SlideShare ist ein Scribd-Unternehmen logo

Attacking VPN's

Als PPTX, PDF herunterladen
n|u - The Open Security Community
n|u - The Open Security Community

Attacking VPN's

Internet
1 von 15
VPN penetration testing By Abdul Adil
Who am i? • Web application & Network pentester • Malware reverse engineering • Regular to Null Hyderabad chapter • Email: Abdul.Adil@connectica.in • Website: Connectica.in • Twitter:@AbdulAdil02
Agenda • What & Why VPN? • Types of VPN • VPN Internals • VPN issues • Demo • Questionnaire?
What & Why VPN? • VPN stands for “Virtual private network”. • It extends a private network across a public network (internet). • It establishes a virtual point-to-point connection. • Connection is encrypted!.
Scenario of VPN usage
Type of VPN protocol • PPTP • IPSec • SSL VPN • Hybrid VPN
Types of VPN protocol • PPTP(Point to point tunneling protocol): This is the most common and widely used VPN protocol. They enable authorized remote users to connect to the VPN network using their existing Internet connection and then log on to the VPN using password authentication. • IPSec: Trusted protocol which sets up a tunnel from the remote site into your central site. As the name suggests, it’s designed for IP traffic. IPSec requires expensive, time consuming client installations and this can be considered an important disadvantage.
VPN protocol & types •SSL VPN:SSL or Secure Socket Layer is a VPN accessible via https over web browser. SSL creates a secure session from your PC browser to the application server you’re accessing. The major advantage of SSL is that it doesn’t need any software installed because it uses the web browser as the client application. •Hybrid VPN: It combines the features of SSL and IPSec & also other types of VPN types. Hybrid VPN servers are able to accept connections from multiple types of VPN clients. They offer higher flexibility at both client and server levels and bound to be expensive.
VPN Internals
VPN Traffic
VPN appliance and applications VPN Appliance VPN application
VPN issues • Some of the protocols provide weak encryptions. • Vulnerable to brute force attacks as there is only one DES 56bit key to crack. • RC4 cipher which is used for encryption does not doesn’t helps us with the integrity of the data. • If not configure properly it can lead to leakage of data over network(Port fail vulnerability).
Twitter:@AbdulAdil02 Email:Abdul.Adil@connectica.in
Thanks to Null Hyderabad.

Empfohlen

Linux routing and firewall for beginners
Linux routing and firewall for beginnersLinux routing and firewall for beginners
Linux routing and firewall for beginners
n|u - The Open Security Community
 
CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)
Sam Bowne
 
Security for Complex Networks on AWS
Security for Complex Networks on AWSSecurity for Complex Networks on AWS
Security for Complex Networks on AWS
Teri Radichel
 
Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014
Cloudflare
 
All Your Containers Are Belong To Us
All Your Containers Are Belong To UsAll Your Containers Are Belong To Us
All Your Containers Are Belong To Us
Lacework
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real world
Madhu Akula
 
Lacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security Threats
Lacework
 
Zerotrusting serverless applications protecting microservices using secure d...
Zerotrusting serverless applications protecting microservices using secure d...Zerotrusting serverless applications protecting microservices using secure d...
Zerotrusting serverless applications protecting microservices using secure d...
Trupti Shiralkar, CISSP
 

Empfohlen

Linux routing and firewall for beginners
Linux routing and firewall for beginnersLinux routing and firewall for beginners
Linux routing and firewall for beginners
n|u - The Open Security Community
 
CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)
Sam Bowne
 
Security for Complex Networks on AWS
Security for Complex Networks on AWSSecurity for Complex Networks on AWS
Security for Complex Networks on AWS
Teri Radichel
 
Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014
Cloudflare
 
All Your Containers Are Belong To Us
All Your Containers Are Belong To UsAll Your Containers Are Belong To Us
All Your Containers Are Belong To Us
Lacework
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real world
Madhu Akula
 
Lacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security Threats
Lacework
 
Zerotrusting serverless applications protecting microservices using secure d...
Zerotrusting serverless applications protecting microservices using secure d...Zerotrusting serverless applications protecting microservices using secure d...
Zerotrusting serverless applications protecting microservices using secure d...
Trupti Shiralkar, CISSP
 
Common crypto attacks and secure implementations
Common crypto attacks and secure implementationsCommon crypto attacks and secure implementations
Common crypto attacks and secure implementations
Trupti Shiralkar, CISSP
 
