HackTricks

The best way to search for info in HackTricks is using hacktricks.wiki, the search functionality in book.hacktricks.wiki and cloud.hacktricks.wiki. It also works running HackTricks locally! You can also ask the HackTricks AI assistant in hacktricks.ai

We are giving away one ticket to the Hardware Hacking stream offered by hardwarehacking.es the 7th and 8th of May. To participate just press like and share this post! Please note that the streaming will be in Spanish! The winner will be announced the 29th of June.

25% OFF AWS courses (ARTE & ARTA) to celebrate our new AWS labs 🚀 🕒 Until April 12 (23:59 CET) Code: AWSUPGRADE 👉 hacktricks-training.com If you’ve been thinking about leveling up your cloud security skills — now’s the time. #AWS #Cloud #RedTeam #CyberSecurity #Hacktricks

Last month we ran the Cloud, K8s & CI/CD Trust Hardening workshop with @hacktricks_live, exploring how trust boundaries across identities, pipelines, and Kubernetes shape modern cloud security. Key takeaways in the recap 👇 cyberhelmets.com/cloud-trust-20…

If an untrusted PR runs in CI, attackers can steal tokens and push to trusted branches. We added a lab reproducing this AWS CodeBuild attack in HackTricks Training: hacktricks-training.com/courses/arte/ Check out the attack here: cloud.hacktricks.wiki/en/pentesting-…

🚨 CI/CD can become your attack surface. Wiz found an unanchored regex in AWS CodeBuild webhook filters that let attackers bypass PR trust checks and run code in privileged builds. One small CI misconfig → supply-chain compromise.

Presenting Malware World - available in HackTricks Tools! Now you can easily detect potentially malicious hosts on the internet from your browser using Malware World directly from malwareworld.com #hacktricks #tools #malware #threatintel #security #blacklists

🗓 Thursday 19th & Friday 20th 🕒 3pm–9pm CET | 9am–3pm EST 🌍 Live online Final seats available. More info & registration: cyberhelmets.com/cloud-k8s-ci-c…

We’ll cover topics as: - Defensive and offensive strategies for Cloud Least Privilege - Key Management attacks & hardening - Real-world CI/CD attack paths - Kubernetes trust boundaries and privilege escalation All with Hands-on labs based on realistic scenarios

This Thursday & Friday, we’re delivering a 2-day intensive hands-on cloud security workshop in collaboration with @CyberHelmets: cyberhelmets.com/cloud-k8s-ci-c… Cloud, K8s & CI/CD Trust Hardening 🧵👇

Presenting HackTricks AI Chatbot - available in HackTricks Tools! Now you can easily get instant answers to your security questions from your browser using the HackTricks AI Chatbot directly from ai.hacktricks.wiki #hacktricks #tools #ai #chatbot #pentesting #security

@hacktricks_live labs are where cloud security stops being theory and starts feeling real. Join next week's live sessions here👉cyberhelmets.com/cloud-k8s-ci-c… #CyberHelmets #HackTricks #CloudSecurity #CyberSecurityTraining #CyberSecurity #AWS #GCP #Azure #Workshop

Check out the new HackTricks T-shirts we have just received. They will be available at @hackplayers Conference tomorrow! Come to the HackTricks Training stand to check them out.

Presenting Domain & DNS Audit Tool - available in HackTricks Tools! Now you can easily perform comprehensive DNS and domain security audits from your browser using the DNS Audit Tool directly from tools.hacktricks.wiki #hacktricks #tools #dns #security #infosec #email

🇬🇧 Check the 2 days online training about Cloud, K8s & CI/CD: cyberhelmets.com/cloud-k8s-ci-c… 🇪🇸 Check our on-site trainings in Spanish at RootedCON: - 3 Days 3 Clouds: docs.google.com/presentation/d… - CI/CD attack and defense in kubernetes environments (1 day): docs.google.com/presentation/d…

Do you want to improve your Cloud, CI/CD & Kubernetes security knowledge? We are delivering trainings soon! 🇬🇧 Cloud, K8s & CI/CD 2-day online training 🇪🇸 On-site trainings at @rootedcon: - 3 Days 3 Clouds - CI/CD attack and defense in kubernetes environments + info below

👉 One bad permission can lead to full account compromise. Learn how Azure Cosmos DB misconfigurations can lead to privilege escalation:cloud.hacktricks.wiki/en/pentesting-… Hands-on offensive training: Azure Red Team Expert Certification (AzRTE)training.hacktricks.xyz/courses/azrte

🛢️ Azure Cosmos DB is often seen as a secure, managed database, but misconfigured permissions can turn it into a privilege-escalation goldmine. Over-privileged identities may grant roles, extract account keys, or even abuse firewall rules to bypass network restrictions.

Learn from the best! Join Carlos Polop for an intensive, hands-on, 2-day workshop on Cloud, k8s & CI/CD Trust Hardening. 🗓 19–20 February 👉 Register now cyberhelmets.com/cloud-k8s-ci-c… #CyberHelmets #HackTricks #CloudSecurity #CyberSecurityTraining #CyberSecurity #AWS #GCP #Azure #Workshop

Presenting GitHub Leaks Scanner - available in HackTricks Tools! Now you can easily scan GitHub repositories for exposed secrets and credentials from your browser using the GitHub Leaks Scanner directly from tools.hacktricks.wiki #hacktricks #tools #security #github #secrets

HackTricks and HackTricks Cloud have a fresh new UI ✨ Super smooth, much cleaner, and way nicer to read. - book.hacktricks.wiki - cloud.hacktricks.wiki/en/index.html #hacktricks