Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • DIplomado CD - Mod 6 V1.0

    Загружено:

    OSCAR JAVIER SAAVEDRA OCHOA
    3 просмотров35 страниц

    Оригинальное название

    DIplomado CD - Mod 6 V1.0.pptx

    Авторское право

    © © All Rights Reserved

    Доступные форматы

    PPTX, PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PPTX, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    3 просмотров35 страниц

    DIplomado CD - Mod 6 V1.0

    Загружено:

    OSCAR JAVIER SAAVEDRA OCHOA

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PPTX, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 35

    Diplomado en

    ciberseguridad

    Adrián E. Rodríguez
    CISSP, CISM, GCFA, GSEC, ISO Lead Auditor
    Cronograma
    • Módulo I: Introducción general
    • Módulo II: Seguridad avanzada en redes
    • Módulo III: Inteligencia WEB / OSINT
    – Perfilado
    • Módulo IV: Inteligencia y forense
    – Investigación forense
    – Recolección de evidencia
    • Módulo V: Aplicaciones seguras
    • Módulo VI: Ataques y vulnerabilidades
    – Detección de vulnerabilidades
    – Explotación
    Módulo V: Ataques y
    vulnerabilidades

    Adrián E. Rodríguez
    CISSP, CISM, GCFA, GSEC, ISO Lead Auditor
    Gestión de riesgos
    Proceso de Análisis de riesgos
    Dominios de riesgo
    Tipificación de la Información
    Identificación de activos
    Tipos y valor
    TIPOS
    TIPOS VALOR
    •• Físicos
    Físicos •• Contexto de la información
    •• Ambientales
    Ambientales
    •• Hardware
    Hardware
    •• Confidencialidad
    •• Software
    Software •• Integridad
    •• Humanos
    Humanos •• Disponibilidad
    •• Procesos
    Procesos •• Cuantitativo
    •• Criterios
    Criterios
    •• Entradas
    Entradas
    •• Salidas
    Salidas
    •• Documentación
    Documentación
    Controles
    Element Very Critical Critical Non-Critical

    Operating System          Daily


    and Weekly scans and          Weekly
    scans and analysis of          Monthly
    scans and analysis
    Compliance analysis of scan results based scan results based on the use of of scan results based on the use
    on the use of Enterprise Security Enterprise Security Manager tm of Enterprise Security Manager
    Manager tm or equivalent tool or equivalent tool AND or equivalent tool OR
             Hardening tm
    AND
             Use
    of OS Security          Checklist-based Compliance
             Monitoring
             Use
    of OS Security Baseline(s) for Critical Assets checking AND
    Baseline(s) for Very Critical
             Analysis Assets          Use
    of OS Minimum Security
    Baseline(s)

    Daily and Weekly scans and          Weekly


    scans and analysis of          Monthly
    scans and analysis
    Database Compliance         
    analysis of scan results based on scan results based on the use of of scan results based on the use
    the use of Enterprise Security
             Monitoring
    Enterprise Security Manager of Enterprise Security Manager
    Manager Oracle tm or equivalent tool
    Oracle tm or equivalent tool AND Oracle tm or equivalent tool AND
    AND
             Hardening
    Use of DB Security Baseline(s) for
                      Use
    of DB Security          Use
    of DB Minimum Security
    Very Critical Assets Baseline(s) for Critical Assets Baseline(s)

             N/A (Firewalls are          N/A (Firewalls are


    Firewall Compliance          Real-time
    monitoring using automatically considered to automatically considered to be
    host-based Real Secure tm or be Very Critical assets) Very Critical assets)
             Monitoring equivalent tool AND
     
