Available online at www.sciencedirect.

com
Available online at www.sciencedirect.com
Available online at www.sciencedirect.com

ScienceDirect
Procedia Computer Science 00 (2021) 000–000
Procedia
Procedia Computer
Computer Science
Science 00 (2021)
192 (2021) 000–000
2039–2046 www.elsevier.com/locate/procedia
www.elsevier.com/locate/procedia

25th International Conference on Knowledge-Based and Intelligent Information & Engineering

25th International Conference on Knowledge-Based
Systems and Intelligent Information & Engineering
Systems
A
A Method
Method for
for Automatic
Automatic Penetration
Penetration Testing
Testing and
and Mitigation:
Mitigation:
A Red Hat Approach
A Red Hat Approach
Eric Filiolaa, Francesco Mercaldob,c,*, Antonella Santoneb
Eric Filiol , Francesco Mercaldob,c,*, Antonella Santoneb
a ENSIBS, Cyberscurity Dept., Vannes, France & HSE Higher School of Economics, Moscow, Russia
a ENSIBS, Cyberscurity Dept., Vannes, France & HSE Higher School of Economics, Moscow, Russia
b Department of Medicine and Health Sciences “Vincenzo Tiberio”, University of Molise, Campobasso, Italy
b Department of Medicine and Health Sciences “Vincenzo Tiberio”, University of Molise, Campobasso, Italy
c Institute for Informatics and Telematics, National Research Council of Italy (CNR), Pisa, Italy
c Institute for Informatics and Telematics, National Research Council of Italy (CNR), Pisa, Italy

Abstract
Abstract
Recently in the cybersecurity landscape, various figures have spread with different peculiarities. For instance there are the Black
Recently in the
Hat hackers, cybersecurity
aimed landscape,
to perpetrate damage various figures or
on the system have spread with
to silently different
exfiltrate peculiarities.
sensitive For but
information instance
there there are Ethical
also the the Black
or
Hat hackers,
White aimed aimed
Hat hackers, to perpetrate damagethe
to investigate onvulnerabilities
the system or ofto asilently
systemexfiltrate sensitive
under analysis onlyinformation but there
with the owner also In
consent. thethis
Ethical or
context
White Hat hackers, aimed to investigate the vulnerabilities of a system under analysis only with the owner consent.
the Red Hat hackers, defined as vigilantes of the hacker world, are emerging. Their main aim is to independently found and solve In this context
the Red Hat hackers,
vulnerabilities, defined as
by preventing vigilantes ofInthe
cyberattacks. thishacker
paper world, are emerging.
we propose a methodTheir
aimedmain aim is to independently
to automatise found
the vulnerability and solve
discover and
vulnerabilities, by preventing
mitigation process cyberattacks.
typically performed In this
by Red Hatpaper we propose
hackers. We exploita method aimedof
a tool-chain toseveral
automatise the vulnerability
well-known tools anddiscover and
we evaluate
mitigation
the proposedprocess typically
method performed
by exploiting the by Red Hat hackers.
Metaesploitable LinuxWedistro,
exploit a tool-chain
showing of several
that the proposed well-known
method is tools andautomatically
able to we evaluate
the proposed
mitigate method byafflicting
vulnerabilities exploiting
sixthe Metaesploitable
widespread services.Linux
. distro, showing that the proposed method is able to automatically
mitigate vulnerabilities afflicting six widespread services. .
c 2021

© 2021 The
The Authors.
Authors. Published
Published by
by Elsevier
Elsevier B.V.
B.V.
c 2021

This The
is an Authors.
open accessPublished by Elsevier
article under B.V.
the CC BY-NC-ND
BY-NC-ND license
license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
(https://creativecommons.org/licenses/by-nc-nd/4.0)
This is an open access
Peer-review under
Peer-review article under
underresponsibility the
responsibilityofofthe CC BY-NC-ND
thescientific license
scientificcommittee
committee ofof(http://creativecommons.org/licenses/by-nc-nd/4.0/)
KES
the KESInternational.
International.
Peer-review under responsibility of the scientific committee of the KES International.
Keywords: Penetration Testing; Mitigation; Ethical Hacking; Red Hat Hacking; Vulnerability Assessment; Security
Keywords: Penetration Testing; Mitigation; Ethical Hacking; Red Hat Hacking; Vulnerability Assessment; Security

