Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Mikhail Elizarov - MITM
Search
DC7499
July 03, 2015
Research
0
88
Mikhail Elizarov - MITM
DEFCON Moscow 9
DC7499
July 03, 2015
Tweet
Share
More Decks by DC7499
See All by DC7499
Sergey Sobko - Hackashop: Hackathon + Pentest + Workshop [RU]
defcon
0
530
Dmitry Sklyarov - Intel ME: Security keys Genealogy, Obfuscation and other Magic
defcon
0
260
Anton Lopanitsyn - Initial reconnaissance of web applications.
defcon
0
290
Dmitry Volkov - Private messengers: without pain??
defcon
1
230
Andrey Skuratov and Sergey Migalin - DNS tunneling in 2018. What is that, and what to do with it?
defcon
2
210
Sergey Belov - Another side of Bug Bounty programs
defcon
0
300
Dmitry Sklyarov - Intel ME: Flash file system explained
defcon
0
510
Maxim Goryachiy & Mark Ermolov - Inside Intel Management Engine
defcon
0
580
Sergey Golovanov - Indecent Response 2018
defcon
0
510
Other Decks in Research
See All in Research
SSII2025 [SS1] レンズレスカメラ
ssii
PRO
2
950
Type Theory as a Formal Basis of Natural Language Semantics
daikimatsuoka
1
220
Weekly AI Agents News!
masatoto
33
68k
CSP: Self-Supervised Contrastive Spatial Pre-Training for Geospatial-Visual Representations
satai
3
210
When Submarine Cables Go Dark: Examining the Web Services Resilience Amid Global Internet Disruptions
irvin
0
200
SSII2025 [TS2] リモートセンシング画像処理の最前線
ssii
PRO
7
2.8k
クラウドのテレメトリーシステム研究動向2025年
yuukit
3
950
定性データ、どう活かす? 〜定性データのための分析基盤、はじめました〜 / How to utilize qualitative data? ~We have launched an analysis platform for qualitative data~
kaminashi
6
1k
業界横断 副業・兼業者の実態調査
fkske
0
160
ストレス計測方法の確立に向けたマルチモーダルデータの活用
yurikomium
0
580
SSII2025 [TS3] 医工連携における画像情報学研究
ssii
PRO
2
1.1k
Google Agent Development Kit (ADK) 入門 🚀
mickey_kubo
2
1k
Featured
See All Featured
jQuery: Nuts, Bolts and Bling
dougneiner
63
7.8k
Making the Leap to Tech Lead
cromwellryan
134
9.3k
The Pragmatic Product Professional
lauravandoore
35
6.7k
Designing for humans not robots
tammielis
253
25k
RailsConf 2023
tenderlove
30
1.1k
How STYLIGHT went responsive
nonsquared
100
5.6k
Producing Creativity
orderedlist
PRO
346
40k
The Power of CSS Pseudo Elements
geoffreycrofte
77
5.8k
GraphQLとの向き合い方2022年版
quramy
48
14k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
657
60k
StorybookのUI Testing Handbookを読んだ
zakiyama
30
5.8k
Designing Experiences People Love
moore
142
24k
Transcript
@_Saplt
MitM
• Введение (история появления атаки) • Цель проведения атаки Человек
по середине • Виды атак (пассивны/активный) • Инструменты • Полученные результаты
None
None
PWN ‘em all
Пассивный сбор данных
None
Активный перехват
• ARP spoofing (полудуплекс) • ARP poisoning (полный дуплекс) •
ICMP перенаправление • IP spoofing • DHCP spoofing,поддельный IPv6 DHCP • WPAD MitM, MDNS, LLMNR (APIPA) • BPDU(STP) Spoofing • DNS spoofing • Evil WiFi AP (Зараженные точки доступа WiFI)
ARP таблица
ARP spoofing
ARP poisoning
ICMP перенаправление
IP spoofing
поддельный IPv6 DHCP работает в сетях с IPv6
Атака на WPAD MitM, MDNS, LLMNR (APIPA)
BPDU(STP) Spoofing работает в сетях с IPv6
BPDU(STP) Spoofing конечный результат
DNS spoofing
Поддельная WiFi сеть