             Use
    of Firewall Baseline for
             Hardening
    Very Critical Assets
    Análisis de amenazas
    Análisis de vulnerabilidades
    Probabilidad
    Impacto
    Perfiles de riesgo
    Prioridad de tratamiento
    Selección de controles
    Grado de aseguramiento
    Riesgo residual
    Aceptación del riesgo
    Tratamiento del riesgo
    • Aceptación
    • Mitigación
    • Pólizas
    • Transferencia
    • Cambio del proceso
    • Negación del riesgo
    Análisis de Vulnerabilidades
    Análisis de Vulnerabilidades
    • Nessus
    • Zap
    • Acunetix
    • Nikto
    • OpenVAS
    Análisis de Vulnerabilidades
    Configuración
    • Sanidad de la red
    • Selección de plugins
    • Configuración de usuarios y servicios
    • Rango de análisis
    • Selección de reportes
    Explotación de servidores
    • Metasploit
    • Exploit db
    Metasploit
    Metasploit
    Meterpreter
    Core Commands
    • ? - help menu
    • background - moves the current session to the background
    • bgkill - kills a background meterpreter script
    • bglist - provides a list of all running background scripts
    • bgrun - runs a script as a background thread
    • channel - displays active channels
    • close - closes a channel
    • exit - terminates a meterpreter session
    • help - help menu
    • interact - interacts with a channel
    • irb - go into Ruby scripting mode
    • migrate - moves the active process to a designated PID
    • quit - terminates the meterpreter session
    • read - reads the data from a channel
    • run - executes the meterpreter script designated after it
    • use - loads a meterpreter extension
    • write - writes data to a channel
    Meterpreter
    File System Commands
    • cat - read and output to stdout the contents of a file
    • cd - change directory on the victim
    • del - delete a file on the victim
    • download - download a file from the victim system to the attacker system
    • edit - edit a file with vim
    • getlwd - print the local directory
    • getwd - print working directory
    • lcd - change local directory
    • lpwd - print local directory
    • ls - list files in current directory
    • mkdir - make a directory on the victim system
    • pwd - print working directory
    • rm - delete a file
    • rmdir - remove directory on the victim system
    • upload - upload a file from the attacker system to the victim
    Meterpreter
    File System Commands
    • cat - read and output to stdout the contents of a file
    • cd - change directory on the victim
    • del - delete a file on the victim
    • download - download a file from the victim system to the attacker system
    • edit - edit a file with vim
    • getlwd - print the local directory
    • getwd - print working directory
    • lcd - change local directory
    • lpwd - print local directory
    • ls - list files in current directory
    • mkdir - make a directory on the victim system
    • pwd - print working directory
    • rm - delete a file
    • rmdir - remove directory on the victim system
    • upload - upload a file from the attacker system to the victim
    Meterpreter
    Networking Commands
    • ipconfig - displays network interfaces with key information including IP address, etc.
    • portfwd - forwards a port on the victim system to a remote service
    • route - view or modify the victim routing table
    System Commands
    • clearav - clears the event logs on the victim's computer
    • drop_token - drops a stolen token
    • execute - executes a command
    • getpid - gets the current process ID (PID)
    • getprivs - gets as many privileges as possible
    • getuid - get the user that the server is running as
    • kill - terminate the process designated by the PID
    • ps - list running processes
    • reboot - reboots the victim computer
    • reg - interact with the victim's registry
    • rev2self - calls RevertToSelf() on the victim machine
    • shell - opens a command shell on the victim machine
    • shutdown - shuts down the victim's computer
    • steal_token - attempts to steal the token of a specified (PID) process
    • sysinfo - gets the details about the victim computer such as OS and name
    Meterpreter
    User Interface Commands
    • enumdesktops - lists all accessible desktops
    • getdesktop - get the current meterpreter desktop
    • idletime - checks to see how long since the victim system has been idle
    • keyscan_dump - dumps the contents of the software keylogger
    • keyscan_start - starts the software keylogger when associated with a process such as Word or browser
    • keyscan_stop - stops the software keylogger
    • screenshot - grabs a screenshot of the meterpreter desktop
    • set_desktop - changes the meterpreter desktop
    • uictl - enables control of some of the user interface components
    Privilege Escalation Commands
    • getsystem - uses 15 built-in methods to gain sysadmin privileges
    • Step 7Password Dump Commands
    • hashdump - grabs the hashes in the password (SAM) file
    Timestomp Commands
    • timestomp - manipulates the modify, access, and create attributes of a file
    Meterpreter
    User Interface Commands
    • enumdesktops - lists all accessible desktops
    • getdesktop - get the current meterpreter desktop
    • idletime - checks to see how long since the victim system has been idle
    • keyscan_dump - dumps the contents of the software keylogger
    • keyscan_start - starts the software keylogger when associated with a process such as Word or browser
    • keyscan_stop - stops the software keylogger
    • screenshot - grabs a screenshot of the meterpreter desktop
    • set_desktop - changes the meterpreter desktop
    • uictl - enables control of some of the user interface components
    Privilege Escalation Commands
    • getsystem - uses 15 built-in methods to gain sysadmin privileges
    • Step 7Password Dump Commands
    • hashdump - grabs the hashes in the password (SAM) file
    Timestomp Commands
    • timestomp - manipulates the modify, access, and create attributes of a file
    Preguntas?

    Вам также может понравиться