Category: Cryptography

Read about the different types of encryption, tunneling protocols, e-mail encryption protocols, and Public Key Infrastructure

The Recent 4G LTE Network Vulnerabilities and Attacks

In this blog post, I'll discuss the design and operation of a 4G LTE network. In hindsight, I realize topics such as these can get extremely lengthy. For that reason, I'll limit this discussion down to only the necessary technical details required to understand these new LTE attacks, while excluding any complicating, non-essentials. These new ...

PenTest Edition: Capture Images That Network Users Are Looking at Using Driftnet and WebSploit

WebSploit is an advanced MitM framework of penetration testing tools used to assess wired/wireless network security, web vulnerabilities, and exploitation techniques. This demonstration uses the network/mitm module to set up a Man-in-the-Middle (MitM) attack between the target and the gateway in addition to using Driftnet to steal any unencrypted (and possibly encrypted) images that the ...

HTTPS: The TLS Handshake Using Diffie-Hellman Ephemeral

A client securely connects to a web server via the TLS 1.2 transport encryption protocol. This is a process that starts with asymmetric cryptography and ends with symmetric cryptography. As a refresher, recall that asymmetric cryptography uses a public and private key pair, whereas symmetric cryptography uses only one shared key. I published a blog ...

Methods of Authentication: PPP, AAA, and EAP

How do we authenticate when we login to another device or an application? It's much more than just entering a username and password, right? Well, there are actually many ways to authenticate! I'll discuss some of the main ones we use and what goes on behind the scenes. Point-to-Point Protocols (PPP) If you're familiar with ...