Crypto Miners in the Cloud
Crypto Miners in the CloudCrypto Miners in the Cloud
Crypto Miners in the Cloud
Teri Radichel
 
Botconf ppt
Botconf pptBotconf ppt
Botconf ppt
Cloudflare
 
Automated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSAutomated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWS
Teri Radichel
 
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
Lacework
 
Network Security in 2016
Network Security in 2016Network Security in 2016
Network Security in 2016
Qrator Labs
 
Securing the cloud
Securing the cloudSecuring the cloud
Securing the cloud
ZIONSECURITY
 
Latest Trends in Web Application Security
Latest Trends in Web Application SecurityLatest Trends in Web Application Security
Latest Trends in Web Application Security
Cloudflare
 
Packet Capture on AWS
Packet Capture on AWSPacket Capture on AWS
Packet Capture on AWS
Teri Radichel
 
Lateral Movement with PowerShell
Lateral Movement with PowerShellLateral Movement with PowerShell
Lateral Movement with PowerShell
kieranjacobsen
 
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security postureUsing Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
Jose Hernandez
 
What You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS AttackWhat You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS Attack
Cloudflare
 
Dark Insight: the Basic of Security - Alexander Obozinskiy
Dark Insight: the Basic of Security - Alexander ObozinskiyDark Insight: the Basic of Security - Alexander Obozinskiy
Dark Insight: the Basic of Security - Alexander Obozinskiy
Ruby Meditation
 
Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018
Lacework
 
Demystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source OptionsDemystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source Options
Michele Chubirka
 
Heartbleed && Wireless
Heartbleed && WirelessHeartbleed && Wireless
Heartbleed && Wireless
Luis Grangeia
 
Overview of SSL: choose the option that's right for you
Overview of SSL: choose the option that's right for youOverview of SSL: choose the option that's right for you
Overview of SSL: choose the option that's right for you
Cloudflare
 
Securing Serverless - By Breaking In
Securing Serverless - By Breaking InSecuring Serverless - By Breaking In
Securing Serverless - By Breaking In
Guy Podjarny
 
Serverless Security: What's Left To Protect
Serverless Security: What's Left To ProtectServerless Security: What's Left To Protect
Serverless Security: What's Left To Protect
Guy Podjarny
 
Recipe for good secrets management
Recipe for good secrets managementRecipe for good secrets management
Recipe for good secrets management
Kevin Gilpin
 
Identifying XSS Vulnerabilities
Identifying XSS VulnerabilitiesIdentifying XSS Vulnerabilities
Identifying XSS Vulnerabilities
n|u - The Open Security Community
 
Newbytes NullHyd
Newbytes NullHydNewbytes NullHyd
Newbytes NullHyd
n|u - The Open Security Community
 

Weitere ähnliche Inhalte

Was ist angesagt?

Overview of SSL: choose the option that's right for you
Overview of SSL: choose the option that's right for youOverview of SSL: choose the option that's right for you
Overview of SSL: choose the option that's right for you
Cloudflare
 
Serverless Security: What's Left To Protect
Serverless Security: What's Left To ProtectServerless Security: What's Left To Protect
Serverless Security: What's Left To Protect
Guy Podjarny
 

Was ist angesagt? (20)

Common crypto attacks and secure implementations
Common crypto attacks and secure implementationsCommon crypto attacks and secure implementations
Common crypto attacks and secure implementations
 
Crypto Miners in the Cloud
Crypto Miners in the CloudCrypto Miners in the Cloud
Crypto Miners in the Cloud
 
Botconf ppt
Botconf pptBotconf ppt
Botconf ppt
 
Automated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSAutomated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWS
 
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
 
Network Security in 2016
Network Security in 2016Network Security in 2016
Network Security in 2016
 
Securing the cloud
Securing the cloudSecuring the cloud
Securing the cloud
 
Latest Trends in Web Application Security
Latest Trends in Web Application SecurityLatest Trends in Web Application Security
Latest Trends in Web Application Security
 
Packet Capture on AWS
Packet Capture on AWSPacket Capture on AWS
Packet Capture on AWS
 
Lateral Movement with PowerShell
Lateral Movement with PowerShellLateral Movement with PowerShell
Lateral Movement with PowerShell
 
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security postureUsing Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
 
What You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS AttackWhat You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS Attack
 
