Learn about one of the key threats to modern systems: spoofing, or authentication attacks. Explore ways that attackers spoof people, machines, file systems, and processes.
Overview
Syllabus
Introduction
- Mitigate spoofing threats
- Four-question framework
- Spoofing as a part of STRIDE
- Account creation
- Authentication factors
- Attacking what you know
- Attacking what you have
- Attacking what you are
- Attacking where you are
- Attacking who you know
- Attacking phone authentication
- Spoofing a host
- Advanced host spoofing
- Spoofing the OSI model
- What you know in host spoofing
- Spoofing TLS
- Spoofing a specific person in email
- Spoofing a person on a website
- Spoofing a person in video and audio
- The nature of "open" and paths
- Libraries (LD_PATH, %Downloads%)
- Defenses with extra fail
- Next steps
Taught by
Adam Shostack
