HackTricks

The best way to search for info in HackTricks is using hacktricks.wiki, the search functionality in book.hacktricks.wiki and cloud.hacktricks.wiki. It also works running HackTricks locally! You can also ask the HackTricks AI assistant in hacktricks.ai

LinPEAS is now capable of detecting if a machine is vulnerable to Copy Fail vuln (CVE-2026-31431). Enjoy it! github.com/peass-ng/peasS…

This weekend we launch LHE — Linux Hardening Expert, an expert-level HackTricks Training certification focused on Linux privilege escalation, hardening, and real-world attack paths. It's an Expert course with Apprentice price + 20% off (Pre-release offer) hacktricks-training.com/courses/lhe/

🚀 New course: Linux Hardening Expert Launching May 2nd, 2026. Learn Linux hardening, privilege escalation, secure config, isolation, kernel protections, and tools like LinPEAS. 20% pre-launch discount until May 1st hacktricks-training.com/courses/lhe/ #Linux #LinPEAS #CyberSecurity

New HackTricks tools at tools.hacktricks.wiki: - Request to update outdated HT pages with the researcher tool - Use the API for RAG-ready best matches from hacktricks - Access the HT AI chatbot via API - ... The new Pentester plan is live, and every tool includes a free tier.

@moppelmat If you want everything enabled you have it for free also in naxusai.com using your own keys...

@hacktricks_live Blahbls Everything disabled. Tnx but no tnx

audit-my-code.com - Free AI source code audits to find zero days

🐉 ¡Atención guerreros Z! 💻 Te presentamos el Capture The Flag (CTF) de Hackén IV, impulsado por @thehackerslabs. Demuestra tu poder, escala el ranking y conquista la cima. 🏆 ¡El podio tiene premio! 🏆 Los ganadores recibirán 1 certificación de @hacktricks_live, asignadas y elegidas por orden de clasificación del podio. No te quedes fuera de esta gran batalla. 🏆 Recuerda que las entradas se están agotando rápidamente. ¡Te esperamos para liberar tu potencial! Consigue la tuya aquí: enterticket.es/eventos/hacken… 🐉 El próximo 17-18 de abril, únete a la batalla en IFEJA Jaén. 💻 #HackTricks #HackénIV #Ciberseguridad #CTF #TheHackerLabs #Jaén

🚨 BREAKING: Someone just dropped the most advanced Steganography Platform EVER!! 😱🥚 STE.GG is an open-source toolkit that hides secrets inside ANYTHING! images, audio, text, PDFs, network packets, ZIP archives, and even emojis 😘️︎︎️️️️︎︎︎️︎︎️️︎︎︎️︎︎️️️️︎️︎️︎️️︎︎️︎︎︎️︎️︎︎️︎︎︎︎︎︎️︎️︎︎︎︎︎️︎︎️️︎︎︎️︎︎️︎︎️︎️︎︎️️️︎︎️︎️️︎︎️︎︎️️️️️︎​ AND it has an AI agent built in 👀 🔍 REVEAL: drop any file and the AI agent tests every known decoding method automatically. 120 LSB combinations, DCT, PVD, chroma, palette, PNG chunks, trailing data, metadata, Unicode, and more. 50 tools running in parallel. auto-extracts hidden payloads as downloadable artifacts. no config needed. 🔮 CONCEAL: type your secret, pick a method (or let the AI choose), upload a carrier image OR generate one with AI. one click → encoded steg file. the agent recommends the optimal method based on your use case. the methods: ⊰ LSB — 15 channel presets × 8 bit depths = 120 combinations. steghide has 1. st3gg has 120. ⊰ F5 — operates on JPEG DCT coefficients. SURVIVES social media compression. regular LSB is destroyed by ANY JPEG compression, even quality 99%. ⊰ PVD — encodes in pixel pair differences. statistically harder to detect than LSB. ⊰ CHROMA — hides data in color channels (Cb/Cr). human eyes are less sensitive to color than brightness. ⊰ SPECTER (unique) — data hops between RGB channels in a pattern that IS the key. like frequency hopping in radio. ⊰ MATRYOSHKA (unique) — images inside images inside images. 11 layers deep. each layer is a valid image. ⊰ GHOST MODE (unique) — AES-256-GCM (600k PBKDF2 iterations) + bit scrambling + 50% noise decoys. 13 text steganography methods (no other tool has any): ▸ ZERO-WIDTH — invisible characters between visible letters ▸ INVISIBLE INK — Unicode Tag Characters (U+E0000). renders invisible everywhere ▸ HOMOGLYPHS — 'a' → 'а' (Cyrillic). visually identical. different bytes ▸ VARIATION SELECTORS — invisible modifiers after characters ▸ COMBINING MARKS — invisible joiners after letters ▸ CONFUSABLE WHITESPACE — en-space = 01, em-space = 10, thin-space = 11. 2 bits per space. text looks normal. the spaces are "wrong" ▸ DIRECTIONAL OVERRIDES — invisible RLO/LRO bidi characters ▸ HANGUL FILLER — Korean invisible character replaces spaces ▸ MATH BOLD — 'a' becomes '𝐚'. looks like bold text. each bold letter = 1 bit ▸ BRAILLE — each byte maps to a Braille pattern character ▸ EMOJI SUBSTITUTION — 🔵 = 0, 🔴 = 1 ▸ EMOJI SKIN TONE — 👍🏻👍🏼👍🏾👍🏿 four skin tone modifiers = 2 bits each. a row of thumbs-up with different skin tones looks like a diversity post. it's binary data. four emoji = one byte. detection: 50 tools including RS Analysis (academic gold standard), Sample Pairs, chi-square, bit-plane entropy, PCAP protocol analysis, and the AI agent orchestrates all of them automatically. for AI agents: from steg_core import encode, decode from analysis_tools import detect_unicode_steg, TOOL_REGISTRY 50 tools as importable functions. test prompt injection via images. detect covert agent channels. watermark outputs. ▸ 112 techniques across every modality ▸ 50 analysis tools, 568 automated tests ▸ 109 pre-encoded example files ▸ runs 100% in browser at ste.gg — zero server ▸ pip install stegg — live on PyPI right now the README has 7 hidden secrets. the banner has 3 layers. the website has multiple easter eggs. good luck! ⊰•-•✧•-•-⦑ 󠁨󠁩󠁤󠁤󠁥󠁮󠀠󠁩󠁮󠀠󠁰󠁬󠁡󠁩󠁮󠀠󠁳󠁩󠁧󠁨󠁴 ⦒-•-•✧•-•⊱ 🔗 ste.gg 📦 pip install stegg 🐙 github.com/elder-plinius/… *formerly known as Stegosaurus Wrecks* 🦕 T‍​​‌​‌‌‌​​​‌​‌‌​‌​​‌​‌‌‌​​​‌​‌‌​‌​​‌​‌‌‌​​​‌​‌‌​‌​​‌​‌‌‌​​​‌​‌‌​‌​​‌‌‌‌​​​‌‌‌‌‌​​​‌​​​‌‌‌​‌​​‌‌‌‌​‌​​​‌​​​‌​​‌‌​‌​‌​​‌‌‌‌​‌​​​‌​​​‌​​​‌​‌​​‌‌‌​‌​​‌​​​‌​‌​‌​​‌‌‌​​‌​​​​​‌​‌​​​​‌​​‌​​‌‌​​​‌​​​‌​‌​‌​​​‌​​​‌‌‌‌‌​​​​‌‌‌‌‌​​​‌​‌‌​‌​​‌​‌‌‌​​​‌​‌‌​‌​​‌​‌‌‌​​​‌​‌‌​‌​​‌​‌‌‌​​​‌​‌‌​‌​​‌​‌‌‌​‍his text is totally not hiding an invisible sleeper-trigger prompt-injection.

