Línea 1: Línea 1:
-====== Profesional certificado en seguridad ofensiva (OSCP) ====== 
-Profesional certificado en seguridad ofensiva (**OSCP**) es una certificación de ethical hacking ofrecida por Offensive Security que enseña metodologías de exámenes de penetración y utilizan herramientas incluyendo el examen de pentración BackTrack (ahora realizado con éxito con la distribución Kali Linux)1​2​ La certificación OSCP consiste en un examen práctico que requiere atacar y penetrar de manera satisfactoria varias maquinas en un ambiente seguro controlado.3​ Actualmente, es una de las pocas certificaciones que requiere evidencia de las habilidades en la parte práctica que consiste en una prueba de penetración. 
-===== Referencias para prepararse ===== 
-  * shi_ver_bot : A Telegram bot to see if your password was in the BreachCompilation 
-beef project 
-sitio de boca 
-dig @ unap.cl -t AXFR 
-(ip.addr == and (!udp contains "HTTP/1.1") 
-ip.src == && tcp.flags.syn==1 && tcp.flags.ack==1 
->>> a = ARP(op="who-has", psrc="", pdst="", hwdst="fe80::4067:2e3f:d06:61bd") 
->>> send(a, inter=3, loop=1) 
-a = ARP(op="who-has", psrc="", pdst="", hwdst="fe80::4067:2e3f:d06:61bd") 
-ip a falsear ip victima mac victima 
-a = ARP(op="who-has", psrc="", pdst="", hwdst="08:00:27:52:2D:A0") 
->>> send(a, inter=3, loop=1) 
- ettercap -T -q -i eth0 -P dns_spoof -M arp /  
-└──╼ #tcpdump -n -i wlan0 -e 'arp or icmp' 
-arping -c 1 -I wlan0 
-60 bytes from 08:00:27:7e:b5:f7 ( index=0 time=1.363 msec 
-60 bytes from 00:17:c5:15:81:6a ( index=1 time=2.670 msec 
---- statistics --- 
-arpspoof -i eth0 -t 
-iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080 
- iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-port 8080 
-mitmproxy --mode transparent 
-bettercap -T ipvictima --proxy -P 
-Cupp para crear diccionarios 
-git clone https://github.com/Mebus/cupp.git 
-Generar ataques de Bruteforce a redes sociales 
-git clone https://github.com/TunisianEagles/SocialBox.git 
-Dump de passwords (Volcado de memoria) 
-Cracking WPA/WPA2 con phishing 
---mode transparent 
-bettercap -T [ip_victima] --proxy -P 
-git clone https://github.com/M4sc3r4n0/Evil-Droid.git 
-Good reviews of CTP/OSCE (in no particular order): 
-Note: * mark means look for other posts on this blog 
-******* https://github.com/reider-roque 
-Tutorial sites (more stars = better/recommended): 
-***** http://resources.infosecinstitute.com/intro-to-fuzzing/ 
-******* https://madmantm.wordpress.com/ 
-***** https://sploitfun.wordpress.com/2015/06/26/linux-x86-exploit-development-tutorial-series/ 
-***** https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/june/writing-exploits-for-win32-systems-from-scratch/ 
-** http://phrack.org/issues/67/13.html 
-***** http://programming4.us/security/688.aspx 
-***** http://www.primalsecurity.net/0x8-exploit-tutorial-the-elusive-egghunter/ 
-********** https://blog.techorganic.com/2014/05/14/from-fuzzing-to-0-day/ 
-*********************** http://www.flinkd.org/2011/07/fuzzing-with-peach-part-1/ 
-************ http://realpentesting.blogspot.sg/2013/04/0day-bug-hunting-realpentesting.html 
-******** https://samsclass.info/127/proj/vuln-server.htm 
-**************** http://www.rockfishsec.com/2014/01/fuzzing-vulnserver-with-peach-3.html 
-********************* http://www.thegreycorner.com/p/vulnserver.html 
-*********** http://resources.infosecinstitute.com/seh-exploit/ 
-Good practice sites: 
-**** https://samsclass.info/127/proj/p4-lbuf-shell.htm 
-**** http://www.securitysift.com/windows-exploit-development-part-1-basics/ 
-******* https://securitycafe.ro/2015/10/30/introduction-to-windows-shellcode-development-part1/ 
-******* https://securitycafe.ro/2015/12/14/introduction-to-windows-shellcode-development-part-2/ 
-************* http://www.vividmachines.com/shellcode/shellcode.html 
-Vulnerable machines: 
-vulnhub VMs: 
-SickOS 1.1 
-SickOS 1.2 
-Droopy v0.2 
-SecTalks: BNE0x00 - Minotaur 
-SecTalks: BNE0x03 - Simple 
-NullByte: 1 
-FristiLeaks 1.3 
-OWASP Vulnerable Web Applications Directory Project 
-Damn Vulnerable Web Application 
-Backdooring files with Python: 
-eBooks downloads: 
-"Hacking: The Art of Exploitation" 
-- Fuzzing (Scapy, TAO, Sulley) 
-- Linux Exploitation (vanila stack overflow, return to Glibc - NX bypass, repairing stack canaries, ASLR bypasses) and Windows exploitation (SEH overwrite,  Return Oriented Programming into disabling DEP) 
-- Web Application Hacker's Handbook (might be too large: Consider "webgoat") 
-Various sites: 
-http://www.sweetscape.com/  (010 Editor) 
-Fun random stuff: 