1. Introduction and Related Work

1. Introduction and Related Work
With the term penetration testing we refer to the operational process of analyzing or evaluating the security of a
With the
computer term or
system penetration testing we refer to the operational process of analyzing or evaluating the security of a
network [2].
computer system or network [2].
Conducted over several phases, many of them manually performed by security analysts from the point of view
of Conducted
a potential over several
attacker phases, simulating
by exactly many of them manually
the cyber performed
attack by security
of an attacker, analysts
it consists in from the point ofofview
the exploitation the
of a potential attacker by exactly simulating the cyber attack of an attacker, it consists in the exploitation
vulnerabilities detected by helping to determine if the system defenses are sufficient [4] or if other vulnerabilities of the
are
vulnerabilities
present [35, 23,detected byin
6], listing helping to determine
this case which onesif defended
the systemthedefenses are sufficient
test defeated. [4] or if other
The penetration vulnerabilities
testing is also aimedare
to
present [35, 23, 6], listing in this case which ones defended the test defeated. The penetration testing is also aimed to

E-mail address: eric.filiol@univ-ubs.fr, francesco.mercaldo@unimol.it, antonella.santone@unimol.it

E-mail address: eric.filiol@univ-ubs.fr, francesco.mercaldo@unimol.it, antonella.santone@unimol.it

1877-0509  c 2021 The Authors. Published by Elsevier B.V.

1877-0509
This c 2021

is an open The Authors.
access Published by Elsevier B.V.
1877-0509
This is an © 2021
open Thearticle
access article
under
Authors.
under
the CC BY-NC-ND
Published
the scientific
CC BY-NC-ND
license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
by Elsevier B.V.
license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Peer-review
This under
is an open responsibility
access of the
article under committee
the CC BY-NC-ND oflicense
the KES(https://creativecommons.org/licenses/by-nc-nd/4.0)
International.
Peer-review under responsibility of the scientific committee of the KES International.
Peer-review under responsibility of the scientific committee of KES International.
10.1016/j.procs.2021.08.210
2040 Eric Filiol et al. / Procedia Computer Science 192 (2021) 2039–2046
2 Author name / Procedia Computer Science 00 (2021) 000–000

highlight the weaknesses of the analysed environment by providing as much information on the vulnerabilities that
have allowed unauthorized access [3, 13, 25, 24], providing a clear estimate on the defense capabilities and the level
of penetration achieved towards.
The idea of a penetration testing is to find internal system vulnerabilities, vulnerabilities external to the system but
also the physical security evaluation. All security problems detected are then presented to the customer together with
an assessment of their impact on the system and in the corporate business scenario, also providing a technical solution
about vulnerabilities mitigation.
Perhaps the foremost computer penetration expert during these early years was James P. Anderson, who worked
for NSA, RAND, and other government agencies to study computer system security [15]. In early 1971, the U.S.
Air Force hires Anderson’s private company to study the security of its time-sharing system at the Pentagon [5]. In
his study, Anderson outlined a number of important factors involved in computer penetration. Anderson described a
general attack as a sequence of the following steps:

1. Finding an exploitable vulnerability;

2. Design an attack around it;
3. Test the attack;
4. Take over a line in use;
5. Perform the attack;
6. Leverage input for information retrieval.

