No description
Find a file
2024-05-07 11:04:25 +00:00
.gitbook/assets Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:47:30 +00:00
.github Translated to Swahili 2024-02-11 02:13:58 +00:00
backdoors Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat 2024-03-29 21:14:28 +00:00
binary-exploitation Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:47:30 +00:00
blockchain/blockchain-and-crypto-currencies Translated to Swahili 2024-02-11 02:13:58 +00:00
c2 Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:47:30 +00:00
crypto-and-stego Translated ['crypto-and-stego/certificates.md', 'generic-methodologies-a 2024-05-06 11:21:47 +00:00
cryptography Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat 2024-03-29 21:14:28 +00:00
exploiting Translated ['exploiting/linux-exploiting-basic-esp/README.md', 'reversin 2024-04-02 19:48:36 +00:00
forensics/basic-forensic-methodology Translated ['binary-exploitation/rop-return-oriented-programing/ret2lib/ 2024-05-02 15:14:31 +00:00
generic-methodologies-and-resources Translated ['crypto-and-stego/certificates.md', 'generic-methodologies-a 2024-05-06 11:21:47 +00:00
hardware-physical-access Translated ['hardware-physical-access/escaping-from-gui-applications.md' 2024-05-06 11:24:37 +00:00
linux-hardening Translated ['crypto-and-stego/certificates.md', 'generic-methodologies-a 2024-05-06 11:21:47 +00:00
linux-unix/privilege-escalation Translated to Swahili 2024-02-11 02:13:58 +00:00
macos-hardening Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-05-06 23:54:54 +00:00
misc Translated to Swahili 2024-02-11 02:13:58 +00:00
mobile-pentesting Translated ['mobile-pentesting/android-app-pentesting/README.md'] to sw 2024-05-06 12:41:26 +00:00
network-services-pentesting Translated ['crypto-and-stego/certificates.md', 'generic-methodologies-a 2024-05-06 11:21:47 +00:00
pentesting-web Translated ['pentesting-web/formula-csv-doc-latex-ghostscript-injection. 2024-05-07 11:04:25 +00:00
physical-attacks Translated ['README.md', 'crypto-and-stego/hash-length-extension-attack. 2024-04-18 04:08:12 +00:00
radio-hacking Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:19:32 +00:00
reversing Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:47:30 +00:00
reversing-and-exploiting Translated ['reversing-and-exploiting/linux-exploiting-basic-esp/common- 2024-04-07 16:14:22 +00:00
stego Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-26 15:53:40 +00:00
todo Translated ['todo/radio-hacking/flipper-zero/fz-infrared.md'] to sw 2024-05-06 09:11:05 +00:00
welcome Translated ['README.md', 'binary-exploitation/common-binary-protections- 2024-04-09 00:24:16 +00:00
windows-hardening Translated ['crypto-and-stego/certificates.md', 'generic-methodologies-a 2024-05-06 11:21:47 +00:00
.gitignore Update .gitignore 2023-06-25 15:55:55 +02:00
1911-pentesting-fox.md Translated to Swahili 2024-02-11 02:13:58 +00:00
6881-udp-pentesting-bittorrent.md Translated to Swahili 2024-02-11 02:13:58 +00:00
android-forensics.md Translated to Swahili 2024-02-11 02:13:58 +00:00
burp-suite.md Translated to Swahili 2024-02-11 02:13:58 +00:00
emails-vulns.md Translated to Swahili 2024-02-11 02:13:58 +00:00
interesting-http.md Translated to Swahili 2024-02-11 02:13:58 +00:00
LICENSE.md Translated to Swahili 2024-02-11 02:13:58 +00:00
online-platforms-with-api.md Translated to Swahili 2024-02-11 02:13:58 +00:00
other-web-tricks.md Translated to Swahili 2024-02-11 02:13:58 +00:00
pentesting-dns.md Translated to Swahili 2024-02-11 02:13:58 +00:00
post-exploitation.md Translated to Swahili 2024-02-11 02:13:58 +00:00
README.md Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:47:30 +00:00
stealing-sensitive-information-disclosure-from-a-web.md Translated to Swahili 2024-02-11 02:13:58 +00:00
SUMMARY.md Translated ['todo/hardware-hacking/fault_injection_attacks.md', 'todo/ha 2024-05-05 13:50:25 +00:00

Mbinu za Kudukua

Majina na muundo wa Hacktricks uliundwa na @ppiernacho.

{% hint style="success" %} Karibu kwenye wiki ambapo utapata kila mbinu ya kudukua/kiufundi/chochote nilichojifunza kutoka kwa CTFs, programu halisi, kusoma utafiti, na habari. {% endhint %}

Ili kuanza fuata ukurasa huu ambapo utapata mtiririko wa kawaida ambao unapaswa kufuata wakati wa kufanya ukaguzi wa kudukua kwenye moja au zaidi ya mashine:

{% content-ref url="generic-methodologies-and-resources/pentesting-methodology.md" %} pentesting-methodology.md {% endcontent-ref %}

Wadhamini wa Kampuni

STM Cyber

STM Cyber ni kampuni kubwa ya usalama wa mtandao ambayo kauli yao mbiu ni DUDUKUE LISILOWEZEKANA. Wanafanya utafiti wao wenyewe na kutengeneza zana zao za kudukua ili kutoa huduma muhimu za usalama wa mtandao kama ukaguzi wa kudukua, Timu Nyekundu na mafunzo.

Unaweza kuangalia blogi yao kwenye https://blog.stmcyber.com

STM Cyber pia inasaidia miradi ya chanzo wazi ya usalama wa mtandao kama HackTricks :)


RootedCON

RootedCON ni tukio muhimu zaidi la usalama wa mtandao nchini Hispania na moja ya muhimu zaidi barani Ulaya. Kwa ** lengo la kukuza maarifa ya kiufundi**, kongamano hili ni mahali pa kukutana kwa wataalamu wa teknolojia na usalama wa mtandao katika kila nidhamu.