25% OFF AWS courses (ARTE & ARTA) to celebrate our new AWS labs 🚀 🕒 Until April 12 (23:59 CET) Code: AWSUPGRADE 👉 hacktricks-training.com If you’ve been thinking about leveling up your cloud security skills — now’s the time. #AWS #Cloud #RedTeam #CyberSecurity #Hacktricks

Last month we ran the Cloud, K8s & CI/CD Trust Hardening workshop with @hacktricks_live, exploring how trust boundaries across identities, pipelines, and Kubernetes shape modern cloud security. Key takeaways in the recap 👇 cyberhelmets.com/cloud-trust-20…

If an untrusted PR runs in CI, attackers can steal tokens and push to trusted branches. We added a lab reproducing this AWS CodeBuild attack in HackTricks Training: hacktricks-training.com/courses/arte/ Check out the attack here: cloud.hacktricks.wiki/en/pentesting-…

🚨 CI/CD can become your attack surface. Wiz found an unanchored regex in AWS CodeBuild webhook filters that let attackers bypass PR trust checks and run code in privileged builds. One small CI misconfig → supply-chain compromise.

Presenting Malware World - available in HackTricks Tools! Now you can easily detect potentially malicious hosts on the internet from your browser using Malware World directly from malwareworld.com #hacktricks #tools #malware #threatintel #security #blacklists

🗓 Thursday 19th & Friday 20th 🕒 3pm–9pm CET | 9am–3pm EST 🌍 Live online Final seats available. More info & registration: cyberhelmets.com/cloud-k8s-ci-c…

We’ll cover topics as: - Defensive and offensive strategies for Cloud Least Privilege - Key Management attacks & hardening - Real-world CI/CD attack paths - Kubernetes trust boundaries and privilege escalation All with Hands-on labs based on realistic scenarios

This Thursday & Friday, we’re delivering a 2-day intensive hands-on cloud security workshop in collaboration with @CyberHelmets: cyberhelmets.com/cloud-k8s-ci-c… Cloud, K8s & CI/CD Trust Hardening 🧵👇

Presenting HackTricks AI Chatbot - available in HackTricks Tools! Now you can easily get instant answers to your security questions from your browser using the HackTricks AI Chatbot directly from ai.hacktricks.wiki #hacktricks #tools #ai #chatbot #pentesting #security

@hacktricks_live labs are where cloud security stops being theory and starts feeling real. Join next week's live sessions here👉cyberhelmets.com/cloud-k8s-ci-c… #CyberHelmets #HackTricks #CloudSecurity #CyberSecurityTraining #CyberSecurity #AWS #GCP #Azure #Workshop

Check out the new HackTricks T-shirts we have just received. They will be available at @hackplayers Conference tomorrow! Come to the HackTricks Training stand to check them out.

Presenting Domain & DNS Audit Tool - available in HackTricks Tools! Now you can easily perform comprehensive DNS and domain security audits from your browser using the DNS Audit Tool directly from tools.hacktricks.wiki #hacktricks #tools #dns #security #infosec #email