#Man in The Middle Attacks

Explore IMSI Catchers: cell phone communication interceptors. Learn about their history, uses, detection methods, and legal implications. Discover an open-source app for identifying these devices.

Add to list

17 Lesons

24 minutes

On-Demand

Free-Video

Hussein Nasser

How Public WIFI Can Be Sniffed

Explore public WiFi vulnerabilities, packet sniffing techniques, and man-in-the-middle attacks. Learn about IP addressing, NAT, and the OSI model to understand network security risks and protection methods.

Add to list

5 Lesons

23 minutes

On-Demand

Free-Video

Becoming Mallory - Network Attack Techniques

Explore techniques for intercepting and manipulating network traffic, gaining insights into man-in-the-middle attacks and network security vulnerabilities.

Add to list

1 Lesons

53 minutes

On-Demand

Free-Video

media.ccc.de

Read and Manipulate Network Traffic on Android with Mitmproxy

Explore mitmproxy for Android network traffic analysis. Learn setup, traffic inspection, manipulation techniques, and automation using Python for enhanced system understanding and debugging.

Add to list

1 Lesons

20 minutes

On-Demand

Free-Video

Secure Coding Lessons for Mobile Apps - Insights from the Trenches

Explore common mobile app coding pitfalls, their real-world impacts, and learn effective strategies to enhance security. Includes demonstrations of attacker techniques and protective code samples.

Add to list

9 Lesons

31 minutes

On-Demand

Free-Video

Everything You Need to Know About Certificate Pinning - AppSecEU 2016

Comprehensive guide to certificate pinning: implementation, benefits, and potential pitfalls. Essential knowledge for enhancing mobile app security and protecting against man-in-the-middle attacks.

Add to list

1 Lesons

41 minutes

On-Demand

Free-Video

Lessons from Trusting JavaScript Cryptography - Biting into the Forbidden Fruit

Exploring real-world JavaScript cryptography implementations, debunking myths, and providing an updated perspective on JS crypto security through vulnerability analysis and practical examples.

Add to list

1 Lesons

59 minutes

On-Demand

Free-Video

Mantra OS - Penetration Testing Tools and Methodologies

Explore Mantra OS's penetration testing tools for web application security, including DDoS, SQL injection, and man-in-the-middle attacks. Learn practical methodologies and controlled environment testing techniques.

Add to list

1 Lesons

23 minutes

On-Demand

Free-Video

DefCamp

MITM on PSTN - Novel Methods for Intercepting Phone Calls

Explore novel methods for intercepting phone calls on PSTN networks, presented by IT security expert Kirils Solovjovs at DefCamp 2023, a major cybersecurity conference in Central and Eastern Europe.

Add to list

1 Lesons

34 minutes

On-Demand

Free-Video

Satish C J

ARP Spoofing and Poisoning: Understanding Man-in-the-Middle Attacks - Demo

Explore ARP spoofing: its mechanics, targets, consequences, and prevention. Learn to safeguard your network against this malicious technique that disrupts communication and intercepts data.

Add to list

1 Lesons

32 minutes

On-Demand

Free-Video

Client-side Security with the Security Header Injection Module (SHIM)

Learn about client-side security headers and a new open-source tool for ASP.NET to mitigate vulnerabilities by setting security headers in web applications.

Add to list

1 Lesons

39 minutes

On-Demand

Free-Video

Exploiting Bluetooth Vulnerabilities: From Vehicle Systems to Bank Account Access

Discover how to identify and exploit Bluetooth vulnerabilities in modern vehicle systems using BlueToolkit, exploring real-world security implications and practical attack vectors in automotive and aviation contexts.

Add to list

1 Lesons

20 minutes

On-Demand

Free-Video

LASCON

A Visual Journey to Reverse-Engineering the Enigma Machine - Preventing MITM Attacks

Explore the Enigma Machine's history, mechanics, and modern relevance through visual simulation and hands-on reconstruction, delving into ancient ciphers and early encryption techniques.

Add to list

1 Lesons

48 minutes

On-Demand

Free-Video

BtleJuice: The Bluetooth Smart Man-in-the-Middle Framework

Explore BtleJuice, a framework for intercepting and manipulating Bluetooth Low Energy communications. Learn to perform man-in-the-middle attacks, assess device security, and discover vulnerabilities in smart objects.