Over time, the Anderson sequence was considered to security experts who have relied on this steps to evaluate the
security of time-sharing systems [28].
Clearly, this kind of analysis is carried out against a commercial or technical agreement. Whoever carries out this
activity is called penetration tester or auditor and recently also as ethical hacker [10], since they try to attack the
system with the same logic used by a attacker. A group of penetration testers is also know as tiger team [19]. Since
a few years, this activity is now better known as Red Teaming [9, 7]. Since security assessment has now become a
mandatory part in the context of IT management system as described in ISO 27001 [14], security risk assessment as
defined in ISO 27005 [14] must include an active approach in security risk evaluation. In more and more cases, red
teaming activity is the unique solution to assess and identify risks precisely. While pen-testing generally use known
tools and most of the time check for already identified weaknesses, flaws or vulnerabilities, red teaming activity can
and must include a proactive activity to find new path of attacks or techniques. For instance, in cloud computing only
this approach is likely to identify covert channel in subnet traffic enabling data leaking from one tenant to another
one. Another case is regular password cracking that enable to detect users’ weak passwords and thus password policy
violation.
In last years, several tools were proposed to help the penetration tested to find and successfully exploits vulnerabil-
ities. Typically, each of these tools are focused on a specific task. For instance, the Netsparker Security Scanner tool
[17] is aimed to web application penetration testing. This software is able to detect vulnerabilities as, from instance,
cross-site scripting and SQL injection.
Another widespread tool is Wireshark [27], focused on the network analysis. The idea behind this software is to
capture and interpret raw network packets, by providing both offline analysis and live-capture options.
One of the most widespread penetration testing framework is Metasploit [18], allowing a network administrator to
break in and identify suspicious weak points. It provides modules for manual brute-forcing, payloads to evade leading
solutions, spear phishing, and awareness, an app for testing OWASP vulnerabilities. Moreover it integrates testing
data for over 1,500 exploits.
The Aircrack NG tool [21] is focused on cracking flaws within wireless connections by capturing data packets. It
also support WEP dictionary attacks. The suite is capable of using a password dictionary and statistical techniques to
break into WEP. It is designed for testing wifi devices as well as driver capabilities.
Acutenix [31] is an automated testing tool to complete a penetration test. The tool is capable of auditing manage-
ment reports and issues with compliance. The software can handle a range of network vulnerabilities. The tool covers
over 4500 weaknesses, including SQL injection as well as XSS.
 Eric Filiol et al. / Procedia Computer Science 192 (2021) 2039–2046 2041
Author name / Procedia Computer Science 00 (2021) 000–000 3

