https://community.isc2.org/t5/CISSP-Study-Group/Man-in-the-Middle-and-TLS/m-p/63734#M970 <P>It's still a "man-in-the-middle" attack, because none of the other answers fit.&nbsp;&nbsp;<EM>How</EM> it happens all depends on the talents of the attacker.</P><P>&nbsp;</P><P><A href="https://docs.broadcom.com/doc/responsibly-intercepting-tls-and-the-impact-of-tls-1.3.en" target="_blank" rel="noopener">This Broadcom guide</A> offers a brief suggestion on how such an attack could occur, for reference.</P> Thu, 19 Oct 2023 13:08:27 GMT ericgeater 2023-10-19T13:08:27Z https://community.isc2.org/t5/CISSP-Study-Group/Man-in-the-Middle-and-TLS/m-p/63730#M969 <P>Hi All,</P><P>&nbsp;</P><P>As per official guide correct answer for below question is C: "Man&nbsp; in the middle". Can anyone explain how attcker will be to read TLS encrypted communication in this case?</P><P>&nbsp;</P><P><STRONG>Question : The following figure shows an example of an attack where Mal, the attacker, has redirected</STRONG><BR /><STRONG>traffic from a user’s system to their own, allowing them to read TLS encrypted traffic. Which</STRONG><BR /><STRONG>of the following terms best describes this attack?</STRONG></P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Sundas_0-1697709048148.png" style="width: 400px;"><img src="https://community.isc2.org/t5/image/serverpage/image-id/7846i8066457723AB90ED/image-size/medium?v=v2&amp;px=400" role="button" title="Sundas_0-1697709048148.png" alt="Sundas_0-1697709048148.png" /></span></P><P>A. A DNS hijacking attack<BR />B. An ARP spoofing attack<BR />C. A man-in-the-middle attack<BR />D. A SQL injection attack</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 19 Oct 2023 09:53:04 GMT https://community.isc2.org/t5/CISSP-Study-Group/Man-in-the-Middle-and-TLS/m-p/63730#M969 Sundas 2023-10-19T09:53:04Z https://community.isc2.org/t5/CISSP-Study-Group/Man-in-the-Middle-and-TLS/m-p/63734#M970 <P>It's still a "man-in-the-middle" attack, because none of the other answers fit.&nbsp;&nbsp;<EM>How</EM> it happens all depends on the talents of the attacker.</P><P>&nbsp;</P><P><A href="https://docs.broadcom.com/doc/responsibly-intercepting-tls-and-the-impact-of-tls-1.3.en" target="_blank" rel="noopener">This Broadcom guide</A> offers a brief suggestion on how such an attack could occur, for reference.</P> Thu, 19 Oct 2023 13:08:27 GMT https://community.isc2.org/t5/CISSP-Study-Group/Man-in-the-Middle-and-TLS/m-p/63734#M970 ericgeater 2023-10-19T13:08:27Z https://community.isc2.org/t5/CISSP-Study-Group/Man-in-the-Middle-and-TLS/m-p/63737#M971 <BLOCKQUOTE><HR /><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/62028885">@Sundas</a>&nbsp;wrote:<BR /><P>Can anyone explain how attacker will be to read TLS encrypted communication in this case?</P><HR /></BLOCKQUOTE><P><BR />MITM/AITM (Adversary in the middle) is a necessary, but not sufficient step. More components are necessary:</P><P>&nbsp;</P><OL><LI>The AITM could keep a copy of the encrypted communications until technology has evolved to break it.</LI><LI>The AITM could steal the right-side TLS private-key and use it to act as a server on the left side, proxying the communications as a client on the right side.</LI><LI>&nbsp;The MITM inserts their own CA into the left-hand side so they can issue certificates and proxy as above.</LI></OL><P>When done by (questionably) good actors, such as the corporate firewall, this is called "SSL Inspection", which is a good term to Google for a deeper explanation.</P><P>&nbsp;</P><P><SPAN>Many technologies (pinning, stapling, CAA) are being developed to address this risk, with varying success.</SPAN></P><P>&nbsp;</P> Thu, 19 Oct 2023 13:40:42 GMT https://community.isc2.org/t5/CISSP-Study-Group/Man-in-the-Middle-and-TLS/m-p/63737#M971 denbesten 2023-10-19T13:40:42Z