Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Mikhail Elizarov - MITM

Avatar for DC7499 DC7499
July 03, 2015
Research
0
88

Mikhail Elizarov - MITM

DEFCON Moscow 9

Avatar for DC7499

DC7499

July 03, 2015
Tweet

More Decks by DC7499

See All by DC7499
Sergey Sobko - Hackashop: Hackathon + Pentest + Workshop [RU]
Avatar for DC7499 defcon
0
540
Dmitry Sklyarov - Intel ME: Security keys Genealogy, Obfuscation and other Magic
Avatar for DC7499 defcon
0
270
Anton Lopanitsyn - Initial reconnaissance of web applications.
Avatar for DC7499 defcon
0
290
Dmitry Volkov - Private messengers: without pain??
Avatar for DC7499 defcon
1
230
Andrey Skuratov and Sergey Migalin - DNS tunneling in 2018. What is that, and what to do with it?
Avatar for DC7499 defcon
2
210
Sergey Belov - Another side of Bug Bounty programs
Avatar for DC7499 defcon
0
300
Dmitry Sklyarov - Intel ME: Flash file system explained
Avatar for DC7499 defcon
0
520
Maxim Goryachiy & Mark Ermolov - Inside Intel Management Engine
Avatar for DC7499 defcon
0
600
Sergey Golovanov - Indecent Response 2018
Avatar for DC7499 defcon
0
520

Other Decks in Research

See All in Research
[輪講] SigLIP 2: Multilingual Vision-Language Encoders with Improved Semantic Understanding, Localization, and Dense Features
Avatar for Naoki Kato nk35jk
2
880
CSP: Self-Supervised Contrastive Spatial Pre-Training for Geospatial-Visual Representations
Avatar for SatAI.challenge satai
3
250
cvpaper.challenge 10年の軌跡 / cvpaper.challenge a decade-long journey
Avatar for gatheluck gatheluck
3
300
最適決定木を用いた処方的価格最適化
Avatar for MIKIO KUBO mickey_kubo
4
1.8k
AIによる画像認識技術の進化 -25年の技術変遷を振り返る-
Avatar for Hironobu Fujiyoshi hf149
7
3.9k
Adaptive Experimental Design for Efficient Average Treatment Effect Estimation and Treatment Choice
Avatar for MasaKat0 masakat0
0
160
能動適応的実験計画
Avatar for MasaKat0 masakat0
2
790
SSII2025 [SS1] レンズレスカメラ
Avatar for 画像センシングシンポジウム ssii
PRO
2
1k
IMC の細かすぎる話 2025
Avatar for @smly smly
2
590
在庫管理のための機械学習と最適化の融合
Avatar for MIKIO KUBO mickey_kubo
3
1.1k
データxデジタルマップで拓く
ミラノ発・地域共創最前線
Avatar for mapconcierge mapconcierge4agu
0
210
VectorLLM: Human-like Extraction of Structured Building Contours via Multimodal LLMs
Avatar for SatAI.challenge satai
4
130

Featured

See All Featured
VelocityConf: Rendering Performance Case Studies
Avatar for Addy Osmani addyosmani
332
24k
Learning to Love Humans: Emotional Interface Design
Avatar for Aarron Walter aarron
273
40k
The World Runs on Bad Software
Avatar for Brandon Keepers bkeepers
PRO
70
11k
Intergalactic Javascript Robots from Outer Space
Avatar for Vicent Martí tanoku
272
27k
Rails Girls Zürich Keynote
Avatar for Gregor Martynus gr2m
95
14k
CSS Pre-Processors: Stylus, Less & Sass
Avatar for Bermon Painter bermonpainter
358
30k
Become a Pro
Avatar for Speaker Deck speakerdeck
PRO
29
5.5k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
Avatar for Eileen M. Uchitelle eileencodes
26
3k
Reflections from 52 weeks, 52 projects
Avatar for Jefferson Lam jeffersonlam
351
21k
Designing for humans not robots
Avatar for Tammie Lister tammielis
253
25k
Testing 201, or: Great Expectations
Avatar for Joseph Mastey jmmastey
45
7.6k
Side Projects
Avatar for Sacha Greif sachag
455
43k

Transcript

  1. @_Saplt

  2. MitM

  3. • Введение (история появления атаки) • Цель проведения атаки Человек

    по середине • Виды атак (пассивны/активный) • Инструменты • Полученные результаты
  4. None
  5. None

  6. PWN ‘em all

  7. Пассивный сбор данных

  8. None

  9. Активный перехват

  10. • ARP spoofing (полудуплекс) • ARP poisoning (полный дуплекс) •

    ICMP перенаправление • IP spoofing • DHCP spoofing,поддельный IPv6 DHCP • WPAD MitM, MDNS, LLMNR (APIPA) • BPDU(STP) Spoofing • DNS spoofing • Evil WiFi AP (Зараженные точки доступа WiFI)

  11. ARP таблица

  12. ARP spoofing

  13. ARP poisoning

  14. ICMP перенаправление

  15. IP spoofing

  16. поддельный IPv6 DHCP работает в сетях с IPv6

  17. Атака на WPAD MitM, MDNS, LLMNR (APIPA)

  18. BPDU(STP) Spoofing работает в сетях с IPv6

  19. BPDU(STP) Spoofing конечный результат

  20. DNS spoofing

  21. Поддельная WiFi сеть