The Burp Suite Pen Tester [36] free version provides the necessary and essential tools needed for scanning activi-
ties. Capable of automatically crawling web-based applications.
The Ettercap suite [26] is designed to prevent man in the middle attacks. Using this application, it result possible to
build packets and perform specific tasks. The software can send invalid frames.and it is ideal for deep packet sniffing
as well as monitoring and testing LAN.
The Nessus tool [29] is considered as one of the most powerful testing tools on the market with more than 100,000
plugins. IT is considered for scanning IP addresses, websites and completing sensitive data searches. The tool is
straightforward to use and offers accurate scanning and at the click of a button, providing an overview of your net-
work’s vulnerabilities. The pen test application scans for open ports, weak passwords, and misconfiguration errors.
The Kali Linux distro [1] represents an advanced penetration testing software. Kali uses a live image loaded into
the RAM to test the security skills of ethical hackers with more than 600 ethical hacking tools. Various security tools
for vulnerability analysis, web applications, information gathering, wireless attacks, reverse engineering, password
cracking, forensic tools, web applications, spoofing, sniffing, exploitation tools, and hardware hacking are available.
Nmap [22] is free software distributed under the GNU GPL license created to perform port scanning, i.e. aimed at
identifying open ports on a target computer or even on ranges of IP addresses, in order to determine which network
services are available. It is also part of the Kali Linux distro. System administrators can use it to check for possible
unauthorized server applications, but also attackers can use it to analyze their targets: it is able to hypothesize which
operating system is used by the target computer, a technique known as fingerprinting.
Wapiti [33] is an application security tool that allows black box testing. Black box testing checks web applications
for potential liabilities. During the black box testing process, web pages are scanned, and the testing data is injected to
check for any lapses in security. Wapiti identifies vulnerabilities in file disclosure, XSS Injection, Database injection,
XXE injection, Command Execution detection, and easily bypassed compromised .htaccess configurations.
The Cain & Abel tool [32] is focused in network keys and passwords through penetration. The tool makes use of
network sniffing to find susceptibilities. It can recover passwords using network sniffers, cryptanalysis attacks, and
brute force.
As shown, the penetration test processes can be carried out by different tools and several tasks are manually per-
formed by the penetration testers, considering that these tools do not offer automatic mitigation. Clearly, the difference
lies in the quantity and quality of information available to analysts about the systems analyzed. Black Box testing does
not require prior knowledge of the infrastructure being analyzed, and examiners need to determine system architecture
and services before starting the analysis.
On the other hand, White Box tests provide detailed knowledge of the infrastructure to be examined, often including
network diagrams, application source code and lists of IP addresses present in the network. There are also variants to
these definable Gray Box methodologies.
There are several actors that can be involved in the attacks of a system and, typically, they are all generically
defined as hackers. Basically an hacker is a person who uses their computer skills to explore the ins and outs of
programmable systems and experiments with how to extend their use. The intentions of hacker can be malicious or
legitimate depending on the hat he/she wears.
As a matter of fact, a black hat hacker is someone who maliciously searches for and exploits vulnerabilities in
computer systems or networks, often using malware and other hacking techniques to do harm [20]. These stereotypical
hackers often break laws as part of their hacking exploits, infiltrating victims’ networks for monetary gain, to steal or
destroy data, to disrupt systems, to conduct cyberespionage or just to have fun.
On the other end of the spectrum, a white hat hacker is a security specialist hired to find vulnerabilities in software,
hardware and networks that black hats may find and target [34]. Unlike black hats, white hats only hack networks when
legally permitted to do so. Also known as ethical hackers, white hats disclose all vulnerabilities to their employer.
White hats will also disclose the vulnerability to the vendor whose hardware or software is affected so it may patch
other customers’ systems. White hat hacking techniques include penetration testing and vulnerability assessments.
Because things are never black and white, enter the grey hat hacker. A fusion of black and white, grey hats exploit
security vulnerabilities without malicious intent, like white hats, but may use illegal methods to find flaws. They
may even release the vulnerabilities to the public or sell details about them for a profit like a black hat would. Grey
hat hackers also often hack without the target’s permission or knowledge. The grey hat description is also used to
2042 Eric Filiol et al. / Procedia Computer Science 192 (2021) 2039–2046
4 Author name / Procedia Computer Science 00 (2021) 000–000

categorize hackers who may, at one stage in life, have broken the law in their hacking activities but have since made
the move to become a more ethical, white hat hacker [16].
A red hat hacker could refer to someone who targets Linux systems. However, red hats have been characterized as
vigilantes [8]. Like white hats, red hats seek to disarm black hats, but the two groups’ methodologies are significantly
different. Rather than hand a black hat over to the authorities, red hats will launch aggressive attacks against them to
bring them down, often destroying the black hat’s computer and resources [37].
Starting from these considerations, in this paper we propose a method for penetration testing aimed to perform an
automatic mitigation of the discovered vulnerabilities, useful for internal audit. We design a tool-chain composed by
several (well-known) tools aimed to provide a method aimed to automatically report and correct the vulnerabilities
found in a computer network without prior knowledge about the network.
The paper proceeds as follow: in the next section we present the proposed method for the automatic discovering and
mitigation of vulnerabilities, Section 3 presents the evaluation of the proposed tool-chain we performed by exploiting
a virtual machine vulnerable by design, and, finally, conclusion and future research lines are drawn in the last section.

