Uploaded byAhmadThaqifAimanAhma
PPTX, PDF725 views

Man in the middle

A man-in-the-middle attack is where an attacker secretly relays communications between two parties who believe they are directly communicating, allowing the attacker to intercept and potentially alter these communications. There are two main types - one using physical proximity to intercept wireless communications, and one using malware to intercept communications. Some common man-in-the-middle attack techniques aim to spoof IP addresses, DNS information, HTTPS secure connections, SSL encryption, email sender addresses, or eavesdrop on Wi-Fi networks to intercept user communications and credentials.

Embed presentation

Downloaded 16 times
MAN IN THE MIDDLE
DEFINATION  In cryptography and computer security, a man-in-the-middle attack (MITM) is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe they are directly communicating with each other. One example of a MITM attack is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.
MITM ATTACKS: CLOSE TO YOU OR WITH MALWARE  Man-in-the-middle attacks come in two forms, one that involves physical proximity to the intended target, and another that involves malicious software, or malware. This second form, like our fake bank example above, is also called a man-in-the-browser attack.  With a traditional MITM attack, the cybercriminal needs to gain access to an unsecured or poorly secured Wi-Fi router. These types of connections are generally found in public areas with free Wi-Fi hotspots, and even in some people’s homes, if they haven’t protected their network. Attackers can scan the router looking for specific vulnerabilities such as a weak password.
THE FLOW OF CRIME
6 TYPES OF MAN-IN-THE-MIDDLE ATTACKS 1. IP spoofing Every device capable of connecting to the internet has an internet protocol (IP) address, which is similar to the street address for your home. By spoofing an IP address, an attacker can trick you into thinking you’re interacting with a website or someone you’re not, perhaps giving the attacker access to information you’d otherwise not share. 2. DNS spoofing Domain Name Server, or DNS, spoofing is a technique that forces a user to a fake website rather than the real one the user intends to visit. If you are a victim of DNS spoofing, you may think you’re visiting a safe, trusted website when you’re actually interacting with a fraudster. The perpetrator’s goal is to divert traffic from the real site or capture user login credentials.
3. HTTPS spoofing When doing business on the internet, seeing “HTTPS” in the URL, rather than “HTTP” is a sign that the website is secure and can be trusted. In fact, the “S” stands for “secure.” An attacker can fool your browser into believing it’s visiting a trusted website when it’s not. By redirecting your browser to an unsecure website, the attacker can monitor your interactions with that website and possibly steal personal information you’re sharing. 4. SSL hijacking When your device connects to an unsecure server — indicated by “HTTP” — the server can often automatically redirect you to the secure version of the server, indicated by “HTTPS.” A connection to a secure server means standard security protocols are in place, protecting the data you share with that server. SSL stands for Secure Sockets Layer, a protocol that establishes encrypted links between your browser and the web server.
5. Email hijacking Cybercriminals sometimes target email accounts of banks and other financial institutions. Once they gain access, they can monitor transactions between the institution and its customers. The attackers can then spoof the bank’s email address and send their own instructions to customers. This convinces the customer to follow the attackers’ instructions rather than the bank’s. As a result, an unwitting customer may end up putting money in the attackers’ hands. 6. Wi-Fi eavesdropping Cybercriminals can set up Wi-Fi connections with very legitimate sounding names, similar to a nearby business. Once a user connects to the fraudster’s Wi-Fi, the attacker will be able to monitor the user’s online activity and be able to intercept login credentials, payment card information, and more. This is just one of several risks associated with using public Wi-Fi. You can learn more about such risks here.

More Related Content

PPTX
Man in the middle attack .pptx
byPradeepKumar728006
 
PPTX
Man in the middle attack (mitm)
byHemal Joshi
 
PPTX
Man in The Middle Attack
byDeepak Upadhyay
 
PPT
Ch04 Network Vulnerabilities and Attacks
byInformation Technology
 
PPTX
Ethical Hacking - sniffing
byBhavya Chawla
 
PPTX
Hacker tooltalk: Social Engineering Toolkit (SET)
byChris Hammond-Thrasher
 
PPTX
Network scanning
byoceanofwebs
 
PPTX
Packet sniffers
byKunal Thakur
 
Man in the middle attack .pptx
byPradeepKumar728006
 
Man in the middle attack (mitm)
byHemal Joshi
 
Man in The Middle Attack
byDeepak Upadhyay
 
Ch04 Network Vulnerabilities and Attacks
byInformation Technology
 
Ethical Hacking - sniffing
byBhavya Chawla
 
Hacker tooltalk: Social Engineering Toolkit (SET)
byChris Hammond-Thrasher
 
Network scanning
byoceanofwebs
 
Packet sniffers
byKunal Thakur
 

What's hot

PDF
Cyber security
byBhavin Shah
 
PPTX
Cybersecurity Attack Vectors: How to Protect Your Organization
byTriCorps Technologies
 
