SlideShare a Scribd company logo

Attacking VPN's

Download as PPTX, PDF
n|u - The Open Security Community
n|u - The Open Security Community

This document provides an overview of VPN penetration testing. It begins with an introduction of the presenter and agenda. It then defines what a VPN is and why they are used. The main types of VPN protocols covered are PPTP, IPSec, SSL, and hybrid VPNs. Details are given about each protocol type. The document also discusses VPN traffic, applications, and potential issues like weak encryption, brute force attacks, lack of data integrity checks, and port failures leading to data leaks. Contact information is provided at the end.

Internet
1 of 15
VPN penetration testing By Abdul Adil
Who am i? • Web application & Network pentester • Malware reverse engineering • Regular to Null Hyderabad chapter • Email: Abdul.Adil@connectica.in • Website: Connectica.in • Twitter:@AbdulAdil02
Agenda • What & Why VPN? • Types of VPN • VPN Internals • VPN issues • Demo • Questionnaire?
What & Why VPN? • VPN stands for “Virtual private network”. • It extends a private network across a public network (internet). • It establishes a virtual point-to-point connection. • Connection is encrypted!.
Scenario of VPN usage
Type of VPN protocol • PPTP • IPSec • SSL VPN • Hybrid VPN
Types of VPN protocol • PPTP(Point to point tunneling protocol): This is the most common and widely used VPN protocol. They enable authorized remote users to connect to the VPN network using their existing Internet connection and then log on to the VPN using password authentication. • IPSec: Trusted protocol which sets up a tunnel from the remote site into your central site. As the name suggests, it’s designed for IP traffic. IPSec requires expensive, time consuming client installations and this can be considered an important disadvantage.
VPN protocol & types •SSL VPN:SSL or Secure Socket Layer is a VPN accessible via https over web browser. SSL creates a secure session from your PC browser to the application server you’re accessing. The major advantage of SSL is that it doesn’t need any software installed because it uses the web browser as the client application. •Hybrid VPN: It combines the features of SSL and IPSec & also other types of VPN types. Hybrid VPN servers are able to accept connections from multiple types of VPN clients. They offer higher flexibility at both client and server levels and bound to be expensive.
VPN Internals
VPN Traffic
VPN appliance and applications VPN Appliance VPN application
VPN issues • Some of the protocols provide weak encryptions. • Vulnerable to brute force attacks as there is only one DES 56bit key to crack. • RC4 cipher which is used for encryption does not doesn’t helps us with the integrity of the data. • If not configure properly it can lead to leakage of data over network(Port fail vulnerability).
Twitter:@AbdulAdil02 Email:Abdul.Adil@connectica.in
Thanks to Null Hyderabad.

Recommended

Linux routing and firewall for beginners
Linux routing and firewall for beginnersLinux routing and firewall for beginners
Linux routing and firewall for beginnersn|u - The Open Security Community
 
CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)Sam Bowne
 
Security for Complex Networks on AWS
Security for Complex Networks on AWSSecurity for Complex Networks on AWS
Security for Complex Networks on AWSTeri Radichel
 
Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Cloudflare
 
All Your Containers Are Belong To Us
All Your Containers Are Belong To UsAll Your Containers Are Belong To Us
All Your Containers Are Belong To UsLacework
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real worldMadhu Akula
 
Lacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework
 
Zerotrusting serverless applications protecting microservices using secure d...
Zerotrusting serverless applications protecting microservices using secure d...Zerotrusting serverless applications protecting microservices using secure d...
Zerotrusting serverless applications protecting microservices using secure d...Trupti Shiralkar, CISSP
 

Recommended

Linux routing and firewall for beginners
Linux routing and firewall for beginnersLinux routing and firewall for beginners
Linux routing and firewall for beginnersn|u - The Open Security Community
 
CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)Sam Bowne
 
Security for Complex Networks on AWS
Security for Complex Networks on AWSSecurity for Complex Networks on AWS
Security for Complex Networks on AWSTeri Radichel
 
Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Cloudflare
 
All Your Containers Are Belong To Us
All Your Containers Are Belong To UsAll Your Containers Are Belong To Us
All Your Containers Are Belong To UsLacework
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real worldMadhu Akula
 
Lacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework
 
Zerotrusting serverless applications protecting microservices using secure d...
Zerotrusting serverless applications protecting microservices using secure d...Zerotrusting serverless applications protecting microservices using secure d...
Zerotrusting serverless applications protecting microservices using secure d...Trupti Shiralkar, CISSP
 