{% embed url="https://www.rootedcon.com/" %}


Intigriti

Intigriti ni jukwaa la kwanza la udukuzi wa maadili barani Ulaya na bug bounty.

Usaidizi wa bug bounty: jiandikishe kwa Intigriti, jukwaa la bug bounty la malipo ya juu lililoanzishwa na wadukuzi, kwa wadukuzi! Jiunge nasi kwenye https://go.intigriti.com/hacktricks leo, na anza kupata zawadi hadi $100,000!

{% embed url="https://go.intigriti.com/hacktricks" %}


Trickest


Tumia Trickest kujenga na kutumia mifumo ya kazi kwa kutumia zana za jamii za juu zaidi duniani.

Pata Ufikiaji Leo:

{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}


HACKENPROOF

Jiunge na seva ya HackenProof Discord ili kuwasiliana na wadukuzi wenye uzoefu na wawindaji wa bug bounty!

  • Machapisho ya Udukuzi: Shiriki na yaliyomo yanayochimba kina katika msisimko na changamoto za udukuzi
  • Habari za Udukuzi za Wakati Halisi: Endelea kufahamishwa na ulimwengu wa udukuzi unaobadilika haraka kupitia habari za wakati halisi na ufahamu
  • Matangazo Mapya: Endelea kufahamishwa na bug bounty mpya zinazoanzishwa na sasisho muhimu za jukwaa

Jiunge nasi kwenye Discord na anza kushirikiana na wadukuzi bora leo!


Pentest-Tools.com - Jukwaa muhimu la ukaguzi wa kuingilia

Usanidi wa papo hapo wa upimaji wa udhaifu & ukaguzi wa kuingilia. Tekeleza ukaguzi kamili kutoka mahali popote na zana na vipengele zaidi ya 20 vinavyoanzia uchunguzi hadi ripoti. Hatuchukui nafasi ya wakaguzi wa kuingilia - tunatengeneza zana za desturi, ugunduzi & moduli za kutumia ili kuwarudishia muda wa kuchimba kina, kuvunja makompyuta, na kufurahi.

{% embed url="https://pentest-tools.com/" %}


SerpApi

SerpApi inatoa APIs za haraka na rahisi za wakati halisi za kufikia matokeo ya injini za utaftaji. Wanachimba injini za utaftaji, kushughulikia proksi, kutatua captchas, na kuchambua data iliyopangwa kwa ajili yako.

Usajili kwa moja ya mipango ya SerpApi ni pamoja na ufikiaji wa APIs zaidi ya 50 tofauti za kuchimba injini za utaftaji tofauti, ikiwa ni pamoja na Google, Bing, Baidu, Yahoo, Yandex, na zingine.
Tofauti na watoa huduma wengine, SerpApi hachimbi tu matokeo ya asili. Majibu ya SerpApi mara kwa mara yanajumuisha matangazo yote, picha na video za ndani, grafu za maarifa, na vipengele vingine vilivyopo katika matokeo ya utaftaji.

Wateja wa sasa wa SerpApi ni pamoja na Apple, Shopify, na GrubHub.
Kwa habari zaidi tembelea blogi yao, au jaribu mfano kwenye uwanja wao wa michezo.
Unaweza kuunda akaunti ya bure hapa.


Try Hard Security Group

{% embed url="https://discord.gg/tryhardsecurity" %}


WebSec

WebSec ni kampuni ya usalama wa mtandao ya kitaalamu iliyoanzishwa huko Amsterdam ambayo husaidia kulinda biashara ulimwenguni kote dhidi ya vitisho vya usalama wa mtandao vya hivi karibuni kwa kutoa huduma za usalama wa kuingilia kwa njia ya kisasa.

WebSec ni kampuni ya usalama ya kila moja ambayo inamaanisha wanafanya yote; Ukaguzi wa Kuingilia, Ukaguzi wa Usalama, Mafunzo ya Uelewa, Kampeni za Udukuzi, Mapitio ya Kanuni, Maendeleo ya Udukuzi, Kutoa Wataalamu wa Usalama na mengi zaidi.

Jambo lingine zuri kuhusu WebSec ni kwamba tofauti na wastani wa tasnia WebSec ina imani kubwa katika ujuzi wao, kwa kiwango kwamba wanahakikisha matokeo bora zaidi, inasema kwenye tovuti yao "Ikiwa hatuwezi kudukua, Hulipi!". Kwa habari zaidi tazama tovuti yao na blogi!

Mbali na hayo WebSec pia ni msaidizi aliyejitolea wa HackTricks.

{% embed url="https://www.youtube.com/watch?v=Zq2JycGDCPM" %}

WhiteIntel

WhiteIntel ni injini ya utaftaji inayotumia dark-web ambayo inatoa huduma za bure za kuangalia ikiwa kampuni au wateja wake wameathiriwa na malwares za kuiba.

Lengo kuu la WhiteIntel ni kupambana na utekaji wa akaunti na mashambulio ya ransomware yanayotokana na malware za kuiba taarifa.

Unaweza kutembelea tovuti yao na kujaribu injini yao bure kwa:

{% embed url="https://whiteintel.io" %}

Leseni & Taarifa ya Kisheria

Wapatie msaada:

{% content-ref url="welcome/hacktricks-values-and-faq.md" %} hacktricks-values-and-faq.md {% endcontent-ref %}

Jifunze AWS hacking kutoka sifuri hadi shujaa na htARTE (HackTricks AWS Red Team Expert)!

Njia nyingine za kusaidia HackTricks: