ALoR HomePage
My Talks
| Title |
Man In The Middle Attacks Demos |
||
| Date |
30 Jul 2003 |
Language |
 English |
| Location |
BlackHat USA 2003 - Las Vegas - USA |
||
| Authors |
Alberto Ornaghi -
Marco Valleri |
||
| Description |
Many powerfull tools have focused the attention on MITM
attacks that are no longer considered as only theoretical. The presentation
will show what an attacker can do once "in the middle" and how he can use
"the middle" to manipulate traffic, inject malicious code, and break widley
used cypher and VPN suites Each attack will be discussed and many demos will
be presented to show their impact on a real scenario. The second part of the
presentation will discuss how to intercept traffic in a LAN, some
countermeasures to prevent it, and how to avoid some of these
countermeasures. |
||
| Title |
Man In The Middle Attacks |
||
| Date |
15 May 2003 |
Language |
English |
| Location |
BlackHat Europe 2003 - Amsterdam - Nederland |
||
| Authors |
Alberto Ornaghi -
Marco Valleri |
||
| Description |
Many powerfull tools have focused the attention on MITM attacks that are no
longer considered as only theoretical. Starting from a basic knowledge of
standard network protocols, this presentation will lead the audience through
many of the tricks used by hackers to intercept and manipulate network
connections in a LAN or in a remote scenario. Each attack will be discussed
and possible countermeasures will be explained to make our connections safer.
The second part of the presentation will show what an attacker can do once
"in the middle" and how he can use "the middle" to manipulate traffic, inject
malicious code, and break widley used cypher and VPN suites (if they aren't
used in a conscious way). |
||
| Title |
How to write Shellcodes (intermediate) |
||
| Date |
09 May 2003 |
Language |
 Italian |
| Location |
Webbit 03 - Padova - Italy |
||
| Authors |
Alberto Ornaghi -
Lorenzo Cavallaro |
||
| Description |
This paper suggests new methods of writing shellcodes. It
presents some IDS evasion, some suggestion to write smaller shellcode,
return in libc and some funny shellcodes. |
||
| Title |
How to write Shellcodes (base) |
||
| Date |
09 May 2003 |
Language |
Italian |
| Location |
Webbit 03 - Padova - Italy |
||
| Authors |
Alberto Ornaghi -
Lorenzo Cavallaro |
||
| Description |
A paper that describes how to start to write shellcodes. The
presentation drives the reader to the creation of a simple shellcode. The
shellcode is derived from a C source file through the disassemblation of the
executable. |
||
| Title |
Man In The Middle Attacks |
||
| Date |
18 Feb 2003 |
Language |
English |
| Location |
EMEA Cisco Security VT - Amsterdam - Nederland |
||
| Authors |
Alberto Ornaghi -
Marco Valleri |
||
| Description |
This technical document presents and comments man in the
middle attack techniques applied in local and remote network scenarios. The
discussed attack types include: ARP poisoning, DNS spoofing, DHCP spoofing,
ICMP redirection, route mangling and traffic tunneling. |
||
| Title |
Format Bug Vulnerabilities |
||
| Date |
14 Feb 2003 |
Language |
Italian |
| Location |
Infosecurity - Milano - Italy |
||
| Authors |
Alberto Ornaghi -
Lorenzo Cavallaro |
||
| Description |
A brief description on format bugs vulnerabilities,
including examples on how to exploit them |
||
| Title |
Buffer Overflows (stack based) |
||
| Date |
29 Nov 2002 |
Language |
Italian |
| Location |
University of Milan - Department of Computer Science - Milano - Italy |
||
| Authors |
Alberto Ornaghi -
Lorenzo Cavallaro |
||
| Description |
A brief description on how buffer overflows (stack based)
work and how to exploit them. The construction of the shellcode is also
explained. |
||
| Title |
Man In The Middle Attacks (how to obtain, use and prevent them) |
||
| Date |
26 Oct 2002 |
Language |
Italian |
| Location |
SMAU 2002 - Milano - Italy |
||
| Authors |
Alberto Ornaghi -
Marco Valleri |
||
| Description |
This technical document presents and comments man in the
middle attack techniques applied in local and remote network scenarios. The
discussed attack types include: ARP poisoning, DNS spoofing, DHCP spoofing,
ICMP redirection, route mangling and traffic tunneling. |
||
| Title |
Man In The Middle Attacks |
||
| Date |
04 Jul 2002 |
Language |
Italian |
| Location |
Webbit 02 - Padova - Italy |
||
| Authors |
Alberto Ornaghi -
Marco Valleri |
||
| Description |
120 slides illustrating various types of man in the middle
attacks at various level. The discussed attack types include: ARP poisoning,
DNS spoofing, DHCP spoofing, ICMP redirection, route mangling and traffic
tunneling. |
||
| Title |
Open Source Development Model |
||
| Date |
28 May 2002 |
Language |
Italian |
| Location |
University of Milan - Department of Computer Science - Milano - Italy |
||
| Authors |
Alberto Ornaghi |
||
| Description |
An overview of the open source
software development model with some examples and tool |
||
| Title |
IGMP v3 |
||
| Date |
20 Feb 2002 |
Language |
English |
| Location |
University of Milan - Department of Computer Science - Milano - Italy |
||
| Authors |
Alberto Ornaghi |
||
| Description |
A short description of the IGMP v3 protocol summing up the
informations of the draft-ietf-idmr-igmp-v3-08.txt |
||
Email: alor (at) antifork <dot> org alor (at) users <dot> sf <dot> net
This is my amazon whishlist
GnuPG Key fingerprint = 6B41 2C66 0067 A85D 43CB 4E3E 041A 5874 7D0D 619C