Common crypto attacks and secure implementations
Common crypto attacks and secure implementationsCommon crypto attacks and secure implementations
Common crypto attacks and secure implementationsTrupti Shiralkar, CISSP
 
Crypto Miners in the Cloud
Crypto Miners in the CloudCrypto Miners in the Cloud
Crypto Miners in the CloudTeri Radichel
 
Botconf ppt
Botconf pptBotconf ppt
Botconf pptCloudflare
 
Automated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSAutomated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSTeri Radichel
 
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...Lacework
 
Network Security in 2016
Network Security in 2016Network Security in 2016
Network Security in 2016Qrator Labs
 
Securing the cloud
Securing the cloudSecuring the cloud
Securing the cloudZIONSECURITY
 
Latest Trends in Web Application Security
Latest Trends in Web Application SecurityLatest Trends in Web Application Security
Latest Trends in Web Application SecurityCloudflare
 
Packet Capture on AWS
Packet Capture on AWSPacket Capture on AWS
Packet Capture on AWSTeri Radichel
 
Lateral Movement with PowerShell
Lateral Movement with PowerShellLateral Movement with PowerShell
Lateral Movement with PowerShellkieranjacobsen
 
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security postureUsing Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security postureJose Hernandez
 
What You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS AttackWhat You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS AttackCloudflare
 
Dark Insight: the Basic of Security - Alexander Obozinskiy
Dark Insight: the Basic of Security - Alexander ObozinskiyDark Insight: the Basic of Security - Alexander Obozinskiy
Dark Insight: the Basic of Security - Alexander ObozinskiyRuby Meditation
 
Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework
 
Demystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source OptionsDemystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source OptionsMichele Chubirka
 
Heartbleed && Wireless
Heartbleed && WirelessHeartbleed && Wireless
Heartbleed && WirelessLuis Grangeia
 
Overview of SSL: choose the option that's right for you
Overview of SSL: choose the option that's right for youOverview of SSL: choose the option that's right for you
Overview of SSL: choose the option that's right for youCloudflare
 
Securing Serverless - By Breaking In
Securing Serverless - By Breaking InSecuring Serverless - By Breaking In
Securing Serverless - By Breaking InGuy Podjarny
 
Serverless Security: What's Left To Protect
Serverless Security: What's Left To ProtectServerless Security: What's Left To Protect
Serverless Security: What's Left To ProtectGuy Podjarny
 
Recipe for good secrets management
Recipe for good secrets managementRecipe for good secrets management
Recipe for good secrets managementKevin Gilpin
 
Identifying XSS Vulnerabilities
Identifying XSS VulnerabilitiesIdentifying XSS Vulnerabilities
Identifying XSS Vulnerabilitiesn|u - The Open Security Community
 
Newbytes NullHyd
Newbytes NullHydNewbytes NullHyd
Newbytes NullHydn|u - The Open Security Community
 

More Related Content

What's hot

Common crypto attacks and secure implementations
Common crypto attacks and secure implementationsCommon crypto attacks and secure implementations
Common crypto attacks and secure implementationsTrupti Shiralkar, CISSP
 
Crypto Miners in the Cloud
Crypto Miners in the CloudCrypto Miners in the Cloud
Crypto Miners in the CloudTeri Radichel
 
Automated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSAutomated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSTeri Radichel
 
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...Lacework
 
Network Security in 2016
Network Security in 2016Network Security in 2016
Network Security in 2016Qrator Labs
 
Securing the cloud
Securing the cloudSecuring the cloud
Securing the cloudZIONSECURITY
 
Latest Trends in Web Application Security
Latest Trends in Web Application SecurityLatest Trends in Web Application Security
Latest Trends in Web Application SecurityCloudflare
 
Packet Capture on AWS
Packet Capture on AWSPacket Capture on AWS
Packet Capture on AWSTeri Radichel
 
Lateral Movement with PowerShell
Lateral Movement with PowerShellLateral Movement with PowerShell
Lateral Movement with PowerShellkieranjacobsen
 
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security postureUsing Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security postureJose Hernandez
 
What You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS AttackWhat You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS AttackCloudflare
 
Dark Insight: the Basic of Security - Alexander Obozinskiy
Dark Insight: the Basic of Security - Alexander ObozinskiyDark Insight: the Basic of Security - Alexander Obozinskiy
Dark Insight: the Basic of Security - Alexander ObozinskiyRuby Meditation
 
Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework
 
Demystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source OptionsDemystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source OptionsMichele Chubirka
 
