Recent Posts

HackTricks GRTE Review

Deepen your GCP security expertise from the basics to advanced levels, starting by exploring identity management, encryption, and networking defenses. Learn to identify and exploit misconfigurations in tens of the most used GCP services. Master specialized Red Team and Whitebox tactics tailored for GCP, enhancing your ability to detect and correct complex security flaws. Moreover, gain insights into red teaming within Google Workspace and discover effective strategies for pivoting between GCP and Google Workspace platforms.

SkullNet Writeup

Welcome to the review of SkullNet, my first CTF available out there, you have what it takes to solve it and become a SkullOperator? Show your skills in this CTF and retrieve the secret Flag!

HackTricks ARTE Review

Starting from the basics deepen your expertise in AWS security with a comprehensive exploration of advanced concepts, including in-depth identity and access management strategies, encryption methods, sophisticated networking defenses and learn how to spot and exploit misconfigurations in more than 20 common AWS services. Master the application of specialized red team and whitebox tactics in AWS contexts, enabling the detection and correction of complex security flaws.

OSCP All you need to know

The OSCP is a hands-on penetration testing certification, requiring holders to successfully attack and penetrate various live machines in a safe lab environment. It is considered more technical than other ethical hacking certifications, and is one of the few certifications that requires evidence of practical penetration testing skills.

Flipper Zero Evil Portal

This project will turn your Wi-Fi dev board into an open access point. When users try to connect to this access point they will be served a fake login screen. User credentials are sent to the Flipper and logged on the SD card.

eWPT All you need to know

The eLearnSecurity Web Application Penetration Tester certification assesses a cyber security professional’s web application penetration testing skills. The exam is a skills-based test that requires candidates to perform a real-world web app pentesting simulation.

eCPPTv2 All you need to know

The eCPPT designation stands for eLearnSecurity Certified Professional Penetration Tester. eCPPT is a 100% practical and highly respected Ethical Hacking and Penetration Testing Professional certification counting certified professional in all the seven continents.

Create your Pivoting networks with Vmware

VMware is a software company that provides virtualization and cloud computing software and services. Virtualization technology allows multiple operating systems to run on a single physical computer, enabling hardware resources to be shared among multiple virtual machines. This technology helps businesses to reduce costs by increasing server utilization, consolidating servers, and reducing power consumption.

Stealing Cookies via XSS

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user.

NBT-NS Poisoning

Link-Local Multicast Name Resolution (LLMNR) and NetBIOS Name Service (NBT-NS) are two name resolution services that Windows machines use to identify host addresses on a network when DNS resolution fails. LLMNR and NetBIOS are enabled by default on modern Windows computers.