Add to list

1 Lesons

43 minutes

On-Demand

Free-Video

NorthSec

Attacking Linux Moose Unraveled an Ego Market

Unraveling a large-scale botnet conducting social media fraud through honeypots and HTTPS man-in-the-middle attacks. Explores technical details, methodology, and market dynamics behind social media fraud.

Add to list

1 Lesons

42 minutes

On-Demand

Free-Video

nullcon

A Real Stealth & Semi Stealth MITM Attack

Explore advanced techniques for executing stealthy and semi-stealthy Man-in-the-Middle attacks, enhancing your understanding of network security vulnerabilities and defense strategies.

Add to list

1 Lesons

29 minutes

On-Demand

Free-Video

Ekoparty Security Conference

Finding and Exploiting Vulnerabilities in Mobile Point of Sales Systems

Exploración de vulnerabilidades en sistemas de pago móvil: demostraciones en vivo de ataques MitM, modificación de valores y explotación de firmware en dispositivos mPOS de principales proveedores.

Add to list

1 Lesons

46 minutes

On-Demand

Free-Video

Ekoparty Security Conference

CIRCO v2 - Cisco Implant Raspberry Controlled Operations

Emulación de dispositivos Cisco con Raspberry Pi para capturar credenciales y exfiltrar datos, evadiendo sistemas de seguridad. Incluye demostración en vivo de implantación en red.

Add to list

1 Lesons

48 minutes

On-Demand

Free-Video

44CON Information Security Conference

MITMf - Bringing Man In The Middle Attacks to the 21st Century

Explore modern Man-In-The-Middle attack techniques with MITMf, a Python framework combining new and old methods for efficient, extendable, and reliable network security testing.

Add to list

24 Lesons

58 minutes

On-Demand

Free-Video

44CON Information Security Conference

For the Love of Money - Finding and Exploiting Vulnerabilities in Mobile Point of Sales Systems

Explore vulnerabilities in mobile point-of-sale systems, including MitM attacks, arbitrary code injection, and firmware exploitation. Learn to identify weaknesses and conduct security assessments in payment technologies.

Add to list

48 Lesons

42 minutes

On-Demand

Free-Video

IPC - The Broken Dream of Inherent Security

Explore vulnerabilities in inter-process communication (IPC) systems, including network sockets, Windows named pipes, and USB devices. Learn about potential attacks and mitigation strategies.

Add to list

24 Lesons

33 minutes

On-Demand

Free-Video

BSidesLV

Disabling Encryption to Access Confidential Data

Explore techniques for disabling encryption to access confidential data, including man-in-the-middle attacks, AWS vulnerabilities, and TLS exploits. Learn practical methods and necessary tools for intercepting encrypted communications.

Add to list

19 Lesons

24 minutes

On-Demand

Free-Video

Windows Phone App Security for Builders and Breakers

Explore Windows Phone app security for developers and testers, covering encryption, secure data handling, and protection against common vulnerabilities and attacks.

Add to list

23 Lesons

44 minutes

On-Demand

Free-Video

Mantra OS - Because the World is Cruel

Explore Mantra OS's penetration testing tools for web application security, including DDoS, SQL injection, and man-in-the-middle attacks. Learn practical methodologies and risk mitigation strategies.

Add to list

9 Lesons

17 minutes

On-Demand

Free-Video

WiFi Exploitation - How Passive Interception Leads to Active Exploitation

Explore WiFi exploitation techniques, from passive interception to active attacks. Learn about device profiling, rogue access points, and MitM attacks. Includes demonstration of a new sensor framework for visualizing 802.11 data.

Add to list

16 Lesons

53 minutes

On-Demand

Free-Video

WEareTROOPERS

SAP BusinessObjects Attacks

Explore SAP BusinessObjects vulnerabilities, architecture, and attack vectors. Learn about security recommendations and potential issues through demonstrations and in-depth analysis.

Add to list

32 Lesons

50 minutes

On-Demand

Free-Video

WEareTROOPERS

Patch Me If You Can

Learn about man-in-the-middle attacks, software package integrity, and TLS handshakes. Explore proof of concept, security issues, and practical demonstrations.

