March18, 2014 at 6:30 PM
ISSA National Capital Chapter February meeting topic:
Man-in-the-Browser Session Hijacking
by Raphael Mudge, Strategic Cyber LLC
Abstract
Two-factor authentication is mainstream now. Most major web services have it as an option. Is this the end of phished accounts? No. Attackers will simply shift tactics.
This talk walks through a man in the browser attack to hijack authenticated web sessions. You will learn different ways a browser may identify itself to a server and one way an attacker can hijack these, regardless of the two-factor user authentication in place.
Demonstrations included.
About the Speaker
Raphael Mudge is the founder and Principal at Strategic Cyber LLC. His company’s software, Cobalt Strike, helps pen testers and red teams emulate advanced threats. http://www.advancedpentest.com/
Please RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.
Tuesday, March 18, 2014 6:30 PM
Center for American Progress (CAP)
1333 H St. NW
Washington, DC, 20005
Click here for details.