📚 One unified search (SQLite FTS5, BM25 ranking) over HackTricks, PayloadsAllTheThings, The Hacker Recipes, OWASP WSTG/MASTG/ASVS, GTFOBins, LOLBAS, plus SDR 📡, Bluetooth, Wi-Fi, glitching ⚡, RE, DFIR 🔬 and OSINT 🕵️ .

Con la exhibición de Olise con su hacktricks con Francia menos lo vende el Bayern Munich.

THE ENTIRE OFFSEC CURRICULUM JUST GOT REPACKAGED AS CLAUDE SKILLS. OSCP costs $1,649. OSEP costs around $2,500. OSED costs another $2,500. SANS courses run $8,000 each. A Burp Suite Pro license is $475 a year. A senior pentester clears $180k. A guy on the internet named Kai Aizen just put the methodology behind all of it into 58 SKILL.md files and pushed them to GitHub for free. The pack is called claude-red. It primes Claude with expert-level offensive methodology across 13 categories the certification industry charges five figures to teach: - Web app exploitation → 16 skills (the whole OWASP Top 10 and then some) - Active Directory → Kerberoasting, ASREProast, ADCS ESC1 through ESC15, delegation abuse, NTLM relay, hybrid AAD pivots - Wireless → WPA2/3 cracking, evil twin RADIUS, Dragonblood, KRACK, BLE, Zigbee, Z-Wave, LoRaWAN - Cloud → AWS/Azure/GCP privesc, IMDS abuse, cross-account persistence - Exploit dev → modern kernel mitigations, ROP, CFG/CET/PAC bypass theory - EDR evasion → unhooking, indirect syscalls, PPID spoofing - AI security → prompt injection, jailbreaks, RAG poisoning Here's the part the cert industry doesn't want you to think about: The actual methodology behind every OSCP-style course is publicly documented in OWASP guides, PortSwigger Academy, HackTricks, BloodHound docs, ADSecurity, the Shellcoder's Handbook, and a hundred Black Hat talks. claude-red just organizes it into context-aware skills that load on demand inside Claude. 1,931 stars in three months. 314 forks. MIT license. 22 commits because the author dropped the whole library at once. One honest note: this is for authorized red team work, bug bounty programs you're scoped for, and CTF prep. Hitting things you don't have permission to hit is a felony in most jurisdictions and no skill file will save you from that. The five-figure certification industry just got a peer it didn't ask for. Repo in the first comment.

HackTricks — The Cybersecurity Knowledge Base Every Security Professional Should Bookmark 📚💀 HackTricks is one of the most comprehensive cybersecurity resources available, packed with practical techniques, methodologies, and real-world knowledge across offensive and defensive security. What you'll find: • Web, Network, Cloud, Active Directory, and Mobile Security • Privilege Escalation techniques for Linux and Windows • Red Teaming, Bug Bounty, and CTF resources • Malware Analysis, Reverse Engineering, and Forensics • Kubernetes, Containers, and Cloud Security guides • Regularly updated research, playbooks, and attack techniques Whether you're preparing for certifications, solving CTFs, hunting bugs, or working in security operations, HackTricks is an invaluable reference library. 🔗 github.com/HackTricks-wiki/h… #CyberSecurity #HackTricks #Pentesting #bugbounty #RedTeam #BlueTeam #CloudSecurity #AppSec

Day 14 / 30 — RESOURCES: GitHub Repos to Star NOW Bookmark these. Reference them weekly. Live in them. → PayloadsAllTheThings — every payload for every vuln class github.com/swisskyrepo/Paylo… → SecLists — wordlists for everything github.com/danielmiessler/Se… → HackTricks — methodology bible github.com/carlospolop/hackt… → Awesome-Bugbounty-Writeups — categorized writeups github.com/devanshbatham/Awe… → Bug-Bounty-Beginner-Roadmap github.com/1ndianl33t/Bug-Bo… → Resources-for-Beginner-Bug-Bounty-Hunters (@NahamSec) github.com/nahamsec/Resource… #bugbountytips #resources #github #bugbounty #infosec #cybersecurity

“Security is too expensive to learn” People who don’t know about: PortSwigger Academy (fully free) TryHackMe (free tier) Hack The Box (free machines) SANS Reading Room (3,000 papers) HackTricks (entire pentesting wiki) MITRE ATT&CK (adversary tradecraft) The barrier isn’t money. It’s discipline.

5. HackTricks AI github.com/HackTricks-wiki/h… 6. Hacking Buddy GPT github.com/ipa-lab/hackingBu… 7. HexSec GPT github.com/hexsecteam/HexSec… 8. HexStrike AI github.com/0x4m4/hexstrike-a…

You can now request to update a HackTricks page! The new "Request Page Update" button of hacktricks.wiki and cloud.hacktricks.wiki allows you to request an AI agent to update the page with the latest hacking techniques!

