ITBH Italian Black Hats


	List of papers (all papers are currently available in Italian only)


Title:	Social Engineering, una guida introduttiva
Author:	Pila
Date:	30-09-2002
Abstract:	This paper is aimed at two main purposes: 1- Showing the real possibilities of social engineering in order to stimulate the public to take into account the necessity of adopting countermeasures against this kind of information leaking. 2- Giving a tutorial to be used by penetration testers to perform the most accurate and varied check possible.

Title:	Man in the middle attacks (how to obtain, use and prevent them) - slides in PDF format
Author:	Alor, Naga
Date:	12-09-2002
Abstract:	This technical document presents and comments man in the middle attack techniques applied in local and remote network scenarios. The discussed attack types include: ARP poisoning, DNS spoofing, DHCP spoofing, ICMP redirection, route mangling and traffic tunneling.

Title:	X.25 Networks: Network structure, attack and intrusion detection techniques
Author:	Nobody, Raptor
Date:	02-09-2002
Abstract:	X.25 networks, often erroneously considered as "retiring networks", are being more and more subject to high level attacks aimed at banks, multinational companies, TelCo, civilian aeronautic networks and government and military systems. This document analyzes their history and gives an overview focused on Italy. It then explains the main differences between hacking on TCP/IP and X.25 protocols, studying the various attack, investigation, and reaction techniques, ending with a list of additional rules to the base security policies. The paper is divided into Theory and Practice. In Theory, an overview is given on packet switching networks, then the X.25 protocol - as defined by ITU - is analyzed in detail. Finally, the different access modes are presented. The Practice section offers an overview on different types of outgoing calls from various operating systems and different NUA scanning, attack and trace hiding methods.