But, here’s your password. Reset it, maybe? Everyone thinks they know about the Man in the Middle. Most places think as long as they have SSL, they’re immune. Attackers know better. But, if the truth is told, even experienced pentesters can look at a MitM foothold and think “Well, now what?” We’ll demonstrate implications of Man in the Middle vulnerability that go beyond the 101. We’ll turn layer 2 weaknesses into corporate compromise by taking common network data, elevating access, gathering credentials, and compromising hosts– and we’ll do it all without raising serious alarms. We’ll show how to do this with custom scripts and filters using injection, iptables, proxying, and SSL middling using BeEF, Ettercap filters, Cain and Able, Metasploit, and more in practical exploitation. This is a demonstration in the true spirit of breaking in quietly and without gimmicks, but with little talked about tactics and more advanced techniques.