PenTest Edition: Creating A Man-in-the-Middle Attack using Cain & Abel [Tutorial]

A man-in-the-middle attack occurs when an attacker sits in the middle of the communication between two victim devices, secretly relaying information back-and-forth on their behalf. It can be thought of as active eavesdropping. The attacker cannot only see the communication traveling to-and-from the victim devices, but can also inject his own malicious traffic. With this ...

How Hackers Still Manage to Steal Facebook Passwords: How You Can Protect Yourself

Throughout the years of Facebook hacking, hackers have discovered plenty of different methods for stealing Facebook credentials. Some are straightforward; others quite clever. But, just like a cat-and-mouse game, Facebook responds with an additional security feature to protect our accounts. Thus, many of the older and easier methods of acquiring Facebook credentials are going obsolete. ...

Decrypting HTTPS Traffic

Hypertext Transfer Protocol over SSL (https)  is pretty decent security. This is because https uses the Secure Sockets Layer (SSL) encryption scheme to pass keys between two parties over the Internet. These days, however, most of our Web servers are utilizing Transport Layer Security (TLS 1.2), which is an updated version of SSL 3.0. Therefore, ...

How Does HTTPS Work? The TLS Handshake Explained

http is inherently vulnerable to MitM attacks because client-server communication is transmitted in plaintext over the Internet. This makes http sessions vulnerable to MitM, Session Hijacking, and other dangerous attacks. To remediate this vulnerability, security researchers created https, which stands for Hypertext Transfer Protocol over SSL encryption. Note: Since 2008, we've been using TLS 1.2, ...