2. The Method

The idea behind the proposed method is to increase the automatic closing of security holes in vulnerable networks.
The typical application of the proposed method is for internal audit. In general, this type of process can be seen
as the union of different phases, which start from the information gathering, and stops with the mitigation of the
vulnerabilities.
Figure 1 shows the workflow composing the proposed method.
The proposed method considers as input an internal domain name of the network to analyse for internal audit
purposes.
Once obtained the internal domain name to analyse, a scan to all the IPs in the class of the network domain is
performed with the aim to retrieve IP addresses alive (i.e., IP addresses symptomatic of the presence of a host). Once
collected the alive IPs it is of interest to understand whether there are active services i.e., software providing the
possibility to listen for data requests from other software or users. For this reason from each IP the list of the services
with the relative access ports are retrieved and, in order to obtain finer grain information also the version and the name
of the software providing the service is gathered. In this way it is possible to match the name of the software and
the relative version with the plethora of repositories containing the list of the vulnerabilities (basically in the form
text fragment specifying the kind of attack with the relative conditions, the so-called CVE, acronym for Common
Vulnerabilities and Exposures) targeting the specific version of the analysed software providing the service. Typically,
for each vulnerability found there is (are) the relative exploit(s) i.e., binary file(s) or code fragment(s) exploiting a bug
or vulnerability with the aim to create unexpected behaviour in software system, but also in hardware. The aim of an
exploit is usually to gain access to a systems, allow the acquisition of administrative privileges, or denial of service
attacks.
Once obtained the list of exploits for each service, each exploit is configured (in fact, the exploits requires several
parameters for instance, the IP of the host to attack but also the host to send back the data i.e., the attacker one) is
run. Whether the exploit is able to successfully have access into the system the mitigation step is invoked, verifying
the kind of access obtained (i.e. root or user access). The aim of the mitigation is to prevent the exploit from being
successfully rerun. For this reason, as a mitigation step, it can be useful to update the software to the last version: this
is a process that can be automatically performed on Debian Linux machine by exploiting the packaging tool provided
by the operating systems. Clearly, once the patch is applied is important to verify whether the exploit is executed again
with success. In case the exploit is not able to obtain the access to the system, the mitigation has effectively secured
the systems. Otherwise, another software update must be tried to find the adequate patch to the exploit.
Figure 2 shows in detail how it works the exploitation process.
In Figure 2 the Attacker Machine represents the red hat hacker, while the Attacked Machine is the potentially
vulnerable machine. Each exploits found in the previous step must be configured: in particular the exploit configuration
requires the IP address and the port number of the attacked machine but also the IP address and the port number
of the attacker machine. In fact, if the exploit is able to obtain root or user privileges, the attacked machine must
communicate backwards to receive commands from the attacker machine.
 Eric Filiol et al. / Procedia Computer Science 192 (2021) 2039–2046 2043
Author name / Procedia Computer Science 00 (2021) 000–000 5

Fig. 1. The proposed approach.

2044 Eric Filiol et al. / Procedia Computer Science 192 (2021) 2039–2046
6 Author name / Procedia Computer Science 00 (2021) 000–000

Fig. 2. The exploitation process.

Clearly this is an iterative process: for each IPs we automatically found the list of available services, from each
service we found the list of available exploits, thus each exploit is tried with the aim to obtain access into the system.
Once an exploit successfully entered into the systems (for instance, with root or user privileges) this access is consid-
ered to update the bugged software directly from within the vulnerable system. Then the exploit is again executed to
verify if the patch does not permit the access into the system. Considering that we design the proposed method as tool
for internal audio, we first test the patch in a test environment coherent with the production environment in order to
avoid disruption. Moreover, a roll back mechanism organized: in this way the computer network administrators can
go back to the configuration before patching at any time.