🤖 𝟭𝟯 𝗔𝗜 𝗣𝗲𝗻𝘁𝗲𝘀𝘁𝗶𝗻𝗴 𝗧𝗼𝗼𝗹𝘀 𝗬𝗼𝘂 𝗠𝘂𝘀𝘁 𝗞𝗻𝗼𝘄 𝗜𝗻 𝟮𝟬𝟮𝟲 ⚔️ ① 🤖 Cybersecurity AI (CAI) ② 🔍 DeepExploit ③ 🐍 Gyoithon ④ 🧠 HackGPT ⑤ 🛠️ HackTricks AI ⑥ 💻 Hacking Buddy GPT ⑦ 🛡️ HexSec GPT ⑧ ⚡ HexStrike AI ⑨ 🌌 Nebula ⑩ 🧬 NeuroSploit ⑪ 🤖 PentestAgent ⑫ 🧠 PentestAGI ⑬ 💻 PentestGPT #CyberSecurity #Pentesting #AI #EthicalHacking #RedTeam #InfoSec

This weekend we launch LHE — Linux Hardening Expert, an expert-level HackTricks Training certification focused on Linux privilege escalation, hardening, and real-world attack paths. It's an Expert course with Apprentice price 20% off (Pre-release offer) hacktricks-training.com/cour…

هذا الموقع اسمه HackTricks يعطيك خطوات واضحة كيف تبحث عن الثغرات في أي موقع أو شبكة وفيه شروحات ايضا وقسم خاص بال Pentesting Methodology hacktricks.wiki/en/index.htm…

New HackTricks tools at tools.hacktricks.wiki/: - Request to update outdated HT pages with the researcher tool - Use the API for RAG-ready best matches from hacktricks - Access the HT AI chatbot via API - ... The new Pentester plan is live, and every tool includes a free tier.

Mind maps and methodologies for bug bounty hunters: Methodologies: - TBHM: github.com/jhaddix/tbhm - OWASP WSTG: owasp.org/www-project-web-se… - HackTricks: book.hacktricks.wiki/ - PayloadsAllTheThings: github.com/swisskyrepo/Paylo… - HowToHunt: github.com/KathanP19/HowToHu… - Pentest Book: pentest-book.com/ - The Hacker Recipes: thehacker.recipes/ Mind maps: - Mind-Maps: github.com/imran-parray/Mind… - Assessment-mindset: github.com/dsopas/assessment… - Harsh Bothra XMind: xmind.app/share/_xmind_EPVIE… #bugbounty #bugbountytips #infosec #cybersecurity #pentesting #appsec

API Hacking for bug bounty hunters: Knowledge base - OWASP API Security Top 10 - owasp.org/API-Security/ - Hacking APIs by Corey J Ball - nostarch.com/hacking-apis - Black Hat GraphQL by Aleks & Farhi - nostarch.com/black-hat-graph… - OWASP API Security Cheat Sheet - cheatsheetseries.owasp.org/c… - Inon Shkedy's 31 Days of API Security Tips - github.com/inonshk/31-days-o… Training - APIsec University (free) - university.apisec.ai - PortSwigger Web Security Academy - portswigger.net/web-security… - HackTheBox Academy API Attacks - academy.hackthebox.com/cours… - PentesterLab API Badge - pentesterlab.com/badges/api Vulnerable labs - crAPI (OWASP) - github.com/OWASP/crAPI - vAPI - github.com/roottusk/vapi - VAmPI - github.com/erev0s/VAmPI - DVGA - github.com/dolevf/Damn-Vulne… - DVWS-node - github.com/snoopysecurity/dv… - Pixi - github.com/DevSlop/Pixi - Tiredful-API - github.com/payatu/Tiredful-A… - Websheep - github.com/lipp/websheep - OWASP Juice Shop - github.com/juice-shop/juice-… API specific tools - Kiterunner - github.com/assetnote/kiterun… - Arjun - github.com/s0md3v/Arjun - Postman - postman.com - Insomnia - insomnia.rest - Bruno - usebruno.com - mitmproxy - mitmproxy.org - Hetty - hetty.xyz - Akto - github.com/akto-api-security… - JWT_Tool - github.com/ticarpi/jwt_tool - jwt.io - jwt.io - Clairvoyance - github.com/nikitastupin/clai… - InQL - github.com/doyensec/inql - Param Miner - github.com/PortSwigger/param… - Swagger-EZ - github.com/RhinoSecurityLabs… Checklists and methodology - hAPI Hacker - hackingapis.com - HackTricks API Pentesting - book.hacktricks.xyz/network-… - API-Pentesting-Resources - github.com/riteshs4hu/API-Pe… - Shieldfy API Security Checklist - github.com/shieldfy/API-Secu… Wordlists - SecLists - github.com/danielmiessler/Se… - Kiterunner routes - github.com/assetnote/kiterun… - Assetnote wordlists - wordlists.assetnote.io #BugBounty #APISecurity #APIHacking #InfoSec #CyberSecurity #PenTesting #EthicalHacking #WebSecurity

