The document appears to be a presentation on man-in-the-middle attacks. It discusses various techniques for performing man-in-the-middle attacks including ARP spoofing, DHCP spoofing, ICMP redirect, SSL stripping, self-signed certificate attacks, and browser exploitation using tools like BeEF and Metasploit. It also covers passive sniffing, automated analysis of captured traffic, password capturing, and injecting content into users' browsers using plugins for tools like Burp Suite and The Middler. The presentation provides demonstrations of these attacks and encourages questions from the audience.
2. $ whois jselvi
Jose Selvi
10 years working in Security
Senior Penetration Tester at
SANS Institute Community Instructor
GIAC Security Expert (GSE)
Twitter: @JoseSelvi
Blog: http://www.pentester.es
24. SSL Vulnerabilities
BEAST / CRIME
By Juliano Rizzo, Thai Duong
BREACH
By Angel Prado, Neal Harris, Yoel Gluck
Based on compression characteristics before
encryption.
Chosen plaintext attack
It can decrypt secrets (cookie, csrf-token, etc).
25. Let’s Go!
Man-in-the-Middle 101
The Passive approach
Downgrade Attacks
SSL Bypass
On-the-fly content injection
Cheating up users
Browser exploitation