HKCU

Ejecutar la información que se encuentra en un valor dentro de la clave CLSID del Registro de Windows

1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 5.00 out of 5)
Loading...


Ejecutar la información que se encuentra en un valor binario del Registro de Windows

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...


Rundll32 commands for Windows

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)
Loading...


Habilitar o deshabilitar un servidor proxy en Internet Explorer utilizando PowerShell

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Habilitar

Deshabilitar


Windows Post Exploitation Cmdlets Execution (PowerShell)

1 Star2 Stars3 Stars4 Stars5 Stars (5 votes, average: 5.00 out of 5)
Loading...

Presence This section focuses on information gathering about the victim host and the network that it’s attached to. System

WMI

Networking

Users

Configs

Finding important files

Files to pull

Remote system access

Software

Auto­Start directories

Persistance This section focuses on gaining a foothold to re­gain, or re­obtain access to a system through means of authentication, backdoors, etc.. Download

Compress or expand ZIP archive

Reg command exit

Deleting logs

Uninstalling software “Antivirus”

Invasive or altering commands


Cambiar la página de inicio en Internet Explorer desde el Registro de Windows

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

 


Seguridad informática con PowerShell

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)
Loading...

Introducción Confidencialidad

Integridad

Seguridad física Analizar el hardware de los equipos de la empresa

Ver dispositivos conectados (móviles, almacenamiento USB, etc.)

Seguridad lógica Ver información sobre usuarios y grupos (usuario que ha iniciado sesión)

Crear usuarios y grupos (procedimiento de creación)

Analizar el software de los equipos de la empresa

Analizar los programas que están instalados en los equipos de la empresa y ver la relación que tienen con los procesos y servicios

Analizar los programas que están instalados en los equipos de la empresa y ver la relación que tienen con […]


Artefactos

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...


Cambiar el fondo de escritorio

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

 


Ejecutar un programa al inicio de Windows

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Ejemplo con la calculadora Abrir el registro (regedit) y localizar la siguiente ruta: HKCU/Software/Microsoft/Windows/CurrentVersion/Run En el Panel derecho crea un nuevo valor de cadena llamado Cal y ponerle el valor calc.exe.


Registry Hack to set Internet Explorer Start Page

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...

 


Verifying the Existence of a File or Folder

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

One of the primary uses of Test-Path is to verify the existence of a file or folder. For example, this command checks to see whether the file C:\Scripts\Test.txt exists:

  Test-Path returns True if the file exists, and returns False if the file does not exist. As is usually the case with cmdlets, you can use wildcards with Test-Path. For example, this script tells you whether or not there are any .wma files in C:\Scripts:

  Did someone ask if you can you check for the existence of registry keys using Test-Path? Of course you can:

 


Retrieving a Specific Item

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

The Get-Item cmdlet makes it easy to retrieve a specific item (such as a file, a folder, or a registry key). Why would you want to do that? Well, for one thing, it makes it very easy to retrieve the properties of those items. For example, suppose you’d like to know the last time someone accessed the C:\scripts folder. Here’s a command that will retrieve that information:

  In essence, we’re using Get-Item to create an object reference to C:\Scripts. That’s the reason for the unusual syntax: the command itself – Get-Item c:\scripts – is enclosed in parentheses, with a […]


Searching the Registry: URLs

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

 


Searching the Registry: IP addresses

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

 


Searching TeamViewer in our system

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Searching open port in Netstat

  Searching the registry “TeamViewer”

  Searching file “TeamViewer”