[Workshop - DMV] SSL/TLS Session Hijack using SSLStrip and DNS spoofing
Tell a Friend About This EventTell a Friend

When: Saturday, October 21st
from 1 to 6 pm
Where: University of Maryland
Computer Science Instructional Center (CSIC), Bldg 406
Rm 1121
College Park, Maryland 
United States
Presenter: Ahmed Ibrahim - Lecturer of Computer Science at the University of Virginia

Online registration is closed.
« Go to Upcoming Event List  

SSL/TLS Session Hijack using SSLStrip and DNS spoofing - Saturday 10/21/2017 (12:30 - 6:00)



This is a hands-on workshop where you will put into practice those things you may have read about or covered in a class. This is also a great opportunity to meet other like-minded women and to keep your skills fresh if you're a veteran! You will also earn continuing education credits towards your certification renewal.  

Level: 100 


Level 100 courses are designed for students with little to no previous IT Security experience, or no experience in the topic(s) being covered.  These courses are meant to be introductory level, or provide the training for entry level certifications.


Level 200 courses are designed for students with some security experience, looking to advance or learn in new topics.


Level 300 courses are designed to offer expert level courses and training on specific topics.  Typically, a general understanding and knowledge of the topic being presented is an expected prerequisite.  

**No one is excluded from attending a course at a level higher than their current experience.  However, the course will move at the pace designed for the level of the course.

Where do I fit? See full description here.


Topic Details:

This workshop will introduce symmetric and asymmetric key encryption to the audience. You will then understand how both types are used together to provide secure communications like SSL/TLS. The first exercise will show how   SSLStrip can easily allow attackers to deceive casual untrained web users in order  to obtain their login credentials. In this exercise, the attacker will perform a man-in-the-middle attack to establish an insecure session with the victim and establish a legitimate connection with the server. The second exercise will show a vulnerability which some Certificate Authorities has in 2009 which allow attackers to impersonate CAs and intercept communication without the victim noticing any change in the secure URL they are visiting. The last exercise will demonstrate how a DNS spoofing attack can redirect victims to malicious servers. In this exercise, the attacker will spoof DNS replies to the victim in order to redirect the browser to the a malicious website.

Objectives – What You Will Leave Knowing

  • What is the difference between symmetric and asymmetric key encryption
  • How symmetric and asymmetric key encryption are being used together in security protocols
  • How does SSL/TLS work
  • How an active attacker can hijack SSL/TLS sessions
  • How an active attacked can impersonate CAs
  • How an active attacked can redirect victims to malicious websites by spoofing DNS replies


Ahmed   Ibrahim   is   a   Lecturer   of   Computer   Science   at   the   University   of   Virginia.   Ahmed   currently teaches   “Network   Security”   and   has   been   focusing   on   providing   hands-on   exercises,   to   the students,   which   complement   the   classroom   concepts.   He   attended   several   conferences   and workshops   to   develop   such   exercises.   To   offer   his   students   an   experience   they   will   retain   for   a long   time,   Ahmed   hires   enthusiastic   students   to   develop   such   exercises   for   academic   classroom settings.   Also,   at   the   end   of   the   semester   he   runs   an   “Awareness   Hour”   event   where   his students   present   what   they   learned   in   the   class   to   other   students   in   the   university.

Prerequisites – What You’re Expected to Know

     Basic knowledge of technology

     Basic knowledge of how the Internet works

     Basic knowledge of the difference between HTTP and HTTPS

     Efficient use of VirtualBox

     Ability to import and configure VMs


01:00 - 01:30 Lunch, networking, prep

01:30 - 02:30 Intro to symmetric and asymmetric encryption

02:30 - 03:00 Intro to SSL/TLS

03:00 - 03:15 BREAK

03:15 - 04:00 SSL/TLS Session Hijacking using SSLStrip

04:00 - 04:45 Using fake digital certificates using SSLSniff

04:45 - 05:00 Intro to DNS

05:00 - 05:30 DNS spoofing attack

05:30 - 06:00 Wrap-up, Q&A


  • Laptop, 8GB RAM, 20GB of free hard disk space (Note: if you have less than 8GB RAM, you will notice a degradation in the performance)
  • Windows or Mac machine, native (host).  Microsoft offers trial versions.
  • VirtualBox (latest version)
  • Custom VMs and material: link provided after registration

You can still participate in this workshop as an observer if you do not have a computer available. 

Remote and Male Associate Member Participation:

Once registered, you'll receive the meeting participation info by email the day before the workshop. Expect to join 15-30 minutes prior to test your technical configurations. It’s recommended that you have a 2nd monitor to view the screen-sharing.

NOTE: For remote participants, you need to make sure you own the network you are operating on. Example: Your home network. Please don’t perform this activity on networks you don’t own. Example: University network, Starbucks network, etc.


Early Bird Special!!! 40% off for Onsite

Full/Student/Military Member:  $80

Associate Member and Remote Attendee: $35

Non-Member: $120


University of Maryland

Computer Science Instructional Center (CSIC) - Bldg 406, Rm 1121


Free Parking.