3. The Experiment

To evaluate the proposed method, the following working environment has been configured: the VirtualBox soft-
ware1 , a x86 and AMD64/Intel64 virtualization tool, the Kali Linux distro2 , a penetration testing Linux distribution
used for vulnerability discovery and network security assessments and, finally Metasploitable3 , an intentionally vul-
nerable Linux virtual machine.
In detail we focus on the automatic exploitation and the mitigation of following six specific widespread services:

• ftp i.e., File Transfer Protocol, a standard network protocol used for the transfer of computer files between a
client and server on a computer network;
• ssh i.e., Secure Shell, a cryptographic network protocol for operating network services securely over an unse-
cured network;
• telnet i.e., an application protocol used on the Internet or local area network providing a bidirectional interactive
text-oriented communication facility using a virtual terminal connection.
• RDP i.e., Remote Desktop Protocol, a proprietary network protocol developed by Microsoft, which allows
remote connection from one computer to another in a graphical way, using the TCP and UDP 3389 port by
default;
• TeamViewer i.e., a widespread software enabling support for remote collaboration ports, typically running on
the 5938 port;

1 https://www.virtualbox.org/
2 https://www.kali.org/
3 https://sourceforge.net/projects/metasploitable/
 Eric Filiol et al. / Procedia Computer Science 192 (2021) 2039–2046 2045
Author name / Procedia Computer Science 00 (2021) 000–000 7

• Printer i.e., the raw printing service enabling the process of making a connection to port 9100/tcp of a network
printer. This feature was originally introduced by HP in the early 90s and currently represents the default method
considered by the Microsoft Windows Printer Driver Architecture4 to communicate with network printers.

We evaluated the proposed method with the services we described, founding that the proposed approach was able
to mitigate the vulnerabilities afflicting these services.
Below, for a better understanding of the proposed approach, we show, as case study, how the proposed tool-chain
works for the discovering and the mitigation of a specific vulnerability, in this specific case afflicting the ftp service.
The proposed method, once obtained as input the domain name (Network Settings step in Figure 1) stars with
the Information Gathering step. In particular we consider the Nmap tool5 , using raw IP packets to detect what hosts
are available on the network, what services (in terms application name and version) those hosts are offering, what
operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of
other characteristics.
For the automatic searching of exploits to attack the service, we proposed method automatically invoke the Metas-
ploit framework6 , an open source tool for developing and executing exploits against a remote machine. By using
Metasploit we are able to search for exploit by using a keyword, for instance as example in this case the keyword is
the name of the software to attack (i.e., vsftpd). Metaesploit in this specific case outputs a list of exploits: in particular
the Metasploit framework integrates an exploit available to exploit the vsftpd 2.3.4 vulnerability. In order to perpetrate
the attack we need to supply a remote host IP (the Metaesploitable IP) and a port (the one used by the service to attack
i.e., 21 in this case as shown from the Nmap report): once set the exploit we can run it to verify whether it successfully
break the system (i.e., Exploit setting and execution step in Figure 1). In this case the exploit is able to successfully
break the system by obtaining the root credentials. In this case the proposed method automatically provide a mitiga-
tion by updating the ftp software to the last version (and by providing also a roll-back mechanism). In particular we
invoke the apt command (i.e., Advanced Packaging Tool), available in Debian-based linux distro to search and update
software packages.
Once updated the ftp software the exploit is run again to verify whether the mitigation was correctly applied (i.e.,
Successfully (Re-)Exploitation? step in Figure 1). If also the new version of the software is vulnerable to the exploit,
other version of the software are tried. If all the version available in the distro repository are vulnerable, in the report all
the software vulnerable to the exploit will be listed: in this way the computer network administrator can be consider to
use, for instance, a non vulnerable ftp software. Also if the service is resulting without vulnerabilities after the software
update, in the report will compare the name of the service and the relative version, the old version, the exploit applied
and the new version result not afflicted by the exploit: the service will be marked as mitigated and no further actions
are required by the computer network administrator. In this case the re-execution of the exploit is not able to obtain
again the root privileges.

