Enviar pesquisa
Carregar
Ralph durkee ssl_mitm_v1
•
0 gostou
•
328 visualizações
H
hexagon0978
Seguir
Tecnologia
Educação
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 7
Baixar agora
Baixar para ler offline
Recomendados
Is DNS a Part of Your Cyber Security Strategy?
Is DNS a Part of Your Cyber Security Strategy?
Digital Transformation EXPO Event Series
RFID-tekniikka kirjastoissa
RFID-tekniikka kirjastoissa
Petteri Kivimäki
2013 eBook Self Publisher Research Survey Results
2013 eBook Self Publisher Research Survey Results
David Wogahn
Cloud storage
Cloud storage
lfeaza
Strengthen DNS Through Infrastructure Design
Strengthen DNS Through Infrastructure Design
APNIC
Dns Hardening Linux Os
Dns Hardening Linux Os
ecarrow
HARDENING IN APACHE WEB SERVER
HARDENING IN APACHE WEB SERVER
Utah Networxs Consultoria e Treinamento
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
OpenDNS
Recomendados
Is DNS a Part of Your Cyber Security Strategy?
Is DNS a Part of Your Cyber Security Strategy?
Digital Transformation EXPO Event Series
RFID-tekniikka kirjastoissa
RFID-tekniikka kirjastoissa
Petteri Kivimäki
2013 eBook Self Publisher Research Survey Results
2013 eBook Self Publisher Research Survey Results
David Wogahn
Cloud storage
Cloud storage
lfeaza
Strengthen DNS Through Infrastructure Design
Strengthen DNS Through Infrastructure Design
APNIC
Dns Hardening Linux Os
Dns Hardening Linux Os
ecarrow
HARDENING IN APACHE WEB SERVER
HARDENING IN APACHE WEB SERVER
Utah Networxs Consultoria e Treinamento
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
OpenDNS
Early Detection of Malicious Activity—How Well Do You Know Your DNS?
Early Detection of Malicious Activity—How Well Do You Know Your DNS?
Priyanka Aash
The evolving threat in the face of increased connectivity
The evolving threat in the face of increased connectivity
APNIC
Module 5 Sniffers
Module 5 Sniffers
leminhvuong
SIPNOC 2014 - Is It Time For TLS for SIP?
SIPNOC 2014 - Is It Time For TLS for SIP?
Dan York
Privacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August Meeting
Jose L. Quiñones-Borrero
Web Application Security
Web Application Security
MarketingArrowECS_CZ
SonicWall
SonicWall
NEOTD Tech Events .
DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16
Radware
Digital self defense
Digital self defense
Henrik Jacobsen
Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2
Frank Lesniak
Security in network
Security in network
DaNang University of Technology
20070605 Radware
20070605 Radware
INFOTIME
The Application Layer ...
The Application Layer ...
ebrahimelamin20
DNS как линия защиты/DNS as a Defense Vector
DNS как линия защиты/DNS as a Defense Vector
Positive Hack Days
Analyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-time
DataWorks Summit
ION Hangzhou - Why Deploy DNSSEC?
ION Hangzhou - Why Deploy DNSSEC?
Deploy360 Programme (Internet Society)
SonicWALL - Skytek - VnPro.pptx
SonicWALL - Skytek - VnPro.pptx
ssuser813dcd
DDoS Mitigation on the Front Line with RedShield
DDoS Mitigation on the Front Line with RedShield
Sam Pickles
Let's Encrypt + DANE
Let's Encrypt + DANE
Deploy360 Programme (Internet Society)
Network ssecurity toolkit
Network ssecurity toolkit
أحلام انصارى
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
wesley chun
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
Mais conteúdo relacionado
Semelhante a Ralph durkee ssl_mitm_v1
Early Detection of Malicious Activity—How Well Do You Know Your DNS?
Early Detection of Malicious Activity—How Well Do You Know Your DNS?
Priyanka Aash
The evolving threat in the face of increased connectivity
The evolving threat in the face of increased connectivity
APNIC
Module 5 Sniffers
Module 5 Sniffers
leminhvuong
SIPNOC 2014 - Is It Time For TLS for SIP?
SIPNOC 2014 - Is It Time For TLS for SIP?
Dan York
Privacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August Meeting
Jose L. Quiñones-Borrero
Web Application Security
Web Application Security
MarketingArrowECS_CZ
SonicWall
SonicWall
NEOTD Tech Events .
DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16
Radware
Digital self defense
Digital self defense
Henrik Jacobsen
Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2
Frank Lesniak
Security in network
Security in network
DaNang University of Technology
20070605 Radware
20070605 Radware
INFOTIME
The Application Layer ...
The Application Layer ...
ebrahimelamin20
DNS как линия защиты/DNS as a Defense Vector
DNS как линия защиты/DNS as a Defense Vector
Positive Hack Days
Analyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-time
DataWorks Summit
ION Hangzhou - Why Deploy DNSSEC?