Heartbleed && Wireless
Heartbleed && WirelessHeartbleed && Wireless
Heartbleed && WirelessLuis Grangeia
 
Overview of SSL: choose the option that's right for you
Overview of SSL: choose the option that's right for youOverview of SSL: choose the option that's right for you
Overview of SSL: choose the option that's right for youCloudflare
 
Securing Serverless - By Breaking In
Securing Serverless - By Breaking InSecuring Serverless - By Breaking In
Securing Serverless - By Breaking InGuy Podjarny
 
Serverless Security: What's Left To Protect
Serverless Security: What's Left To ProtectServerless Security: What's Left To Protect
Serverless Security: What's Left To ProtectGuy Podjarny
 
Recipe for good secrets management
Recipe for good secrets managementRecipe for good secrets management
Recipe for good secrets managementKevin Gilpin
 

What's hot (20)

Common crypto attacks and secure implementations
Common crypto attacks and secure implementationsCommon crypto attacks and secure implementations
Common crypto attacks and secure implementations
 
Crypto Miners in the Cloud
Crypto Miners in the CloudCrypto Miners in the Cloud
Crypto Miners in the Cloud
 
Botconf ppt
Botconf pptBotconf ppt
Botconf ppt
 
Automated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSAutomated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWS
 
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
 
Network Security in 2016
Network Security in 2016Network Security in 2016
Network Security in 2016
 
Securing the cloud
Securing the cloudSecuring the cloud
Securing the cloud
 
Latest Trends in Web Application Security
Latest Trends in Web Application SecurityLatest Trends in Web Application Security
Latest Trends in Web Application Security
 
Packet Capture on AWS
Packet Capture on AWSPacket Capture on AWS
Packet Capture on AWS
 
Lateral Movement with PowerShell
Lateral Movement with PowerShellLateral Movement with PowerShell
Lateral Movement with PowerShell
 
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security postureUsing Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
 
What You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS AttackWhat You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS Attack
 
Dark Insight: the Basic of Security - Alexander Obozinskiy
Dark Insight: the Basic of Security - Alexander ObozinskiyDark Insight: the Basic of Security - Alexander Obozinskiy
Dark Insight: the Basic of Security - Alexander Obozinskiy
 
Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018
 
Demystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source OptionsDemystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source Options
 
Heartbleed && Wireless
Heartbleed && WirelessHeartbleed && Wireless
Heartbleed && Wireless
 
Overview of SSL: choose the option that's right for you
Overview of SSL: choose the option that's right for youOverview of SSL: choose the option that's right for you
Overview of SSL: choose the option that's right for you
 
Securing Serverless - By Breaking In
Securing Serverless - By Breaking InSecuring Serverless - By Breaking In
Securing Serverless - By Breaking In
 
Serverless Security: What's Left To Protect
Serverless Security: What's Left To ProtectServerless Security: What's Left To Protect
Serverless Security: What's Left To Protect
 
Recipe for good secrets management
Recipe for good secrets managementRecipe for good secrets management
Recipe for good secrets management
 

Viewers also liked

INTELLIGENT FACE RECOGNITION TECHNIQUES
INTELLIGENT FACE RECOGNITION TECHNIQUESINTELLIGENT FACE RECOGNITION TECHNIQUES
INTELLIGENT FACE RECOGNITION TECHNIQUESChirag Jain
 
Offline bruteforce attack on WiFi Protected Setup
Offline bruteforce attack on WiFi Protected SetupOffline bruteforce attack on WiFi Protected Setup
Offline bruteforce attack on WiFi Protected Setup0xcite
 

Viewers also liked (20)

Identifying XSS Vulnerabilities
Identifying XSS VulnerabilitiesIdentifying XSS Vulnerabilities
Identifying XSS Vulnerabilities
 
Newbytes NullHyd
Newbytes NullHydNewbytes NullHyd
Newbytes NullHyd
 
DNS hijacking - null Singapore
DNS hijacking - null SingaporeDNS hijacking - null Singapore
DNS hijacking - null Singapore
 
Hacker's jargons
Hacker's jargonsHacker's jargons
Hacker's jargons
 
Humla workshop on Android Security Testing - null Singapore
Humla workshop on Android Security Testing - null SingaporeHumla workshop on Android Security Testing - null Singapore
Humla workshop on Android Security Testing - null Singapore
 
Three things that rowhammer taught me by Halvar Flake
Three things that rowhammer taught me by Halvar FlakeThree things that rowhammer taught me by Halvar Flake
Three things that rowhammer taught me by Halvar Flake
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentesting
 
Null Singapore - Can We secure the IoT - Chadi Hantouche
Null Singapore - Can We secure the IoT - Chadi HantoucheNull Singapore - Can We secure the IoT - Chadi Hantouche
Null Singapore - Can We secure the IoT - Chadi Hantouche
 
News Bytes - December 2015
News Bytes - December 2015News Bytes - December 2015
News Bytes - December 2015
 
Pentesting RESTful WebServices v1.0
Pentesting RESTful WebServices v1.0Pentesting RESTful WebServices v1.0
Pentesting RESTful WebServices v1.0
 
Atrium
AtriumAtrium
Atrium
 
IE memory protection Null meet april 2015
IE memory protection Null meet april 2015IE memory protection Null meet april 2015
IE memory protection Null meet april 2015
 
Basics of ssl
Basics of sslBasics of ssl
Basics of ssl
 
Apparmor
ApparmorApparmor
Apparmor
 
OAuth Tokens
OAuth TokensOAuth Tokens
OAuth Tokens
 
Firewalking
FirewalkingFirewalking
Firewalking
 
Stegano Secrets - Python
Stegano Secrets - PythonStegano Secrets - Python
Stegano Secrets - Python
 
INTELLIGENT FACE RECOGNITION TECHNIQUES
INTELLIGENT FACE RECOGNITION TECHNIQUESINTELLIGENT FACE RECOGNITION TECHNIQUES
INTELLIGENT FACE RECOGNITION TECHNIQUES
 
Managing third party libraries
Managing third party librariesManaging third party libraries
Managing third party libraries
 
Offline bruteforce attack on WiFi Protected Setup
Offline bruteforce attack on WiFi Protected SetupOffline bruteforce attack on WiFi Protected Setup
Offline bruteforce attack on WiFi Protected Setup
 

Similar to Attacking VPN's

Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private NetworkHASHIR RAZA
 
Virtual private network chapter 1 PSU.pdf
Virtual private network chapter 1 PSU.pdfVirtual private network chapter 1 PSU.pdf
Virtual private network chapter 1 PSU.pdfAceAtigaVallo
 
Minimizing Information Transparency
Minimizing Information TransparencyMinimizing Information Transparency
Minimizing Information TransparencyUsman Arshad
 
Realtime web experience with signalR
Realtime web experience with signalRRealtime web experience with signalR
Realtime web experience with signalRRan Wahle
 
CompTIA Security+ Chapter Four Review
CompTIA Security+ Chapter Four ReviewCompTIA Security+ Chapter Four Review
CompTIA Security+ Chapter Four ReviewDCPS
 
Aryan_VPN_PPT.pptx
Aryan_VPN_PPT.pptxAryan_VPN_PPT.pptx
Aryan_VPN_PPT.pptxaryankaul178
 
How to Quickly Implement a Secure Cloud for Government and Military | Webinar
How to Quickly Implement a Secure Cloud for Government and Military | WebinarHow to Quickly Implement a Secure Cloud for Government and Military | Webinar
How to Quickly Implement a Secure Cloud for Government and Military | WebinarPLUMgrid
 
VPN & FIREWALL
VPN & FIREWALLVPN & FIREWALL
VPN & FIREWALLMoin Islam
 
Virtual Private Networks
Virtual Private NetworksVirtual Private Networks
Virtual Private Networksprimeteacher32
 
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...Amazon Web Services
 
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...DATA SECURITY SOLUTIONS
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private NetworkRajan Kumar
 

Similar to Attacking VPN's (20)

Shradhamaheshwari vpn
Shradhamaheshwari vpnShradhamaheshwari vpn
Shradhamaheshwari vpn
 
Vp ns
Vp nsVp ns
Vp ns
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
Virtual private network chapter 1 PSU.pdf
Virtual private network chapter 1 PSU.pdfVirtual private network chapter 1 PSU.pdf
Virtual private network chapter 1 PSU.pdf
 
Minimizing Information Transparency
Minimizing Information TransparencyMinimizing Information Transparency
Minimizing Information Transparency
 
Realtime web experience with signalR
Realtime web experience with signalRRealtime web experience with signalR
Realtime web experience with signalR
 
CompTIA Security+ Chapter Four Review
CompTIA Security+ Chapter Four ReviewCompTIA Security+ Chapter Four Review
CompTIA Security+ Chapter Four Review
 
