The recent Uber and Revolut hacks revealed the importance of identity and access management as a way to protect against social engineering attacks and mitigate security breaches. We will show a live demo that will provide context around the usage of transparent proxies and demonstrate how a man-in-the-middle toolkit, like Evilginx or Muraena, can be used to steal sessions of popular online websites, such as Facebook, LinkedIn or Github. A step by step tutorial will present how user accounts can be hijacked, even when protected by 2FA mechanisms.
The goal of this talk is to:
Explain what a transparent proxy is, and how it can be used for malicious purposes
Present popular MITM toolkits
Raise awareness of the issue by showcasing a possible attack.
Session author bios
Natalia is a software engineer at Canonical, currently working in the Identity team on IAM solutions. Her main areas of interest include cybersecurity and cryptography.
|Level of Difficulty||Intermediate|