A Highly Scalable and Reduced-Risk Approach to Learning Network Man-in-the-Middle (MITM) and Client-Side Exploitation (CSE)

Abstract

Man-in-the-middle attacks are commonly used by penetration testers and malicious hackers to intercept, monitor and manipulate network traffic. MITM attacks may take place at the first four networking layers and are often used in exploit-chains to spread laterally within a target network. In this paper, we describe the various types of MITM attacks and how they can be used to deliver effective client-side exploits. Various challenges commonly encountered are discussed followed by a novel approach that significantly lowers risks while simultaneously enriching the learning experience for students. We discuss the introduction of this approach into the classroom environment and student feedback. We conclude with a discussion of future development objectives and a summary of our key findings.