Aryan_VPN_PPT.pptx
Aryan_VPN_PPT.pptxAryan_VPN_PPT.pptx
Aryan_VPN_PPT.pptx
 
How to Quickly Implement a Secure Cloud for Government and Military | Webinar
How to Quickly Implement a Secure Cloud for Government and Military | WebinarHow to Quickly Implement a Secure Cloud for Government and Military | Webinar
How to Quickly Implement a Secure Cloud for Government and Military | Webinar
 
VPN
VPNVPN
VPN
 
Vp ns
Vp nsVp ns
Vp ns
 
VPN & FIREWALL
VPN & FIREWALLVPN & FIREWALL
VPN & FIREWALL
 
Vpn rsvp
Vpn rsvpVpn rsvp
Vpn rsvp
 
Virtual Private Networks
Virtual Private NetworksVirtual Private Networks
Virtual Private Networks
 
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
 
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
VPN
VPN VPN
VPN
 
Vp npresentation (1)
Vp npresentation (1)Vp npresentation (1)
Vp npresentation (1)
 

More from n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

More from n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Recently uploaded

How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxGal Baras
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
 
The AI Powered Organization-Intro to AI-LAN.pdf
The AI Powered Organization-Intro to AI-LAN.pdfThe AI Powered Organization-Intro to AI-LAN.pdf
The AI Powered Organization-Intro to AI-LAN.pdfSiskaFitrianingrum
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxlaozhuseo02
 
Article writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxArticle writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxabhinandnam9997
 
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理aagad
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
 
The Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyThe Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyDamar Juniarto
 
ER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEHimani415946
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shoplaozhuseo02
 

Recently uploaded (12)

How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
 
The Best AI Powered Software - Intellivid AI Studio
The Best AI Powered Software - Intellivid AI StudioThe Best AI Powered Software - Intellivid AI Studio
The Best AI Powered Software - Intellivid AI Studio
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
 
The AI Powered Organization-Intro to AI-LAN.pdf
The AI Powered Organization-Intro to AI-LAN.pdfThe AI Powered Organization-Intro to AI-LAN.pdf
The AI Powered Organization-Intro to AI-LAN.pdf
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
 
Stay Ahead with 2024's Top Web Design Trends
Stay Ahead with 2024's Top Web Design TrendsStay Ahead with 2024's Top Web Design Trends
Stay Ahead with 2024's Top Web Design Trends
 
Article writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxArticle writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptx
 
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
 
The Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyThe Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case Study
 
ER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAE
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
 

Attacking VPN's

  • 2. Who am i? • Web application & Network pentester • Malware reverse engineering • Regular to Null Hyderabad chapter • Email: Abdul.Adil@connectica.in • Website: Connectica.in • Twitter:@AbdulAdil02
  • 3. Agenda • What & Why VPN? • Types of VPN • VPN Internals • VPN issues • Demo • Questionnaire?
  • 4. What & Why VPN? • VPN stands for “Virtual private network”. • It extends a private network across a public network (internet). • It establishes a virtual point-to-point connection. • Connection is encrypted!.
  • 6. Type of VPN protocol • PPTP • IPSec • SSL VPN • Hybrid VPN
  • 7. Types of VPN protocol • PPTP(Point to point tunneling protocol): This is the most common and widely used VPN protocol. They enable authorized remote users to connect to the VPN network using their existing Internet connection and then log on to the VPN using password authentication. • IPSec: Trusted protocol which sets up a tunnel from the remote site into your central site. As the name suggests, it’s designed for IP traffic. IPSec requires expensive, time consuming client installations and this can be considered an important disadvantage.
  • 8. VPN protocol & types •SSL VPN:SSL or Secure Socket Layer is a VPN accessible via https over web browser. SSL creates a secure session from your PC browser to the application server you’re accessing. The major advantage of SSL is that it doesn’t need any software installed because it uses the web browser as the client application. •Hybrid VPN: It combines the features of SSL and IPSec & also other types of VPN types. Hybrid VPN servers are able to accept connections from multiple types of VPN clients. They offer higher flexibility at both client and server levels and bound to be expensive.
  • 11. VPN appliance and applications VPN Appliance VPN application
  • 12. VPN issues • Some of the protocols provide weak encryptions. • Vulnerable to brute force attacks as there is only one DES 56bit key to crack. • RC4 cipher which is used for encryption does not doesn’t helps us with the integrity of the data. • If not configure properly it can lead to leakage of data over network(Port fail vulnerability).
  • 13.
  • 15. Thanks to Null Hyderabad.