Course Syllabus:
What's a MITM attack?
- MITM classifications
- Common MITM scenarios review
- Exercise: ICMP Redirect attack to hijack internet
TCP/IP
- TCP/IP Model review
- TCP protocol review
- UDP protocol review
- IPv6
- Lab: IPv6 MITM
MITM with routing protocols
- RIP
- OSPF
- BGP
- Coding: Scapy + Python
- Lab: Stealing with RIP
- Lab: Stealing with BGP
Man on the Side (MOTS)
- Scenarios
- Router hacking
- 1-way MITM
- TCP/UDP hijacking
- Coding: Impacket + Python
- Lab: TCP hijacking
- Lab: Redirect through GRE tunnels/VPN
Exploiting MITM
- Application level vulnerabilities
- Tools
- Unencrypted protocols
- Encrypted protocols
- Lab: Ocean's 11
- Lab: PPP weak Authentication protos
- Lab: Pass the hash
- Lab: SSHv2 downgrade
- Lab: 1-way FTP exploitation
Advanced HTTP MITM
- Tools
- SSL Attacks
- Advanced SSLStriping (SSLStrip2 & Delorean)
- Abusing Mixed-Content in HTTPS
- Coding: Twisted + Python
- Lab: Browser information gathering
- Lab: Advanced SSLStripping
- Lab: Advanced Client-Side attacks with Metasploit
Infecting files on-the-fly
- Public tools review
- Private tools review
- Normal drawbacks
- Infecting PE files review
- Advanced infections on-the-fly
- Infecting other files type
- Lab: Infecting files on-the-fly
- Lab: Evilgrade attacks
'Rogue' attacks
- Rogue AP
- Rogue BTS
- Rogue TOR node
- Rogue DNS server
- Rogue SMB server
- Bad USB
- Lab: MITM in 802.1X and EAP (wifi)
- Lab: Troyanize (fake configuration) a real DNS server (bind)
- Demo: MITM mobile voice calls / data
Hackers, network administrators, security engineers, law and enforcement agencies and companies which develops hacking and/or defensive tools.
Any OS with VMWare, capable to move two vms and can put a network interface on bridge mode.
