Description: In 2011 MiTM attacks are still a valid and extremely successful attack vector. Exploiting it often requires knowledge of multiple tools and physical access to the network or proximity to an access-point. Easy-Creds takes the MiTM automation to the next level, bringing high-percentage MiTM attacks to the masses. Easy-Creds was recently added to the BackTrack (BT) repository and is slated for inclusion in the next BT base distribution. After performing enterprise assessments for many organizations, and frequently attempting a MiTM attack, via ARP poisoning; the extremely high success rate is remarkable even though this attack has been around and discussed for almost a decade. During this talk we will review the reasons why MiTM is still a valid attack and seldom defended, how to execute an effective attack, the usage of Easy-Creds and demonstrate how to run Easy-Creds for attack simulation engagements.
Tags: Hack3rcon 2011 , Eric Milam , MiTM ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
On the extra tools section of the video (~12:40) I would also recommend war driving tools such as a tool to map precise locations of clients/access points as well as another tool I came across that has a huge database that will display the location of a networks MAC address on a map(can't think of the name right now...)
If you can remember the tool...let me know and I'll see if I can't work it in.