hacktricks/SUMMARY.md

Table of contents

👾 Welcome!

• HackTricks
• HackTricks Values & faq
• About the author
• Getting Started in Hacking

🤩 Generic Methodologies & Resources

• Pentesting Methodology
• External Recon Methodology
  • Wide Source Code Search
  • Github Dorks & Leaks
• Pentesting Network
  • DHCPv6
  • EIGRP Attacks
  • GLBP & HSRP Attacks
  • IDS and IPS Evasion
  • Lateral VLAN Segmentation Bypass
  • Network Protocols Explained (ESP)
  • Nmap Summary (ESP)
  • Pentesting IPv6
  • Spoofing LLMNR, NBT-NS, mDNS/DNS and WPAD and Relay Attacks
  • Spoofing SSDP and UPnP Devices with EvilSSDP
• Pentesting Wifi
  • Evil Twin EAP-TLS
• Phishing Methodology
  • Clone a Website
  • Detecting Phishing
  • Phishing Files & Documents
• Basic Forensic Methodology
  • Baseline Monitoring
  • Anti-Forensic Techniques
  • Docker Forensics
  • Image Acquisition & Mount
  • Linux Forensics
  • Malware Analysis
  • Memory dump analysis
    • Volatility - CheatSheet
  • Partitions/File Systems/Carving
    • EXT
    • File/Data Carving & Recovery Tools
    • NTFS
  • Pcap Inspection
    • DNSCat pcap analysis
    • Suricata & Iptables cheatsheet
    • USB Keystrokes
    • Wifi Pcap Analysis
    • Wireshark tricks
  • Specific Software/File-Type Tricks
    • Decompile compiled python binaries (exe, elf) - Retreive from .pyc
    • Browser Artifacts
    • Desofuscation vbs (cscript.exe)
    • Local Cloud Storage
    • Office file analysis
    • PDF File analysis
    • PNG tricks
    • Video and Audio file analysis
    • ZIPs tricks
  • Windows Artifacts
    • Windows Processes
    • Interesting Windows Registry Keys
• Brute Force - CheatSheet
• Python Sandbox Escape & Pyscript
  • Pyscript
  • Basic Python
  • Class Pollution (Python's Prototype Pollution)
  • venv
  • Bypass Python sandboxes
    • LOAD_NAME / LOAD_CONST opcode OOB Read
    • Output Searching Python internals
  • Web Requests
  • Bruteforce hash (few chars)
• Exfiltration
• Tunneling and Port Forwarding
• Search Exploits
• Shells (Linux, Windows, MSFVenom)
  • MSFVenom - CheatSheet
  • Shells - Windows
  • Shells - Linux
  • Full TTYs

🐧 Linux Hardening

• Checklist - Linux Privilege Escalation
• Linux Privilege Escalation
  • Cisco - vmanage
  • Containerd (ctr) Privilege Escalation
  • Docker Security
    • Abusing Docker Socket for Privilege Escalation
    • AppArmor
    • AuthZ& AuthN - Docker Access Authorization Plugin
    • CGroups
    • Docker --privileged
    • Docker Breakout / Privilege Escalation
      • release_agent exploit - Relative Paths to PIDs
      • Docker release_agent cgroups escape
      • Sensitive Mounts
    • Namespaces
      • CGroup Namespace
      • IPC Namespace
      • PID Namespace
      • Mount Namespace
      • Network Namespace
      • Time Namespace
      • User Namespace
      • UTS Namespace
    • Seccomp
    • Weaponizing Distroless
  • Escaping from Jails
  • euid, ruid, suid
  • Logstash
  • Node inspector/CEF debug abuse
  • D-Bus Enumeration & Command Injection Privilege Escalation
  • Interesting Groups - Linux Privesc
    • lxd/lxc Group - Privilege escalation
  • ld.so privesc exploit example
  • Linux Active Directory
  • Linux Capabilities
  • NFS no_root_squash/no_all_squash misconfiguration PE
  • Payloads to execute
  • RunC Privilege Escalation
  • SELinux
  • Socket Command Injection
  • Splunk LPE and Persistence
  • SSH Forward Agent exploitation
  • Wildcards Spare tricks
  • Arbitrary File Write to Root
• Useful Linux Commands
• Bypass Linux Shell Restrictions
  • DDexec
• Linux Environment Variables
• Linux Post-Exploitation
  • PAM - Pluggable Authentication Modules
• FreeIPA Pentesting