PPTX
Module 2_ Cyber offenses & Cybercrime.pptx
bynikshaikh786
 
PPTX
Introduction to Cryptography
byMd. Afif Al Mamun
 
PDF
Cybersecurity Awareness Training Presentation v1.0
byDallasHaselhorst
 
PDF
Web Application Security and Awareness
byAbdul Rahman Sherzad
 
PPTX
MALWARE AND ITS TYPES
bydaniyalqureshi712
 
PPTX
Network attacks
byManjushree Mashal
 
PPTX
Denial of service
bygarishma bhatia
 
PPTX
Firewall presentation
byAmandeep Kaur
 
PPT
Keyloggers and Spywares
byAnkit Mistry
 
PPT
Introduction to Cyber Security
byStephen Lahanas
 
PPTX
Network Security: Attacks, Tools and Techniques
bywaqasahmad1995
 
PDF
What is Network Security?
byFaith Zeller
 
PPTX
Password management
byWilmington University
 
PPTX
Hash function
bySalman Memon
 
PPTX
Trojans and backdoors
byGaurav Dalvi
 
PPT
Types of attacks and threads
bysrivijaymanickam
 
PPTX
Rootkits
byTharinduUdaraRanasin
 
PPTX
Transport layer security (tls)
byKalpesh Kalekar
 
Cyber security
byBhavin Shah
 
Cybersecurity Attack Vectors: How to Protect Your Organization
byTriCorps Technologies
 
Module 2_ Cyber offenses & Cybercrime.pptx
bynikshaikh786
 
Introduction to Cryptography
byMd. Afif Al Mamun
 
Cybersecurity Awareness Training Presentation v1.0
byDallasHaselhorst
 
Web Application Security and Awareness
byAbdul Rahman Sherzad
 
MALWARE AND ITS TYPES
bydaniyalqureshi712
 
Network attacks
byManjushree Mashal
 
Denial of service
bygarishma bhatia
 
Firewall presentation
byAmandeep Kaur
 
Keyloggers and Spywares
byAnkit Mistry
 
Introduction to Cyber Security
byStephen Lahanas
 
Network Security: Attacks, Tools and Techniques
bywaqasahmad1995
 
What is Network Security?
byFaith Zeller
 
Password management
byWilmington University
 
Hash function
bySalman Memon
 
Trojans and backdoors
byGaurav Dalvi
 
Types of attacks and threads
bysrivijaymanickam
 
Rootkits
byTharinduUdaraRanasin
 
Transport layer security (tls)
byKalpesh Kalekar
 

Similar to Man in the middle

PPTX
Man in the Middle.pptx
byAVNIKASODARIYA
 
PDF
cyber security
byNaveed Ahmed Siddiqui
 
PPTX
Advance Web Vulnerabilities Chapter 3 to 5
byarjayVicencio
 
PPTX
Man in the Middle.pptx
byanwarsnied2
 
PDF
Information Systems Audit - Auditing Information Systems
byssuser557ea5
 
PDF
Cybersecurity 101: Protecting Data, Accounts, and Digital Assets in a Connect...
byYellow Slice
 
PPTX
Kinds of cybercrime (Social Networking for Social integration .pptx
byDavidsonTuban
 
PDF
Cybersecurity Awareness: Protecting Data, Finance & Digital Identity
byYellow Slice
 
PDF
Cybersecurity
byYellow Slice
 
PDF
7 Ways Man-in-the-Middle Attacks Exploit Public Wi-Fi Users
bycivil hospital parasia
 
PPTX
mobile security.pptx
byTapan Khilar
 
PPT
slide network security cs 5950 6030 class 27
byiotatangleisec
 
PPTX
Cyber Attacks and Defences - JNTUH,Cyber Attacks and Defences
byNiharikaGuptas
 
