Student Projects (2024-2025)
Reports and/or videos might contain some technical inaccuracies. Videos last between 10-15 minutes. Listing order is random.
I think all these works are quite interesting. Order in this page is more or less random.
Misc
Implementation of a realistic phishing infrastructure: Evilginx2 MITM phishing framework, hosted on an Amazon EC2 instance. Lookalike domain name security-git.it registered via Register.it. Report Video
Ransomware through spearphishing. Word document containing a malicious VBA script sent through a spearphishing attachment. Malicious script exfiltrates data and then encrypts it. Report Video
Memory corruption: ROP-Based ret2libc. Exploitation of a memory corruption vulnerability (ASLR disabled, stack canary disabled) Report Video
EvilTwin for WiFi networks implemented with an ESP32 microcontroller. Report Video
Command injection vulnerability in a Discord Bot (the vulnerability was in Python code written in the past by ChatGPT). Report Video
Exploitation of a vulnerability in ElasticSearch. Report Video
Basic activities on Metasploitable3 Report Video
Windows
Many techniques and tools for attacking Active Directory: AS-REP Roasting (impacket, John the Ripper), Discovery (rpcclient, smbclient, BloodHound), Lateral movement with pass-the-hash (CrackMapExec), reverse shell created with msfvenom Report Video
AS-REP Roasting and Kerberoasting. Report Video
Lateral movement and (attempt of) defense evasion in a Windows environment, with user credentials Report Video
Vulnhub
Vulnhub is a web site with a large collection of virtual machines designed for exercising attacks. Many detailed writeups are available (see also this page).
Attacks tend to follow a common pattern: initial access with password guessing (less often with vulnerability exploitation) followed by privilege escalation with some "Linux trick" (or with vulnerability exploitation). Usage of reverse shells and/or web shells is relatively common.