• Guessing
• Shoulder Surfing
• Dumpster Diving
• Password Dump
• Social Engineering (Powershell)
• Sniffing & MiTM (Cain,SMBRelay)
• Bypassing Windows
• RubberDucky (ducktoolkit, ducky-payload-generator)
• Getting Hashes
• Dumping Stored Passwords
• Tools
• Countermeasures
Scanning vulnerabilities
• OpenVAS
• Nessus
• MBSA
Exploiting Vulnerabilities in Metasploitable
• VSFTPD V2.3.4
• UNREALIRCD 3.2.8.1
Creating Payload & Remote Administration
• Shellter
• Pupy
• Veil Evasion
• TheFatRat
• The Lazy Script
• Zirikatu
• Empire
• PowerSploit
• EXE+JPG
• BAT TO EXE
Delivering Payload
• USB Rubberducky
• Email
• Web
Post Exploitation
• Meterpreter
• MSFConsole
• Privilege Escalation
• Persistence Backdoor
• Trojan
• Keylogger
• Gather Information
• Veil Evasion
• TheFatRat
• The Lazy Script
• Zirikatu
• Empire
• PowerSploit
• EXE+JPG
• BAT TO EXE
Delivering Payload
• USB Rubberducky
• Web
Post Exploitation
• Meterpreter
• MSFConsole
• Privilege Escalation
• Persistence Backdoor
• Trojan
• Keylogger
• Gather Information
Hiding
Before Exploitation :
• EXE+JPG
• BAT TO EXE
• Trojanizer
After Exploitation :
• Hiding & Locking Folders
• Hiding User
• Hiding Registry
• Disable auditing
Rootkits
Covering Tracks
• Clearing Logs (ELSave)
• Clearing Registry
• CMD History
• TEMP Files
Countermeasures
• Patching system
• Using Good Antivirus
• Anti Rootkit Software
• Hardening System
• STIG (Standerd Technical Implementation Guide)
• Training
• Comman Sense
No comments:
Post a Comment