INTERNET RETI SICUREZZA - Tesi - Progetti Disponibili
Tempo: 400 Ore

Metasploit+Beef: Integrazione di software di pen test / sicurezza per l'analisi delle vulnerabilitÓ di un sistema informatico.
Studente:    
evasion/obfuscation antivirus tool
Tools & Techniques Used to Evade Antivirus Software

Malcolm: powerful, easily deployable network traffic analysis tool
https://github.com/idaholab/Malcolm#table-of-contents
Studente:    Massimiliano Paoli Martorelli (mass.paolimartorelli@studenti.unicam.it) laurea ad Aprile 2021
BSF - Botnet Simulation Framework: BSF provides a discrete simulation environment to implement and extend peer-to-peer botnets, tweak their settings and allow defenders to evaluate monitoring and countermeasures.
https://github.com/tklab-tud/BSF
Studente:    

Build a Wi-Fi Drone Disabler with Raspberry Pi
Build a Pi-powered drone disabler to understand the security risks of wireless communications
https://makezine.com/projects/build-wi-fi-drone-disabler-with-raspberry-pi/

Metodi di localizzazione cellulare e raccolta informazioni
metodologie di Localizzazione e Raccolta Informazioni
https://www.hackerwebsecurity.com/come-localizzare-segretamente-un-cellulare-tramite-numero/?fbclid=IwAR1CNJhCOPdKh1E2u2fosrf1jvw6VPYrRdIQ_eRpyWlgBJRgOrbl7_gPYnc

Wave-Share - Serverless, Peer-To-Peer, Local File Sharing Through Sound
The WebRTC technology allows two browsers running on different devices to connect with each other and exchange data.
https://www.kitploit.com/2020/10/wave-share-serverless-peer-to-peer.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+PentestTools+%28PenTest+Tools%29

Scraping tools
Lo Scraping, o pi¨ nel dettaglio il Web Scraping, Ŕ un termine inglese che identifica l’estrapolazione di dati attraverso tecniche o sistemi software.
http://www.scrapebox.com
https://www.octoparse.com
https://phantombuster.com

Sifter 10.6m
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
https://github.com/s1l3nt78/sifter

Democrazia Partecipata Open-Democracy - openDemocracy is an independent global media platform covering world affairs, ideas and culture which seeks to challenge power and encourage democratic debate across the world.
Strumenti Tools Applicazioni
https://www.facebook.com/MatteoFloraOfficial/videos/1218433741889947/
https://decidiamo.it/
https://it.wikipedia.org/wiki/Democrazia_deliberativa
Francesco Mazzaferri (laurea giugno 2021)

Sniffer for Windows: Intercepter-NG
Intercepter-NG is a program for performing man-in-the-middle attacks.
https://github.com/intercepter-ng/intercepter-ng.github.io


Information Gathering
information Gathering Ŕ la raccolta di informazioni utili ad un attacco. E' dunque la prima ed anche una delle fasi pi¨ importanti di un penetration test (o di un attacco informatico  
Project iKy v2.7.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface

https://github.com/mxrch/GHunt
Alice Girolamini (stage - tesi gennaio 2022)

Phishing tool
Tool der creare campagne di phishing
Gophish https://github.com/gophish/gophish/releases/
Phishinsight https://phishinsight.trendmicro.com/en/

Deepfake:
con i software DeepFaceLab e FaceSwap, oggi puoi fare di tutto.
Il fenomeno del #deepfake, basato sull'intelligenza artificiale (#IA) sembra destinato a corrompere, ingannare e minacciare la societÓ di oggi in modo terribile in pi¨ settori.
Download software DeepFaceLab
https://awesomeopensource.com/project/iperov/DeepFaceLab
Download software FaceSwap
https://faceswap.dev/download/
Open Source Network Security Monitoring Tool
Il monitoraggio e la manutenzione della rete aziendale Ŕ uno dei compiti pi¨ importanti dell’amministratore di sistema. Tenere d’occhio i device e i terminali connessi Ŕ infatti essenziale non solo per assicurare che le performance restino invariate, ma anche per assicurare un buon grado di sicurezza.
https://zeek.org/ - https://github.com/cacti/ - https://solutionsreview.com/network-monitoring/the-top-17-free-and-open-source-network-monitoring-tools/

Network Access Control
PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution.
https://www.packetfence.org/

Penetration Testing Tool
Tool per PT sia in ambiente Windows che Linux; Interfaccia CLI e GUI; Open Source e Commercial
L'argomento tratta l'analisi e lo studio di tool presenti in rete tra i due sistemi operativi Linux e Windows verificandone la compatibilitÓ, le dipendenze da installare , distinguendo i commercial dai software open-source con i relativi costi associati.

Estensioni per Chrome per le ricerche OSINT
Top10 strumenti di intelligence open source (Osint).
https://www.redhotcyber.com/post/top10-strumenti-di-intelligence-open-source-osint

AutoPentest-DRL - Automated Penetration Testing Using Deep Reinforcement Learning
AutoPentest-DRL is an automated penetration testing framework based on Deep Reinforcement Learning (DRL) techniques. The framework determines the most appropriate attack path for a given network, and can be used to execute a simulated attack on that network via penetration testing tools, such as Metasploit.
https://github.com/crond-jaist/AutoPentest-DRL

Bypass Antivirus Software by Obfuscating Your Payloads
Tecniche AVE, tools, analisi del codice

Autenticazione a 2 fattori
infrastruttura FreeIPA per identitÓ centralizzata - FreeIPA Ŕ una soluzione per l'identitÓ e l'autenticazione integrata per ambienti di rete Linux/UNIX.
https://www.freeipa.org/page/Main_Page

Ransomware: Sviluppo e test.
Si intende sviluppare un ransomware in python e testarlo all'interno di una macchina virtuale, con relativo pagamento mediante bitcoin.
Flavio Pocari (laurea Ottobre 2021)

Cloud Computing Exploitation Framework
exploitation framework designed for red team testing and blue team analysis
https://securityonline.info/scour-aws-exploitation-framework/
https://rhinosecuritylabs.com/aws/pacu-open-source-aws-exploitation-framework/
https://www.researchgate.net/publication/261075000_VULCAN_Vulnerability_Assessment_Framework_for_Cloud_Computing
Davide Parente (Laurea Ottobre 2021)

QUIC, a multiplexed transport over UDP - The Chromium Projects
QUIC is a new multiplexed transport built on top of UDP.  HTTP/3 is designed to take advantage of QUIC's features, including lack of Head-Of-Line blocking between streams.
How Google’s QUIC Protocol Impacts Network Security and Reporting
https://www.chromium.org/quic
https://www.fastvue.co/fastvue/blog/googles-quic-protocols-security-and-reporting-implications/

Tor, dal backend al frontend.
Sviluppo di un’applicazione Android che fa uso della rete Onion per lo scambio di dati con un HiddenService hostato con Tor.
Dalla compilazione della libreria tor con Android NDK da usare per l’applicazione Android Java, passando per il tunnelling creato da Tor e dal sistema di routing della rete Onion fino ad attraversare la porta virtuale dell’HiddenService per raggiungere il backend.
Samuele Plescia (Laurea Ottobre 2021)

Open-source vulnerability assessment and pentesting management platform
Reconmap is an open-source collaboration platform for InfoSec professionals that allows them to plan, execute and document all phases of penetration test projects for multiple targets and clients.
https://reconmap.org/

Attacco DDOS
ufonet
https://github.com/epsylon/ufonet
Nico Agostinelli (Laurea Ottobre 2021 ???)