Dark Insight: the Basic of Security - Alexander Obozinskiy
Dark Insight: the Basic of Security - Alexander ObozinskiyDark Insight: the Basic of Security - Alexander Obozinskiy
Dark Insight: the Basic of Security - Alexander Obozinskiy
 
Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018
 
Demystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source OptionsDemystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source Options
 
Heartbleed && Wireless
Heartbleed && WirelessHeartbleed && Wireless
Heartbleed && Wireless
 
Overview of SSL: choose the option that's right for you
Overview of SSL: choose the option that's right for youOverview of SSL: choose the option that's right for you
Overview of SSL: choose the option that's right for you
 
Securing Serverless - By Breaking In
Securing Serverless - By Breaking InSecuring Serverless - By Breaking In
Securing Serverless - By Breaking In
 
Serverless Security: What's Left To Protect
Serverless Security: What's Left To ProtectServerless Security: What's Left To Protect
Serverless Security: What's Left To Protect
 
Recipe for good secrets management
Recipe for good secrets managementRecipe for good secrets management
Recipe for good secrets management
 

Andere mochten auch

Humla workshop on Android Security Testing - null Singapore
Humla workshop on Android Security Testing - null SingaporeHumla workshop on Android Security Testing - null Singapore
Humla workshop on Android Security Testing - null Singapore
n|u - The Open Security Community
 

Andere mochten auch (20)

Identifying XSS Vulnerabilities
Identifying XSS VulnerabilitiesIdentifying XSS Vulnerabilities
Identifying XSS Vulnerabilities
 
Newbytes NullHyd
Newbytes NullHydNewbytes NullHyd
Newbytes NullHyd
 
DNS hijacking - null Singapore
DNS hijacking - null SingaporeDNS hijacking - null Singapore
DNS hijacking - null Singapore
 
Hacker's jargons
Hacker's jargonsHacker's jargons
Hacker's jargons
 
Humla workshop on Android Security Testing - null Singapore
Humla workshop on Android Security Testing - null SingaporeHumla workshop on Android Security Testing - null Singapore
Humla workshop on Android Security Testing - null Singapore
 
Three things that rowhammer taught me by Halvar Flake
Three things that rowhammer taught me by Halvar FlakeThree things that rowhammer taught me by Halvar Flake
Three things that rowhammer taught me by Halvar Flake
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentesting
 
Null Singapore - Can We secure the IoT - Chadi Hantouche
Null Singapore - Can We secure the IoT - Chadi HantoucheNull Singapore - Can We secure the IoT - Chadi Hantouche
Null Singapore - Can We secure the IoT - Chadi Hantouche
 
News Bytes - December 2015
News Bytes - December 2015News Bytes - December 2015
News Bytes - December 2015
 
Pentesting RESTful WebServices v1.0
Pentesting RESTful WebServices v1.0Pentesting RESTful WebServices v1.0
Pentesting RESTful WebServices v1.0
 
Atrium
AtriumAtrium
Atrium
 
IE memory protection Null meet april 2015
IE memory protection Null meet april 2015IE memory protection Null meet april 2015
IE memory protection Null meet april 2015
 
Basics of ssl
Basics of sslBasics of ssl
Basics of ssl
 
Apparmor
ApparmorApparmor
Apparmor
 
OAuth Tokens
OAuth TokensOAuth Tokens
OAuth Tokens
 
Firewalking
FirewalkingFirewalking
Firewalking
 
Stegano Secrets - Python
Stegano Secrets - PythonStegano Secrets - Python
Stegano Secrets - Python
 
INTELLIGENT FACE RECOGNITION TECHNIQUES
INTELLIGENT FACE RECOGNITION TECHNIQUESINTELLIGENT FACE RECOGNITION TECHNIQUES
INTELLIGENT FACE RECOGNITION TECHNIQUES
 
Managing third party libraries
Managing third party librariesManaging third party libraries
Managing third party libraries
 
Offline bruteforce attack on WiFi Protected Setup
Offline bruteforce attack on WiFi Protected SetupOffline bruteforce attack on WiFi Protected Setup
Offline bruteforce attack on WiFi Protected Setup
 

Ähnlich wie Attacking VPN's

Virtual private network chapter 1 PSU.pdf
Virtual private network chapter 1 PSU.pdfVirtual private network chapter 1 PSU.pdf
Virtual private network chapter 1 PSU.pdf
AceAtigaVallo
 
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
Amazon Web Services
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
Rajan Kumar
 