Add to list

12 Lesons

58 minutes

On-Demand

Free-Video

BruCON Security Conference

Biting into the Forbidden Fruit

Exploring JavaScript cryptography's vulnerabilities, debunking myths, and analyzing real-world implementations to provide an updated perspective on its security challenges and potential solutions.

Add to list

22 Lesons

1 hour 1 minute

On-Demand

Free-Video

BruCON Security Conference

Uncovering SAP Vulnerabilities - Dissecting and Breaking the Diag Protocol

Dissecting SAP Diag protocol to uncover vulnerabilities, explore attack vectors, and enhance security in SAP Netweaver systems through novel tools and techniques for protocol analysis and exploitation.

Add to list

19 Lesons

46 minutes

On-Demand

Free-Video

Ekoparty Security Conference

Security Vulnerabilities in DVB-C Networks - Rahul Sasi - Ekoparty Security Conference - 2014

Explore security vulnerabilities in DVB-C networks, including middleware server attacks, protocol bugs, and MPEG stream fuzzing. Learn to hijack TV streams and manipulate cable broadcasting systems.

Add to list

21 Lesons

54 minutes

On-Demand

Free-Video

See Like a Bat - Using Echo-Analysis to Detect Man-in-the-Middle Attacks in LANs

Explore Vesper, a novel MitM detector for LANs using echo-analysis. Learn about its application, effectiveness against various attacks, and practical deployment strategies.

Add to list

18 Lesons

21 minutes

On-Demand

Free-Video

New Vulnerabilities in 5G Networks

Explore new vulnerabilities in 5G networks, focusing on operator infrastructure and end-device security. Learn about MC Catcher capabilities, mobile network mapping, and potential risks for cellular and IoT devices.

Add to list

27 Lesons

44 minutes

On-Demand

Free-Video

CQTools - The New Ultimate Hacking Toolkit

Explore top 39 hacking tools in CQTools, including 5 new ones for privilege elevation and network attacks. Learn techniques for hash extraction, impersonation, and decryption.

Add to list

22 Lesons

1 hour 2 minutes

On-Demand

Free-Video

VLAN Hopping, ARP Poisoning, and Man In The Middle Attacks in Virtualized Environments

Explore VLAN hopping, ARP poisoning, and man-in-the-middle attacks in virtual environments. Learn about test scenarios, hardware specs, and mitigation techniques for network security professionals.

Add to list

21 Lesons

51 minutes

On-Demand

Free-Video

Hack In The Box Security Conference

Exploiting Windows Automatic Wireless Association

Exploiting Windows automatic wireless association with "Lure10" technique. Demonstrates man-in-the-middle attack using Wifiphisher tool. Discusses WiFi security, countermeasures, and protection strategies across operating systems.

Add to list

18 Lesons

32 minutes

On-Demand

Free-Video

Hack In The Box Security Conference

4G LTE Man in the Middle Attacks With a Hacked Femtocell

Explore 4G LTE vulnerabilities through femtocell hacking, including rooting techniques, portability modifications, and man-in-the-middle attacks. Learn to exploit small cell access networks for security research.

Add to list

31 Lesons

58 minutes

On-Demand

Free-Video

Disappeared Coins - Steal Hashrate in Stratum Secretly

Unveils two novel man-in-the-middle attack schemes on Stratum, the main communication protocol for cryptocurrency mining pools, potentially compromising miners' computing power.

Add to list

6 Lesons

27 minutes

On-Demand

Free-Video

SSL Validation Checking vs. Going to Fail

Explore SSL certificate validation vulnerabilities in mobile apps using SVF tool. Learn about testing methods, real-world results, and implications for app security.

Add to list

1 Lesons

26 minutes

On-Demand

Free-Video

Breaking FIDO - Are Exploits in There?

Explore FIDO authentication's vulnerabilities, potential exploits, and protective measures for enterprises in this comprehensive analysis of the protocol's security landscape.

Add to list

8 Lesons

38 minutes

On-Demand

Free-Video

CANSPY - A Platform for Auditing CAN Devices

Explore CANSPY, a platform for auditing CAN devices in vehicles. Learn to intercept, modify, and analyze CAN frames for security testing of automotive systems and connected devices.

