March18, 2014 at 6:30 PM
ISSA National Capital Chapter February meeting topic:
Man-in-the-Browser Session Hijacking
by Raphael Mudge, Strategic Cyber LLC
Two-factor authentication is mainstream now. Most major web services have it as an option. Is this the end of phished accounts? No. Attackers will simply shift tactics.
This talk walks through a man in the browser attack to hijack authenticated web sessions. You will learn different ways a browser may identify itself to a server and one way an attacker can hijack these, regardless of the two-factor user authentication in place.
About the Speaker
Raphael Mudge is the founder and Principal at Strategic Cyber LLC. His company’s software, Cobalt Strike, helps pen testers and red teams emulate advanced threats. http://www.advancedpentest.com/