PPT
Unauthorized access, Men in the Middle (MITM)
byBalvinder Singh
 
PPTX
Middle man cheating
bytarunikahsundrajahpi
 
PPTX
basics of hacking- threat basics, types of attack
byPILAMPIRAYAsstProfes
 
PPTX
lect 8_10Man in middle.pptxcfvbhcfvfhfdhfdhf
byzmulani8
 
PPTX
Man in the Middle.pptx
byJoseUlisesPaicoColla1
 
PDF
7 Ways Man-in-the-Middle Attacks Exploit Public Wi-Fi Users
bycivil hospital parasia
 
PPTX
cyber_crim.pptx
byVishwanath976500
 
Man in the Middle.pptx
byAVNIKASODARIYA
 
cyber security
byNaveed Ahmed Siddiqui
 
Advance Web Vulnerabilities Chapter 3 to 5
byarjayVicencio
 
Man in the Middle.pptx
byanwarsnied2
 
Information Systems Audit - Auditing Information Systems
byssuser557ea5
 
Cybersecurity 101: Protecting Data, Accounts, and Digital Assets in a Connect...
byYellow Slice
 
Kinds of cybercrime (Social Networking for Social integration .pptx
byDavidsonTuban
 
Cybersecurity Awareness: Protecting Data, Finance & Digital Identity
byYellow Slice
 
Cybersecurity
byYellow Slice
 
7 Ways Man-in-the-Middle Attacks Exploit Public Wi-Fi Users
bycivil hospital parasia
 
mobile security.pptx
byTapan Khilar
 
slide network security cs 5950 6030 class 27
byiotatangleisec
 
Cyber Attacks and Defences - JNTUH,Cyber Attacks and Defences
byNiharikaGuptas
 
Unauthorized access, Men in the Middle (MITM)
byBalvinder Singh
 
Middle man cheating
bytarunikahsundrajahpi
 
basics of hacking- threat basics, types of attack
byPILAMPIRAYAsstProfes
 
lect 8_10Man in middle.pptxcfvbhcfvfhfdhfdhf
byzmulani8
 
Man in the Middle.pptx
byJoseUlisesPaicoColla1
 
7 Ways Man-in-the-Middle Attacks Exploit Public Wi-Fi Users
bycivil hospital parasia
 
cyber_crim.pptx
byVishwanath976500
 

Recently uploaded

PPT
Lecture_3 Network Securityeyeyggegeg.ppt
bysawsan202
 
PDF
Micro project .pdf drone technology Report
byRenitaMamgain
 
PPTX
Types of Cryptograph Symmetric Ceaser cipher and also about Assymetric
byhamzaabdulqadeer11
 
PPTX
BIG DATA it is talking about the big data.pptx
byAbhishekGarg269
 
PDF
WShell Gameplay and Games of Games of Games
byzramirezmtz9
 
PPTX
Computer Networks 01[1 using all terms].pptx
bywaqasahmedbhatti633
 
PDF
WShell Gameplay and Games of Games of Games
byzramirezmtz9
 
PDF
Here are the winners of KALIDASA SAMMAN.
byglcppro
 
PDF
How Social Media Management Tools Work – Step-by-Step Guide
byTurrboo
 
PPTX
COĞRAFYA ödevi 70 sayfa güzeldir hayırlı olsun
bydtilter
 
PPTX
ChatGPT on education positively snd negatively
by88rtgpscxx
 
PDF
ARTIFICIAL INTELLIGENCE DEVELOPMENT SERVICE
bydavidjohansen1597
 
PDF
Xnspy vs FlexiSPY: 2025 Monitoring Comparison
byMichael Carter
 
PPTX
CaseStudy-CloudMigration -For USE CASE -Customer Success Info -6-Aug-25.pptx
bywinlentech
 
PPTX
Bibhav Singh.pptx it's very useful for us it's in very good and very nice
byabhishekjaiswal5th33
 
PPT
Memory Organization In Assembly Language
byumairmuhammad0409
 
PPTX
Ideathon template.pptx it is a ideathon template
bykonav71133
 
PPTX
Computer Science Degree for College .pptx
byHanenek1
 
PPTX
SriLank SLT LTE Network Sharing V2.pptx
bynthuang
 
PDF
Design For Test - Getting Test Automation value from Design Expressions.
byDavid Harrison
 
Lecture_3 Network Securityeyeyggegeg.ppt
bysawsan202
 
Micro project .pdf drone technology Report
byRenitaMamgain
 
Types of Cryptograph Symmetric Ceaser cipher and also about Assymetric
byhamzaabdulqadeer11
 