Add to list

10 Lesons

42 minutes

On-Demand

Free-Video

Discovering and Exploiting Novel Security Vulnerabilities in Apple ZeroConf

Uncovers critical security flaws in Apple's ZeroConf frameworks, demonstrating vulnerabilities in Multipeer Connectivity, Bonjour, and services like AirDrop, allowing impersonation and man-in-the-middle attacks.

Add to list

1 Lesons

42 minutes

On-Demand

Free-Video

BSidesLV

Underground Wi-Fi Hacking for Web Pentesters

Explore underground Wi-Fi hacking techniques for web penetration testing, covering hijacking, evil twin attacks, client vulnerabilities, and man-in-the-middle exploits using tools like Pineapple and Kali Linux.

Add to list

8 Lesons

36 minutes

On-Demand

Free-Video

IEEE

Man-in-the-Middle Attacks without Rogue AP - When WPAs Meet ICMP Redirects

Explore a novel Man-in-the-Middle attack technique combining Wi-Fi Protected Access and ICMP redirects, revealing vulnerabilities in network security without using rogue access points.

Add to list

1 Lesons

15 minutes

On-Demand

Free-Video

EtherOops - Exploring Practical Methods to Exploit Ethernet Packet-in-Packet Attacks

Explore practical methods to exploit Ethernet packet-in-packet attacks, bypassing firewalls and NAT solutions. Learn how attackers can establish man-in-the-middle positions to eavesdrop on corporate communications.

Add to list

1 Lesons

43 minutes

On-Demand

Free-Video

IEEE

Zeroconf Protocols and Their Numerous Man in the Middle Attacks

Explore vulnerabilities in Zeroconf protocols, focusing on man-in-the-middle attacks. Learn about potential security risks and implications for network configurations.

Add to list

1 Lesons

15 minutes

On-Demand

Free-Video

Owning Bad Guys and Mafia with Javascript Botnets

Explore mitm attacks on anonymous services and learn to create JavaScript botnets for analyzing connections, uncovering activities of malicious actors behind these services.

Add to list

15 Lesons

37 minutes

On-Demand

Free-Video

Man in the Middle Attacks

Explore advanced techniques for intercepting and manipulating network communications, focusing on Man-in-the-Middle attacks and their implications for cybersecurity.

Add to list

1 Lesons

1 hour 7 minutes

On-Demand

Free-Video

Security BSides San Francisco

Stick a Pin in Certificate Pinning - How to Inspect Mobile Traffic and Stop Data Exfiltration

Learn how certificate pinning in mobile apps can bypass security controls and explore solutions for inspecting encrypted traffic to prevent data exfiltration and attacks.

Add to list

1 Lesons

59 minutes

On-Demand

Free-Video

Automating MiTM for Winning

Explore automated Man-in-the-Middle attack techniques for network security testing, focusing on efficient methods to intercept and analyze network traffic.

Add to list

1 Lesons

1 hour 6 minutes

On-Demand

Free-Video

Information Gathering and Social Media Attacks to Gain Access

Explore social engineering tactics, evil twin attacks, and information gathering techniques using LinkedIn and other social media platforms for cybersecurity purposes.

Add to list

24 Lesons

35 minutes

On-Demand

Free-Video

Snarf Capitalizing on Man in the Middle

Explore techniques for exploiting Man-in-the-Middle vulnerabilities, focusing on network security and potential attack vectors.

Add to list

1 Lesons

24 minutes

On-Demand

Free-Video

You Have Updates - A Look at an Old Tool Making a Comeback - Evilgrade

Explore Evilgrade, a resurgent tool for exploiting software update processes, and learn about its attack structure, technical factors, and potential applications.

Add to list

9 Lesons

23 minutes

On-Demand

Free-Video

TheIACR

Protecting TLS from Legacy Crypto

Explore TLS vulnerabilities, attacks on legacy crypto, and downgrade protection strategies. Learn about protocol agility, SIGMA, Logjam, SLOTH, and TLS 1.3's improved security features.

Add to list

32 Lesons

1 hour 1 minute

On-Demand

Free-Video

TheIACR

Out of Band Authentication in Group Messaging - Computational, Statistical, Optimal

Explore secure group messaging protocols, focusing on out-of-band authentication methods to prevent man-in-the-middle attacks and enhance end-to-end encryption in multi-user settings.