4. Conclusion and Future Work

Considering the increasing relevance of the penetration testing as a technique for vulnerabilities discovery in com-
puter network, there is the need for tools aimed to automatise this process in order to detect but also to mitigate
vulnerabilities. In this paper we proposed an approach, based on a tool-chain designed by authors, aimed to auto-
matically mitigate vulnerabilities. The proposed approach relies on well-known tools (i.e., Metasploit framework and
Nmap) to discover and mitigate vulnerabilities in a local area network coherently with the red hat approach, for in-
ternal audit purposes. In the experiment we focus on six widespread services, typically considered by attackers for
perpetrate damages: ftp, ssh, telnet, rdp, TeamViewer and Printer. As future work, we plan to extend the proposed
method to more services. Moreover we will consider also the automatic discovery and the mitigation of vulnerabil-
ities afflicting the mobile operating systems, for instance, Android (the most targeted by mobile attackers). We also
plan to apply Formal Methods to improve the results [11, 12, 30]

4 https://docs.microsoft.com/it-it/windows-hardware/drivers/print/printer-driver-architecture
5 https://nmap.org/
6 https://www.metasploit.com/
2046 Eric Filiol et al. / Procedia Computer Science 192 (2021) 2039–2046
8 Author name / Procedia Computer Science 00 (2021) 000–000

