Network Security (2012-2013)

On Tuesday 4th and Thursday 6th December 2012 there were some practical lessons about network security and a final contest among students. In this page you can find useful information about those activities and what you need to know to pass a possible exercise for the final exam.

These practical lessons were mainly addressed to Computer Engineers and Scientists and aimed at providing the basic skills to understand and use some techniques to exploit vulnerable machines and steal confidential information. Clearly, the goal is not to encourage malicious attacks to other people, but simply to observe how a system can easily be broken if effective countermeasures are not applied.

Below are the main topics we discussed in class. To facilitate the study (especially for absent students), each subject is linked to the resource where you can refer and study.

What’s VirtualBox and how it works
System options of Virtual Machines: several types of network configurations
Collision domain and difference between hub and switch
Wireshark and Sniffing
Local Networks and CIDR Notation (one of my documents [it]: link)
Scanning and Nmap: host discovery and port scanning
Telnet, Netcat and vulnerable services to exploit (it)
Vulnerabilities and OpenVAS
Pentest and Metasploit Framework: what are exploits, payloads and other options
Password cracking and John the Ripper
– Vulnerable configurations: xhost and xtv

Furthermore, for each command, I’d advise you to carefully read manual pages:

man <command_name>


– BackTrack5r3
– Alice (Ubuntu)
– Bob (Debian)
– Windows XP SP2

If you need virtual machines used in class, please send me a mail to take an appointment. Bring with you a pendrive of size at least 8 GB.