Add to list

15 Lesons

22 minutes

On-Demand

Free-Video

WeAreDevelopers

Trusting SDKs

Explore the risks of including SDKs in applications, with real-world examples of injecting malicious code into 3rd party iOS SDKs using man-in-the-middle attacks.

Add to list

18 Lesons

43 minutes

On-Demand

Free-Video

linux.conf.au

Playable Ads - What REALLY Are They?

Explore the world of playable ads: their nature, functionality, potential for hijacking or bypassing, and hidden purposes. Uncover the truth through reverse engineering and man-in-the-middle techniques.

Add to list

1 Lesons

46 minutes

On-Demand

Free-Video

NDC Conferences

Making Hacking Childs Play

Explore common online attacks executed by kids using simple tools, and learn essential strategies to secure your applications against various threat actors.

Add to list

18 Lesons

59 minutes

On-Demand

Free-Video

From Theory to Reality: Demonstrating SPARTA Techniques Through Ground Infrastructure Attacks

Discover how to exploit space mission vulnerabilities through ground infrastructure attacks, focusing on SPARTA techniques and man-in-the-middle exploits for spacecraft communications.

Add to list

17 Lesons

25 minutes

On-Demand

Free-Video

Hack In The Box Security Conference

How a Combination of Bugs in KakaoTalk Compromises User Privacy

Uncover critical security vulnerabilities in KakaoTalk messaging app, from account takeover exploits to encryption weaknesses, with practical demonstrations and analysis of protocol flaws.

Add to list

1 Lesons

37 minutes

On-Demand

Free-Video

Breaking into Secure Facilities with OSDP - Vulnerabilities and Exploitation Techniques

Uncover critical vulnerabilities in OSDP security protocols and learn practical exploitation techniques for bypassing encrypted RFID systems through demonstrated pentesting tools and methodologies.

Add to list

1 Lesons

43 minutes

On-Demand

Free-Video

Automatic Exploitation of TLS Certificate Validation Vulnerabilities

Explore TLS certificate validation vulnerabilities and their automated exploitation using certmitm, featuring real-world attacks on iOS and Windows 11 systems.

Add to list

1 Lesons

50 minutes

On-Demand

Free-Video

Exploiting Bluetooth Vulnerabilities: From Car Systems to Bank Account Security

Discover how to identify and exploit Bluetooth vulnerabilities in modern vehicles and flight systems, using BlueToolkit framework for testing, with practical tips and new attack vectors for security research.

Add to list

1 Lesons

48 minutes

On-Demand

Free-Video

QuickShell: Remote Code Execution Attack Chain Analysis in Quick Share

Uncover critical security vulnerabilities in Google's Quick Share protocol, including an RCE attack chain, HTTPS MITM techniques, and protocol analysis for both Windows and Android platforms.

Add to list

1 Lesons

45 minutes

On-Demand

Free-Video

WPAD Domain Exploitation: Understanding Man-in-the-Middle Attacks Through DNS

Uncover how a single domain purchase can exploit WPAD vulnerabilities, leading to massive-scale man-in-the-middle attacks and compromising hundreds of thousands of internet clients through DNS manipulation.

Add to list

1 Lesons

39 minutes

On-Demand

Free-Video

Protecting Against AitM Phishing at Scale - From Zero to Millions

Dive into advanced strategies for large-scale protection against Adversary-in-the-Middle phishing attacks, exploring implementation techniques and defensive measures for organizational security.

Add to list

1 Lesons

33 minutes

On-Demand

Free-Video

RSA Conference

Bypassing Modern Authentication Methods for SSO - A Beginner's Guide

Explore passwordless authentication weaknesses, WebAuthn fundamentals, and attack tactics to bypass authentication. Learn credential theft from federation providers and get mitigation suggestions.

Add to list

1 Lesons

41 minutes

On-Demand

Free-Video

Okta

7 Common Cyber Attacks and How to Prevent Them

Explore seven major cyber attack methods and learn effective defense strategies for authentication systems, from credential stuffing to injection attacks and real-world prevention techniques.

Add to list

9 Lesons

11 minutes

On-Demand

Free-Video

USENIX

Racing for TLS Certificate Validation: A Hijacker's Guide to the Android TLS Galaxy