Student Projects (2023-2024)

Reports and/or videos might contain some technical inaccuracies. Videos last between 10-15 minutes. Listing order is random.

I think all these works are quite interesting.

Windows

NTLM Relay:

• Attacker becomes MiTM with DNS spoofing; authenticates to selected victim with NTLM relay; executes a reverse shell on the victim and interacts with the shell through proxychain. Tools: responder, ettercap, msfvenom, ntlmrelayx and others. Report.
• Attacker becomes MiTM in two different ways: LLMNR spoofing and fake DHCP responses; authenticates to selected victim with NTLM relay; show the effectiveness of LDAP signing. Tools: responder, ettercap, ntlmrelayx and others. Report. Video.

Active Directory "realistic" attack:

• AS-REP roasting, reverse shell on machine of domain admin, stealing of alternate authentication material with meterpreter (Kiwi). Tools: ldapsearch, impacket, john, msfvenom and others. Report. Video.
• AS-REP roasting. AS-REQ sniffing as MiTM (ARP poisoning) and cracking. Tools: impacket, ettercap, hashcat. Report. Video.

Misc

Log4j exploitation (Java deserialization) on Minecraft server. The vulnerability impact is no-auth RCE. Report.

Exploit injection in home router for modifying DNS configuration. Report. Video.

WiFi attack: disconnecting a target and impersonating a malicious access point with the same name as the "real" network (evil twin). Tool: Wifiphisher. Report. Video.

Automatic Phishing Campaign Targeting UNITS Students. Mail server responsible for a domain whose name contains Unicode characters that are hardly distinguishable from the "legitimate ones". Tools: postfix, dovecot. Report. Video.

Pastejacking: you copy and paste what you believe is a code snippet while in fact it is an entirely different snippet (that spawns a reverse shell on your machine). Persistence and keylogging. Tools: powershell, netcat, schtasks, wscript. Report. Video.

Reverse shell and Denial of service with persistence on an Ubuntu virtual machine. Report.

Keylogger installed by spearphishing and data extraction by SMB. Report.

DNS spoofing for web site impersonation (ettercap, ARP poisoning). Report.

Threat intelligence

Python scripts for extracting MITRE ATT&CK techniques from web pages and for building navigator layers. Github repository.

Vulnhub

Vulnhub is a web site with a large collection of virtual machines designed for exercising attacks. Many detailed writeups are available (see also this page).

Attacks tend to follow a common pattern: initial access with password guessing (less often with vulnerability exploitation) followed by privilege escalation with some "Linux trick" (or with vulnerability exploitation). Usage of reverse shells and/or web shells is relatively common.

• Napping. Report.
• Super Mario Challenge. Report. Video.
• LAMPSECURITY: CTF7. Report.
• LAMPSECURITY: CTF4. Report.
• CENGBOX:2. Report. Video.
• Inferno. Report. Video.
• Bellatrix. Report. Video.
• Credit Card Scammers:1. Report. Video.
• Bob:1.0.1. Report.
• Hackademic-RTB1 Report.
• Mr. Robot Report

Metasploitable

Attacks to metasploitable3:

• Tool: metasploit, mimikatz (kiwi). Report.
• Persistence with web shell. Report. Video.

Attacks to metasploitable2 Ubuntu. Report.

Web

OWASP Juice Shop challenges:

• Report. Video.
• Report.
• Report.
• Report.

Stored XSS on OWASP WebGoat (Note: XSS vulnerabilities are not discussed in this course). Report. Video.

Brute force and SQL injection against OWASP DVWA. Report.