ION Hangzhou - Why Deploy DNSSEC?
Deploy360 Programme (Internet Society)
SonicWALL - Skytek - VnPro.pptx
SonicWALL - Skytek - VnPro.pptx
ssuser813dcd
DDoS Mitigation on the Front Line with RedShield
DDoS Mitigation on the Front Line with RedShield
Sam Pickles
Let's Encrypt + DANE
Let's Encrypt + DANE
Deploy360 Programme (Internet Society)
Network ssecurity toolkit
Network ssecurity toolkit
أحلام انصارى
Semelhante a Ralph durkee ssl_mitm_v1
(20)
Early Detection of Malicious Activity—How Well Do You Know Your DNS?
Early Detection of Malicious Activity—How Well Do You Know Your DNS?
The evolving threat in the face of increased connectivity
The evolving threat in the face of increased connectivity
Module 5 Sniffers
Module 5 Sniffers
SIPNOC 2014 - Is It Time For TLS for SIP?
SIPNOC 2014 - Is It Time For TLS for SIP?
Privacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August Meeting
Web Application Security
Web Application Security
SonicWall
SonicWall
DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16
Digital self defense
Digital self defense
Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2
Security in network
Security in network
20070605 Radware
20070605 Radware
The Application Layer ...
The Application Layer ...
DNS как линия защиты/DNS as a Defense Vector
DNS как линия защиты/DNS as a Defense Vector
Analyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-time
ION Hangzhou - Why Deploy DNSSEC?
ION Hangzhou - Why Deploy DNSSEC?
SonicWALL - Skytek - VnPro.pptx
SonicWALL - Skytek - VnPro.pptx
DDoS Mitigation on the Front Line with RedShield
DDoS Mitigation on the Front Line with RedShield
Let's Encrypt + DANE
Let's Encrypt + DANE
Network ssecurity toolkit
Network ssecurity toolkit
Último
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
wesley chun
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
The Digital Insurer
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Khem
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Neo4j
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
naman860154
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
Pixlogix Infotech
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
Último
(20)
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Ralph durkee ssl_mitm_v1
1.
SSL Man-in-the-Middle
Attacks with Dsniff Rochester OWASP & ISSA Chapters Ralph Durkee Durkee Consulting, Inc. rd@rd1.net
2.
Ralph Durkee Background Founder
of Durkee Consulting since 1996 Founder of Rochester OWASP since 2004 President of Rochester ISSA chapter SANS Instructor and course developer Application Security, development, auditing, PCI compliance, pen testing and consulting CIS (Center for Internet Security) – development of benchmark security standards – Apache, Linux, BIND DNS, OpenLDAP, FreeRadius, Unix, FreeBSD Rochester Area Security Consulting, Ethical Hacking and Auditing Hacking Trends © 2005-2010 Durkee Consulting, Inc. 2
3.
dsniff- Suite of
MITM tools MITM = Man-in-the-Middle Includes : dsniff - password sniffer arpspoof – Arp cache poisoning macof – flood switch with MAC addresses dnsspoof – DNS cache poisoning webmitm – HTTP / HTTPS MITM tcpkill – Kills TCP connections with RST tcpnice - Slows down TCP connection Hacking Trends © 2005-2010 Durkee Consulting, Inc. 3
4.
More dsniff tools Also
includes : filesnarf – graps files from NFS traffic mailsnarf – grabs emails from SMTP and POP3 traffic msgsnarf - grabs messages from IM traffic (AIM, ICQ, IRC, MSN, Yahoo) urlsnarf – grabs URLS from HTTP traffic webspy – sends sniffed URL’s from HTTP to local browser to spy on web traffic sshmitm – MITM on SSHv1 captures ssh passwords. Hacking Trends © 2005-2010 Durkee Consulting, Inc. 4
5.
Resources - Rochester
Non-Profit Groups & Events OWASP Rochester Chapter Information http://www.OWASP.org/rochester Rochester Security Summit Oct 20-21, 2010 htttp://RochesterSecurity.org Rochester ISSA Chapter http://RochISSA.org Hacking Trends © 2005-2010 Durkee Consulting, Inc. 5
6.
On-Line Resources Dug Song’s
dsniff http://monkey.org/~dugsong/dsniff/ OWASP - Open Web Application Security Project http://www.owasp.org/ OWASP Testing SSL http://www.owasp.org/index.php/Testing_for_SSL- TLS_%28OWASP-CM-001%29 Hacking Trends © 2005-2010 Durkee Consulting, Inc. 6
7.
Thank You! Rochester ISSA
& OWASP Chapters Ralph Durkee Durkee Consulting, Inc. rd@rd1.net
Baixar agora