BIG DATA it is talking about the big data.pptx
byAbhishekGarg269
 
WShell Gameplay and Games of Games of Games
byzramirezmtz9
 
Computer Networks 01[1 using all terms].pptx
bywaqasahmedbhatti633
 
WShell Gameplay and Games of Games of Games
byzramirezmtz9
 
Here are the winners of KALIDASA SAMMAN.
byglcppro
 
How Social Media Management Tools Work – Step-by-Step Guide
byTurrboo
 
COĞRAFYA ödevi 70 sayfa güzeldir hayırlı olsun
bydtilter
 
ChatGPT on education positively snd negatively
by88rtgpscxx
 
ARTIFICIAL INTELLIGENCE DEVELOPMENT SERVICE
bydavidjohansen1597
 
Xnspy vs FlexiSPY: 2025 Monitoring Comparison
byMichael Carter
 
CaseStudy-CloudMigration -For USE CASE -Customer Success Info -6-Aug-25.pptx
bywinlentech
 
Bibhav Singh.pptx it's very useful for us it's in very good and very nice
byabhishekjaiswal5th33
 
Memory Organization In Assembly Language
byumairmuhammad0409
 
Ideathon template.pptx it is a ideathon template
bykonav71133
 
Computer Science Degree for College .pptx
byHanenek1
 
SriLank SLT LTE Network Sharing V2.pptx
bynthuang
 
Design For Test - Getting Test Automation value from Design Expressions.
byDavid Harrison
 

Man in the middle

  • 1.
    MAN IN THEMIDDLE
  • 2.
    DEFINATION  In cryptographyand computer security, a man-in-the-middle attack (MITM) is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe they are directly communicating with each other. One example of a MITM attack is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.
  • 3.
    MITM ATTACKS: CLOSETO YOU OR WITH MALWARE  Man-in-the-middle attacks come in two forms, one that involves physical proximity to the intended target, and another that involves malicious software, or malware. This second form, like our fake bank example above, is also called a man-in-the-browser attack.  With a traditional MITM attack, the cybercriminal needs to gain access to an unsecured or poorly secured Wi-Fi router. These types of connections are generally found in public areas with free Wi-Fi hotspots, and even in some people’s homes, if they haven’t protected their network. Attackers can scan the router looking for specific vulnerabilities such as a weak password.
  • 4.
  • 5.
    6 TYPES OFMAN-IN-THE-MIDDLE ATTACKS 1. IP spoofing Every device capable of connecting to the internet has an internet protocol (IP) address, which is similar to the street address for your home. By spoofing an IP address, an attacker can trick you into thinking you’re interacting with a website or someone you’re not, perhaps giving the attacker access to information you’d otherwise not share. 2. DNS spoofing Domain Name Server, or DNS, spoofing is a technique that forces a user to a fake website rather than the real one the user intends to visit. If you are a victim of DNS spoofing, you may think you’re visiting a safe, trusted website when you’re actually interacting with a fraudster. The perpetrator’s goal is to divert traffic from the real site or capture user login credentials.
  • 6.
    3. HTTPS spoofing Whendoing business on the internet, seeing “HTTPS” in the URL, rather than “HTTP” is a sign that the website is secure and can be trusted. In fact, the “S” stands for “secure.” An attacker can fool your browser into believing it’s visiting a trusted website when it’s not. By redirecting your browser to an unsecure website, the attacker can monitor your interactions with that website and possibly steal personal information you’re sharing. 4. SSL hijacking When your device connects to an unsecure server — indicated by “HTTP” — the server can often automatically redirect you to the secure version of the server, indicated by “HTTPS.” A connection to a secure server means standard security protocols are in place, protecting the data you share with that server. SSL stands for Secure Sockets Layer, a protocol that establishes encrypted links between your browser and the web server.
  • 7.
    5. Email hijacking Cybercriminalssometimes target email accounts of banks and other financial institutions. Once they gain access, they can monitor transactions between the institution and its customers. The attackers can then spoof the bank’s email address and send their own instructions to customers. This convinces the customer to follow the attackers’ instructions rather than the bank’s. As a result, an unwitting customer may end up putting money in the attackers’ hands. 6. Wi-Fi eavesdropping Cybercriminals can set up Wi-Fi connections with very legitimate sounding names, similar to a nearby business. Once a user connects to the fraudster’s Wi-Fi, the attacker will be able to monitor the user’s online activity and be able to intercept login credentials, payment card information, and more. This is just one of several risks associated with using public Wi-Fi. You can learn more about such risks here.