49. Post Connection Attacks Overview

OK, now that you know how to gain access to networks, even if they use encryption and even if they

implement a large number of security features in the section, we're going to talk about the post connection

attacks.

So the attacks that you can do after you connect to a network.

Now, all of the attacks that we're going to talk about here will work against wi fi and Ethernet or

wire networks.

You just need to make sure that you're actually connected to that network.

So throughout the section, I'm going to be running some of the attacks against a wireless network after

connecting to it, or I'm going to be running it against the virtual not network, which acts exactly

as an Internet network, just to prove to you that this will work against both Wi-Fi and wired networks.

So in the first subsection of this section, we're going to visit some basics and I'm going to show

you how to manually run an ERP spoofing attack, become the man in the middle, sniff data, bypass

https, do DNS spoofing, add more cool stuff that you might already know how to do using scripts such

as Man in the Middle.

Now the word manually is highlighted here because I want you to know how to do this independent of scripts

that will do everything for you, because once you know how to do stuff manually if scripts fail,

then you'll be able to fix it or know where it's going wrong and fix that.

And you'll also be able to kind of take out each of these components and plug it into your own network

and then and then run your more powerful attack.

I will also show you how to bypass some security features if they're implemented on the other side and

still be able to run your IRP spoofing without triggering any alarm.

No, this is all going to be the first subsection of this section.

In the next subsection.

I'm going to show you how to analyze data flows and start building up your own attacks.

So if you have an idea of an attack and there is no tool that does that attack for you, I'm going to

show you how to, first of all, analyze, see what happens when someone does something or how do you

want this attack to be triggered.

And then I'm going to show you how to run this attack and get it to work.

So we're going to be, first of all, showing you some attacks that in the middle have already implements,

such as injecting JavaScript or modifying HTML code, which you're going to be doing that manually.

You're going to be creating that attack manually.

So you want to be dependent on tools such as Man in the Middle.

And then and the last subsection of this section is where everything clicks together.

So I'm actually going to show you how to write your own scripts to run your own attacks.

So we're going to be doing attacks that there are no tools around that do it.

We're going to show you how to, first of all, think of an attack and then I'm going to show you how

to write a script that will execute this attack for you.

So you won't have to do it manually every time you want to run it.

I'm going to be talking about each component and each part of creating your own attack separately,

so we're going to be talking about analyzing data flows and analyzing what happens when someone does

something on the network.

We're going to talk about how to come up with an attack and then we're going to talk about how to test

it and implement that attack.

So by the end of the section, you're going to be able to implement any attacks that you think of,

even if there is no tools that do it for you.

You're going to be able to sit down, analyze and write and build up your own attack.

So this is crucial because in a lot of scenarios, you might have an idea and this idea will actually

work, but you might not have the skills to put it to make it work practically.

So by the end of this course, you'll be able to do such things.

And I'm actually as an example, we're going to be building a tool that's going to create a Trojan out

of any files that any person downloads and the same network.

So there is nothing around the Internet that does that.

And this just goes to show you how you can use the information here to build up any attack that you

can think of.