HackTricks has become one of those resources you keep open in a permanent tab. Constantly updated with practical pentesting techniques, privilege escalation paths, and real-world attack methods. @hacktricks_live hacktricks.wiki/en/index.htm…

🐉 ¡Atención guerreros Z! 💻 Te presentamos el Capture The Flag (CTF) de Hackén IV, impulsado por @thehackerslabs. Demuestra tu poder, escala el ranking y conquista la cima. 🏆 ¡El podio tiene premio! 🏆 Los ganadores recibirán 1 certificación de @hacktricks_live, asignadas y elegidas por orden de clasificación del podio. No te quedes fuera de esta gran batalla. 🏆 Recuerda que las entradas se están agotando rápidamente. ¡Te esperamos para liberar tu potencial! Consigue la tuya aquí: enterticket.es/eventos/hacke… 🐉 El próximo 17-18 de abril, únete a la batalla en IFEJA Jaén. 💻 #HackTricks #HackénIV #Ciberseguridad #CTF #TheHackerLabs #Jaén

WebSocket Security Resources PortSwigger Web Security Academy - portswigger.net/web-security… WebSocket Security Checklist - hetmehta.com/resources/Webso… OWASP WebSocket Security Cheat Sheet - cheatsheetseries.owasp.org/c… HackTricks WebSockets - blog.1nf1n1ty.team/hacktrick… WebSocket Security Explained - christian-schneider.net/blog…

Web resources for bug bounty hunters: CyberChef - gchq.github.io/CyberChef crt[.]sh - crt.sh JWT[.]io - jwt.io VirusTotal - virustotal.com Shodan - shodan.io Censys - search.censys.io URLScan - urlscan.io SecurityHeaders - securityheaders.com SecurityTrails - securitytrails.com DNSDumpster - dnsdumpster.com Wayback Machine - web.archive.org HackTricks - book.hacktricks.wiki RevShells - revshells.com PortSwigger XSS Cheat Sheet - portswigger.net/web-security… OWASP Testing Guide - owasp.org/www-project-web-se… OWASP Cheat Sheets - cheatsheetseries.owasp.org BBRadar - bbradar.io BBScope - bbscope.com ProjectDiscovery Cloud - cloud.projectdiscovery.io Webhook[.]site - webhook.site Exploit-DB - exploit-db.com HTTPie - httpie.io FOFA - fofa.info Netlas - netlas.io FullHunt - fullhunt.io Whois Lookup - who.is BuiltWith - builtwith.com Wappalyzer - wappalyzer.com RapidDNS - rapiddns.io Pentest-Tools - pentest-tools.com Web-Check - web-check.xyz Bug Bounty Daily - bugbountydaily.com Bug Bounty Directory - bugbountydirectory.com Bug Bounty Forum - bugbounty.forum Payload Playground - payloadplayground.com SwiPixel - swipixel.com SecurityToolkits - securitytoolkits.com/bug-hun… Pentestbook Checklist - pentestbook.six2dez.com/othe… Drop the ones I'm missing or the ones you use the most #BugBounty #BugBountyTips #WebSec #AppSec #Cybersecurity

Some resources are useful. 𝗵𝗮𝗰𝗸𝘁𝗿𝗶𝗰𝗸𝘀.𝘄𝗶𝗸𝗶 becomes part of how you work. 🛡️ A practical knowledge base for: 🔹 Enum & PrivEsc 🔹 AD & Cloud 🔹 Attack Paths Built for 𝗽𝗿𝗮𝗰𝘁𝗶𝘁𝗶𝗼𝗻𝗲𝗿𝘀 to learn while doing. 🚀 #Cybersecurity #HackTricks #shiftavenue

25% OFF AWS courses (ARTE & ARTA) to celebrate our new AWS labs 🚀 🕒 Until April 12 (23:59 CET) Code: AWSUPGRADE 👉 hacktricks-training.com/ If you’ve been thinking about leveling up your cloud security skills — now’s the time. #AWS #Cloud #RedTeam #CyberSecurity #Hacktricks