Subterfuge: The Automated Man-in-the-Middle Attack Framework

DEF CON 20

Presented by: Christopher Shields, Matthew Toussain
Date: Sunday July 29, 2012
Time: 16:00 - 16:50
Location: Track 3

Walk into Starbucks, plop down a laptop, click start, watch the credentials roll in. Enter Subterfuge, a Framework to take the arcane art of Man-in-the-Middle Attacks and make it as simple as point and shoot. Subterfuge demonstrates vulnerabilities in the ARP Protocol by harvesting credentials that go across the network, and even exploiting machines through race conditions. Now walk into a corporation…

A rapidly-expanding portion of today’s Internet strives to increase personal efficiency by turning tedious or complex processes into a framework which provides instantaneous results. On the contrary, much of the information security community still finds itself performing manual, complicated tasks to administer and protect their computer networks. The purpose of this presentation is to discuss a new Man-In-The-Middle attack tool called Subterfuge. Subterfuge is a simple but devastatingly effective credential-harvesting program, which exploits vulnerabilities in the inherently trusting Address Resolution Protocol. It does this in a way that even a non-technical user would have the ability, at the push of a button, to attack all machines connected to the network. Subterfuge further provides the framework by which users can then leverage a MITM attack to do anything from browser/service exploitation to credential harvesting, thus equipping information and network security professionals and enthusiasts alike with a sleek “push-button” security validation tool.

Matthew Toussain

Matthew M. Toussain developed the Air Force’s introductory Cyber Warfare curriculum at the United States Air Force Academy, promoting information assurance through a ten day, fast-paced, offense focused program. As a senior at the Academy he participates in national and international cyber competitions with the AF Academy’s Cyber Competition Team. Twitter: @0sm0s1z Facebook: mtoussain http://code.google.com/p/subterfuge/

Christopher Shields

Christopher Shields, Lieutenant in the United States Air Force, was the first-ever Cyber Commander pioneering the United States Air Force Academy's intensive summer curriculum. As an integral four-year member of the Academy's internationally-recognized Cyber Warfare CompetitionTeam, he drove their 2012 Cyber Defense Exercise win, hosted by the NSA, and their second place finish at the 2012 National Collegiate Cyber Defense Competition. A Cyberspace Operations Officer, Lieutenant Shields holds a Computer Science-Cyber Warfare degree. His growing experience and interest includes network penetration testing, network mapping and enumeration, intrusion detection, exploitation and persistence, and security research.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats