maride/hacktricks
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks.git synced 2025-10-10 18:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

a

Browse Source
This commit is contained in:
carlospolop 2025-07-12 10:48:33 +02:00
parent c6ee4707ee
commit 23d3f5017d
43 changed files with 70 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/AI/AI-llm-architecture/0.-basic-llm-concepts.md
View File

@ -1,6 +1,6 @@
# 0. Basic LLM Concepts
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}
## Pretraining
@ -300,4 +300,4 @@ During the backward pass:
- **Accuracy:** Provides exact derivatives up to machine precision.
- **Ease of Use:** Eliminates manual computation of derivatives.
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

4
src/AI/AI-llm-architecture/1.-tokenizing.md
View File

@ -1,6 +1,6 @@
# 1. Tokenizing
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}
## Tokenizing
@ -99,4 +99,4 @@ print(token_ids[:50])
- [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

4
src/AI/AI-llm-architecture/2.-data-sampling.md
View File

@ -1,6 +1,6 @@
# 2. Data Sampling
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}
## **Data Sampling**
@ -241,4 +241,4 @@ tensor([[ 367, 2885, 1464, 1807],
- [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

4
src/AI/AI-llm-architecture/3.-token-embeddings.md
View File

@ -1,6 +1,6 @@
# 3. Token Embeddings
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}
## Token Embeddings
@ -219,4 +219,4 @@ print(input_embeddings.shape) # torch.Size([8, 4, 256])
- [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

4
src/AI/AI-llm-architecture/4.-attention-mechanisms.md
View File

@ -1,6 +1,6 @@
# 4. Attention Mechanisms
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}
## Attention Mechanisms and Self-Attention in Neural Networks
@ -430,5 +430,5 @@ For another compact and efficient implementation you could use the [`torch.nn.Mu
- [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

4
src/AI/AI-llm-architecture/5.-llm-architecture.md
View File

@ -1,6 +1,6 @@
# 5. LLM Architecture
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}
## LLM Architecture
@ -702,4 +702,4 @@ print("Output length:", len(out[0]))
- [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

4
src/AI/AI-llm-architecture/6.-pre-training-and-loading-models.md
View File

@ -1,6 +1,6 @@
# 6. Pre-training & Loading models
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}
## Text Generation
@ -971,4 +971,4 @@ There 2 quick scripts to load the GPT2 weights locally. For both you can clone t
- [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

4
src/AI/AI-llm-architecture/7.0.-lora-improvements-in-fine-tuning.md
View File

@ -1,6 +1,6 @@
# 7.0. LoRA Improvements in fine-tuning
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}
## LoRA Improvements
@ -64,4 +64,4 @@ def replace_linear_with_lora(model, rank, alpha):
- [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

4
src/AI/AI-llm-architecture/7.1.-fine-tuning-for-classification.md
View File

@ -1,6 +1,6 @@
# 7.1. Fine-Tuning for Classification
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}
## What is
@ -117,4 +117,4 @@ You can find all the code to fine-tune GPT2 to be a spam classifier in [https://
- [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

4
src/AI/AI-llm-architecture/7.2.-fine-tuning-to-follow-instructions.md
View File

@ -1,6 +1,6 @@
# 7.2. Fine-Tuning to follow instructions
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}
> [!TIP]
> The goal of this section is to show how to **fine-tune an already pre-trained model to follow instructions** rather than just generating text, for example, responding to tasks as a chat bot.
@ -107,4 +107,4 @@ You can find an example of the code to perform this fine tuning in [https://gith
- [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

4
src/AI/AI-llm-architecture/README.md
View File

@ -1,6 +1,6 @@
# LLM Training - Data Preparation
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}
**These are my notes from the very recommended book** [**https://www.manning.com/books/build-a-large-language-model-from-scratch**](https://www.manning.com/books/build-a-large-language-model-from-scratch) **with some extra information.**
@ -99,4 +99,4 @@ You should start by reading this post for some basic concepts you should know ab
7.2.-fine-tuning-to-follow-instructions.md
{{#endref}}
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

2
src/binary-exploitation/arbitrary-write-2-exec/README.md
View File

@ -1,6 +1,6 @@
# Arbitrary Write 2 Exec
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

2
src/binary-exploitation/arbitrary-write-2-exec/aw2exec-sips-icc-profile.md
View File

@ -52,4 +52,4 @@ Successful exploitation results in remote arbitrary code execution at user privi
- Apple October 2024 Security Update (patch shipping CVE-2024-44236)
https://support.apple.com/en-us/121564
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

2
src/binary-exploitation/array-indexing.md
View File

@ -20,4 +20,4 @@ However he you can find some nice **examples**:
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

2
src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md
View File

@ -123,4 +123,4 @@ Check also the presentation of [https://www.slideshare.net/codeblue_jp/master-ca
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

4
src/binary-exploitation/ios-exploiting.md
View File

@ -1,6 +1,6 @@
# iOS Exploiting
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}
## Physical use-after-free
@ -213,4 +213,4 @@ void iosurface_kwrite64(uint64_t addr, uint64_t value) {
With these primitives, the exploit provides controlled **32-bit reads** and **64-bit writes** to kernel memory. Further jailbreak steps could involve more stable read/write primitives, which may require bypassing additional protections (e.g., PPL on newer arm64e devices).
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

4
src/binary-exploitation/libc-heap/README.md
View File

@ -1,6 +1,6 @@
# Libc Heap
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}
## Heap Basics
@ -531,4 +531,4 @@ heap-memory-functions/heap-functions-security-checks.md
- [https://azeria-labs.com/heap-exploitation-part-2-glibc-heap-free-bins/](https://azeria-labs.com/heap-exploitation-part-2-glibc-heap-free-bins/)
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

2
src/binary-exploitation/libc-heap/use-after-free/first-fit.md
View File

@ -66,4 +66,4 @@ d = malloc(20); // a
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

2
src/generic-methodologies-and-resources/phishing-methodology/discord-invite-hijacking.md
View File

@ -60,4 +60,4 @@ This approach avoids direct file downloads and leverages familiar UI elements to
- From Trust to Threat: Hijacked Discord Invites Used for Multi-Stage Malware Delivery https://research.checkpoint.com/2025/from-trust-to-threat-hijacked-discord-invites-used-for-multi-stage-malware-delivery/
- Discord Custom Invite Link Documentation https://support.discord.com/hc/en-us/articles/115001542132-Custom-Invite-Link
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

4
src/generic-methodologies-and-resources/threat-modeling.md
View File

@ -1,6 +1,6 @@
# Threat Modeling
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}
## Threat Modeling
@ -113,5 +113,5 @@ Now your finished model should look something like this. And this is how you mak
This is a free tool from Microsoft that helps in finding threats in the design phase of software projects. It uses the STRIDE methodology and is particularly suitable for those developing on Microsoft's stack.
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

2
src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-dangerous-entitlements.md
View File

@ -173,4 +173,4 @@ Allow the process to **ask for all the TCC permissions**.
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

2
src/mobile-pentesting/android-app-pentesting/flutter.md
View File

@ -80,4 +80,4 @@ Flutter itself **ignores device proxy settings**. Easiest options:
- [https://sensepost.com/blog/2025/intercepting-https-communication-in-flutter-going-full-hardcore-mode-with-frida/](https://sensepost.com/blog/2025/intercepting-https-communication-in-flutter-going-full-hardcore-mode-with-frida/)
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

2
src/network-services-pentesting/1414-pentesting-ibmmq.md
View File

@ -364,4 +364,4 @@ CONTAINER ID IMAGE COMMAND CRE
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

2
src/network-services-pentesting/pentesting-ntp.md
View File

@ -195,4 +195,4 @@ Entry_2:
- Khronos/Chronos draft (time-shift mitigation)
- chronyc manual/examples for remote monitoring
- zgrab2 ntp module docs
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

4
src/network-services-pentesting/pentesting-web/angular.md
View File

@ -1,6 +1,6 @@
# Angular
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}
## The Checklist
@ -616,5 +616,5 @@ According to the W3C documentation, the `window.location` and `document.location
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

4
src/network-services-pentesting/pentesting-web/django.md
View File

@ -1,6 +1,6 @@
# Django
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}
## Cache Manipulation to RCE
Django's default cache storage method is [Python pickles](https://docs.python.org/3/library/pickle.html), which can lead to RCE if [untrusted input is unpickled](https://media.blackhat.com/bh-us-11/Slaviero/BH_US_11_Slaviero_Sour_Pickles_Slides.pdf). **If an attacker can gain write access to the cache, they can escalate this vulnerability to RCE on the underlying server**.
@ -76,4 +76,4 @@ Always fingerprint the exact framework version via the `X-Frame-Options` error p
* Django security release "Django 5.2.2, 5.1.10, 4.2.22 address CVE-2025-48432" 4 Jun 2025. citeturn0search0
* OP-Innovate: "Django releases security updates to address SQL injection flaw CVE-2024-42005" 11 Aug 2024. citeturn1search2
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

2
src/network-services-pentesting/pentesting-web/laravel.md
View File

@ -1,6 +1,6 @@
# Laravel
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}
### Laravel SQLInjection

4
src/network-services-pentesting/pentesting-web/nodejs-express.md
View File

@ -1,6 +1,6 @@
# NodeJS Express
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}
## Cookie Signature
@ -39,5 +39,5 @@ cookie-monster -e -f new_cookie.json -k secret
```
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

2
src/network-services-pentesting/pentesting-web/spring-actuators.md
View File

@ -68,4 +68,4 @@ Connection: close
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

2
src/pentesting-web/file-inclusion/lfi2rce-via-nginx-temp-files.md
View File

@ -56,4 +56,4 @@ if **name** == "**main**": print('\[DEBUG] Creating requests session') requests\
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

2
src/pentesting-web/idor.md
View File

@ -86,4 +86,4 @@ Combined with **default admin credentials** (`123456:123456`) that granted acces
* [McHire Chatbot Platform: Default Credentials and IDOR Expose 64M Applicants PII](https://ian.sh/mcdonalds)
* [OWASP Top 10 Broken Access Control](https://owasp.org/Top10/A01_2021-Broken_Access_Control/)
* [How to Find More IDORs Vickie Li](https://medium.com/@vickieli/how-to-find-more-idors-ae2db67c9489)
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

2
src/pentesting-web/xss-cross-site-scripting/README.md
View File

@ -1,6 +1,6 @@
# XSS (Cross Site Scripting)
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}
## Methodology

4
src/todo/hardware-hacking/fault_injection_attacks.md
View File

@ -1,6 +1,6 @@
# Fault Injection Attacks
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}
Fault injections attacks includes introducing external distrubance in electronic circuits to influence it's behaviour, resulting to disclose information or even bypass certian restrictions in the circuit. This attacks opens a lot of possibilities for attacking electronic circuits. This attack is also referred as glitching of electronic circuits.
@ -8,4 +8,4 @@ There are a lot of methods and mediums for injecting fault into an electronic ci
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

4
src/todo/hardware-hacking/side_channel_analysis.md
View File

@ -1,6 +1,6 @@
# Side Channel Analysis Attacks
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}
Side Channel Analysis Attacks refers to determining the information from a device or entity by some other channel or source that has an indirect influence on it and information can be extracted from it. This can be explained better with an example:
@ -10,4 +10,4 @@ These attacks are very popular in case of leaking data such as private keys or f
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

4
src/todo/industrial-control-systems-hacking/README.md
View File

@ -1,6 +1,6 @@
# Industrial Control Systems Hacking
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}
## About this Section
@ -18,5 +18,5 @@ These techniques can also be used to protect against attacks and blue teaming fo
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

4
src/todo/industrial-control-systems-hacking/modbus.md
View File

@ -1,6 +1,6 @@
# The Modbus Protocol
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}
## Introduction to Modbus Protocol
@ -34,6 +34,6 @@ Due to it's large scale use and lack of upgradations, attacking Modbus provides
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

4
src/todo/investment-terms.md
View File

@ -1,6 +1,6 @@
# Investment Terms
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}
## Spot
@ -71,4 +71,4 @@ However, the buyer will be paying some fee to the seller for opening the option
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

2
src/todo/radio-hacking/README.md
View File

@ -1,6 +1,6 @@
# Radio Hacking
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

4
src/todo/radio-hacking/fissure-the-rf-framework.md
View File

@ -1,6 +1,6 @@
# FISSURE - The RF Framework
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}
**Frequency Independent SDR-based Signal Understanding and Reverse Engineering**
@ -187,5 +187,5 @@ Special thanks to Dr. Samuel Mantravadi and Joseph Reith for their contributions
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

4
src/todo/rust-basics.md
View File

@ -1,6 +1,6 @@
# Rust Basics
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}
### Generic Types
@ -320,5 +320,5 @@ fn main() {
```
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

4
src/todo/test-llms.md
View File

@ -1,6 +1,6 @@
# Test LLMs
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}
## Run & train models locally
@ -52,5 +52,5 @@ It offers several sections like:
* **API Access:** Simple APIs for running models the enable developers to deploy and scale models effortlessly within their own applications.
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

4
src/windows-hardening/active-directory-methodology/TimeRoasting.md
View File

@ -1,6 +1,6 @@
# TimeRoasting
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}
timeRoasting, the main cause is the outdated authentication mechanism left by Microsoft in its extension to NTP servers, known as MS-SNTP. In this mechanism, clients can directly use any computer account's Relative Identifier (RID), and the domain controller will use the computer account's NTLM hash (generated by MD4) as the key to generate the **Message Authentication Code (MAC)** of the response packet.
@ -39,4 +39,4 @@ sudo ./timeroast.py 10.0.0.42 | tee ntp-hashes.txt
hashcat -m 31300 ntp-hashes.txt
```
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}

4
src/windows-hardening/cobalt-strike.md
View File

@ -1,6 +1,6 @@
# Cobalt Strike
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}
### Listeners
@ -371,5 +371,5 @@ pscp -r root@kali:/opt/cobaltstrike/artifact-kit/dist-pipe .
```
{{#include /banners/hacktricks-training.md}}
{{#include /src/banners/hacktricks-training.md}}