Ähnlich wie Attacking VPN's (20)

Shradhamaheshwari vpn
Shradhamaheshwari vpnShradhamaheshwari vpn
Shradhamaheshwari vpn
 
Vp ns
Vp nsVp ns
Vp ns
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
Virtual private network chapter 1 PSU.pdf
Virtual private network chapter 1 PSU.pdfVirtual private network chapter 1 PSU.pdf
Virtual private network chapter 1 PSU.pdf
 
Minimizing Information Transparency
Minimizing Information TransparencyMinimizing Information Transparency
Minimizing Information Transparency
 
Realtime web experience with signalR
Realtime web experience with signalRRealtime web experience with signalR
Realtime web experience with signalR
 
CompTIA Security+ Chapter Four Review
CompTIA Security+ Chapter Four ReviewCompTIA Security+ Chapter Four Review
CompTIA Security+ Chapter Four Review
 
Aryan_VPN_PPT.pptx
Aryan_VPN_PPT.pptxAryan_VPN_PPT.pptx
Aryan_VPN_PPT.pptx
 
How to Quickly Implement a Secure Cloud for Government and Military | Webinar
How to Quickly Implement a Secure Cloud for Government and Military | WebinarHow to Quickly Implement a Secure Cloud for Government and Military | Webinar
How to Quickly Implement a Secure Cloud for Government and Military | Webinar
 
VPN
VPNVPN
VPN
 
Vp ns
Vp nsVp ns
Vp ns
 
VPN & FIREWALL
VPN & FIREWALLVPN & FIREWALL
VPN & FIREWALL
 
Vpn rsvp
Vpn rsvpVpn rsvp
Vpn rsvp
 
Virtual Private Networks
Virtual Private NetworksVirtual Private Networks
Virtual Private Networks
 
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
 
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
VPN
VPN VPN
VPN
 
Vp npresentation (1)
Vp npresentation (1)Vp npresentation (1)
Vp npresentation (1)
 

Mehr von n|u - The Open Security Community

Mehr von n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Kürzlich hochgeladen

Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Monica Sydney
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptx
galaxypingy
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
ayvbos
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
ydyuyu
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
gajnagarg
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Monica Sydney
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Monica Sydney
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
JOHNBEBONYAP1
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
ayvbos
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx
Asmae Rabhi
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
pxcywzqs
 

Kürzlich hochgeladen (20)

Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptx
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 

Attacking VPN's

  • 2. Who am i? • Web application & Network pentester • Malware reverse engineering • Regular to Null Hyderabad chapter • Email: Abdul.Adil@connectica.in • Website: Connectica.in • Twitter:@AbdulAdil02
  • 3. Agenda • What & Why VPN? • Types of VPN • VPN Internals • VPN issues • Demo • Questionnaire?
  • 4. What & Why VPN? • VPN stands for “Virtual private network”. • It extends a private network across a public network (internet). • It establishes a virtual point-to-point connection. • Connection is encrypted!.
  • 6. Type of VPN protocol • PPTP • IPSec • SSL VPN • Hybrid VPN
  • 7. Types of VPN protocol • PPTP(Point to point tunneling protocol): This is the most common and widely used VPN protocol. They enable authorized remote users to connect to the VPN network using their existing Internet connection and then log on to the VPN using password authentication. • IPSec: Trusted protocol which sets up a tunnel from the remote site into your central site. As the name suggests, it’s designed for IP traffic. IPSec requires expensive, time consuming client installations and this can be considered an important disadvantage.
  • 8. VPN protocol & types •SSL VPN:SSL or Secure Socket Layer is a VPN accessible via https over web browser. SSL creates a secure session from your PC browser to the application server you’re accessing. The major advantage of SSL is that it doesn’t need any software installed because it uses the web browser as the client application. •Hybrid VPN: It combines the features of SSL and IPSec & also other types of VPN types. Hybrid VPN servers are able to accept connections from multiple types of VPN clients. They offer higher flexibility at both client and server levels and bound to be expensive.
  • 11. VPN appliance and applications VPN Appliance VPN application
  • 12. VPN issues • Some of the protocols provide weak encryptions. • Vulnerable to brute force attacks as there is only one DES 56bit key to crack. • RC4 cipher which is used for encryption does not doesn’t helps us with the integrity of the data. • If not configure properly it can lead to leakage of data over network(Port fail vulnerability).
  • 13.
  • 15. Thanks to Null Hyderabad.