References

[1] Allen, L., Heriyanto, T., Ali, S.: Kali Linux–Assuring security by penetration testing. Packt Publishing Ltd (2014)
[2] Arkin, B., Stender, S., McGraw, G.: Software penetration testing. IEEE Security & Privacy 3(1), 84–87 (2005)
[3] Benedusi, P., Chianese, A., Marulli, F., Piccialli, F., Jung, J.: An associative engines based approach supporting collaborative analytics in
the internet of cultural things. In: Proceedings of the 3rd International Workshop on Cloud and Distributed System Application and he 10th
International 3PGCIC-2015 Conference (2015)
[4] Bishop, M.: About penetration testing. IEEE Security & Privacy 5(6), 84–87 (2007)
[5] Broad, W.J.: Computer security worries military experts. New York Times 25 (1983)
[6] Campanile, L., Iacono, M., Martinelli, F., Marulli, F., Mastroianni, M., Mercaldo, F., Santone, A.: Towards the use of generative adversar-
ial neural networks to attack online resources. In: Workshops of the International Conference on Advanced Information Networking and
Applications, pp. 890–901. Springer (2020)
[7] Claurk, B.: Rtfm: Red Team Field Manual. CreateSpace Independent Publishing Platform (2014)
[8] Dafermos, G., Söderberg, J.: The hacker movement as a continuation of labour struggle. Capital & Class 33(1), 53–73 (2009)
[9] of defense, U.M.: Red teaming guide - 2nd (2013)
[10] Engebretson, P.: The basics of hacking and penetration testing: ethical hacking and penetration testing made easy. Elsevier (2013)
[11] Gradara, S., Santone, A., Villani, M.: Using heuristic search for finding deadlocks in concurrent systems. Information and Computation 202(2),
191–226 (2005). DOI 10.1016/j.ic.2005.07.004. URL https://www.scopus.com/inward/record.uri?eid=2-s2.0-26444611478&
doi=10.1016%2fj.ic.2005.07.004&partnerID=40&md5=faeb7dc9dc123e3dcc4e0a268de39663. Cited By 24
[12] Gradara, S., Santone, A., Villani, M.: Delfin+: An efficient deadlock detection tool for ccs processes. Journal of Computer and System
Sciences 72(8), 1397–1412 (2006). DOI 10.1016/j.jcss.2006.03.003. URL https://www.scopus.com/inward/record.uri?eid=2-s2.
0-33750436585&doi=10.1016%2fj.jcss.2006.03.003&partnerID=40&md5=3bc0163532a6ed56871b7cbd78f16830. Cited By 23
[13] Henry, K.: Penetration testing: protecting networks and systems. IT Governance Publishing (2012)
[14] ISO: Iso/iec 27001 - information security management (2013)
[15] Jamiolkowski, M., Robertson, P.: Future trends for penetration testing. In: Penetration testing in the UK: Proceedings of the geotechnology
conference organized by the Institution of Civil Engineers and held in Birmingham on 6–8 July 1988, pp. 321–342. Thomas Telford Publishing
(1989)
[16] Jordan, T., Taylor, P.: A sociology of hackers. The Sociological Review 46(4), 757–780 (1998)
[17] Joshi, C., Singh, U.K.: Security testing and assessment of vulnerability scanners in quest of current information security landscape. Interna-
tional Journal of Computer Applications 145(2), 1–7 (2016)
[18] Kennedy, D., O’gorman, J., Kearns, D., Aharoni, M.: Metasploit: the penetration tester’s guide. No Starch Press (2011)
[19] Laakso, M., Takanen, A., Röning, J.: The vulnerability process: a tiger team approach to resolving vulnerability cases. In: Proc. 11th FIRST
Conf. Computer Security Incident Handling and Response. Citeseer (1999)
[20] Lakhani, K.R., Wolf, R.G.: Why hackers do what they do: Understanding motivation and effort in free/open source software projects (2003)
[21] López, A.A., Monroy, E.Y.M., Murcia, P.A.L.: Evaluation of the wpa2-psk wireless network security protocol using the linset and aircrack-ng
tools. Facultad de Ingenierı́a 27(47), 71–78 (2018)
[22] Lyon, G.F.: Nmap network scanning: The official Nmap project guide to network discovery and security scanning. Insecure (2009)
[23] Martinelli, F., Marulli, F., Mercaldo, F., Marrone, S., Santone, A.: Enhanced privacy and data protection using natural language processing and
artificial intelligence. In: 2020 International Joint Conference on Neural Networks (IJCNN), pp. 1–8. IEEE (2020)
[24] Marulli, F., Visaggio, C.A.: Adversarial deep learning for energy management in buildings. In: SummerSim, pp. 50–1 (2019)
[25] McDermott, J.P.: Attack net penetration testing. In: Proceedings of the 2000 workshop on New security paradigms, pp. 15–21 (2001)
[26] Norton, D.: An ettercap primer. SANS Institute InfoSec Reading Room 5 (2004)
[27] Orebaugh, A., Ramirez, G., Beale, J.: Wireshark & Ethereal network protocol analyzer toolkit. Elsevier (2006)
[28] Pfleeger, C.P., Pfleeger, S.L., Theofanos, M.F.: A methodology for penetration testing. Computers & Security 8(7), 613–620 (1989)
[29] Rogers, R.: Nessus network auditing. Elsevier (2011)
[30] Santone, A., Vaglini, G., Villani, M.: Incremental construction of systems: An efficient characterization of the lacking sub-
system. Science of Computer Programming 78(9), 1346–1367 (2013). DOI 10.1016/j.scico.2012.07.015. URL https:
//www.scopus.com/inward/record.uri?eid=2-s2.0-84878849687&doi=10.1016%2fj.scico.2012.07.015&partnerID=
40&md5=fe7756b47855c6152b737b93b61f807c. Cited By 23
[31] Shinder, D.: Acunetix web vulnerability scanner. product review 2005 (2005)
[32] Surjey, U., Pansari, S., Arya, Y., Katiyar, Y., Bansal, N.: International journal of engineering sciences & research technology study and analysis
on packet sniffing tool cain and abel-a
[33] Surribas, N.: Wapiti, web application vulnerability scanner/security auditor. URL: http://wapiti. sourceforge. net (2006)
[34] Taylor, P.A.: Hackers: Crime in the digital sublime. Psychology press (1999)
[35] Thompson, H.H.: Application penetration testing. IEEE Security & Privacy 3(1), 66–69 (2005)
[36] Wear, S.: Burp Suite Cookbook: Practical recipes to help you master web penetration testing with Burp Suite. Packt Publishing Ltd (2018)
[37] Young, R.: Giving it away: How red hat software stumbled across a new economic model and helped improve an industry. Journal of Electronic
Publishing 4(3) (1999)