• Make sure that you see https://
» If it looks odd… don’t blindly trust your
connection
Q & A Stan Engelbrecht - [email protected] Scott Lukasek - [email protected]