<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Social-Engineering on Ethical Hacking | Pentest e Sicurezza Informatica | Hackita</title><link>https://hackita.it/tags/social-engineering/</link><description>Recent content in Social-Engineering on Ethical Hacking | Pentest e Sicurezza Informatica | Hackita</description><generator>Hugo</generator><language>it</language><lastBuildDate>Fri, 19 Jun 2026 00:00:00 +0000</lastBuildDate><atom:link href="https://hackita.it/tags/social-engineering/index.xml" rel="self" type="application/rss+xml"/><item><title>Phishing Attack Vectors: A Red Team Technical Breakdown</title><link>https://hackita.it/articoli/phishing-techniques-red-team/</link><pubDate>Fri, 19 Jun 2026 00:00:00 +0000</pubDate><guid>https://hackita.it/articoli/phishing-techniques-red-team/</guid><description>&lt;h1
 id="phishing-attack-vectors-a-red-team-technical-breakdown" class="group/anchor-heading"&gt;
 Phishing Attack Vectors: A Red Team Technical Breakdown
 &lt;a href="#phishing-attack-vectors-a-red-team-technical-breakdown" class="text-inherit opacity-0 group-hover/anchor-heading:opacity-100 decoration-transparent"&gt;#&lt;/a&gt;
&lt;/h1&gt;&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Legal disclaimer:&lt;/strong&gt; The techniques and tools described in this article are intended exclusively for authorized penetration testing engagements, security research, and educational purposes. Using these methods against systems or individuals without explicit written authorization is illegal under most jurisdictions, including Italy&amp;rsquo;s D.lgs. 231/2001 and the Computer Fraud and Abuse Act (US). HackITA assumes no responsibility for any misuse of the information provided. Always operate within the boundaries of a signed scope agreement.&lt;/p&gt;</description></item><item><title>Phishing: Tecniche, Tipologie e Difese nel 2026</title><link>https://hackita.it/articoli/phishing/</link><pubDate>Fri, 27 Feb 2026 00:00:00 +0000</pubDate><guid>https://hackita.it/articoli/phishing/</guid><description>&lt;h1
 id="phishing-infrastruttura-tool-payload-e-campagne-operative" class="group/anchor-heading"&gt;
 Phishing: Infrastruttura, Tool, Payload e Campagne Operative
 &lt;a href="#phishing-infrastruttura-tool-payload-e-campagne-operative" class="text-inherit opacity-0 group-hover/anchor-heading:opacity-100 decoration-transparent"&gt;#&lt;/a&gt;
&lt;/h1&gt;&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Executive Summary&lt;/strong&gt; — Il phishing è il vettore di initial access più usato nel mondo reale — oltre l'80% dei breach inizia con un&amp;rsquo;email. Nel pentest, la campagna di phishing testa la resilienza umana dell&amp;rsquo;organizzazione: quanti utenti cliccano un link, quanti inseriscono credenziali, quanti aprono un allegato malevolo. Ma una campagna di phishing efficace richiede molto più del &amp;ldquo;mandare un&amp;rsquo;email con un link&amp;rdquo;: serve un&amp;rsquo;infrastruttura credibile (dominio, certificato TLS, SPF/DKIM/DMARC), template convincenti, payload che evadono i filtri email e una landing page che cattura credenziali o esegue codice. Questo articolo copre l&amp;rsquo;intero workflow — dalla preparazione del dominio alla post-exploitation.&lt;/p&gt;</description></item></channel></rss>