Matthew McCorkle

Day 10 - HackTricks - 100 tools in 100 days!

1 . Introduction
2 . What is HackTricks?
3 . Why use HackTricks?
4 . How to use HackTricks?
5 . Summary


This post is designed to introduce you to Carlos Polop’s book HackTricks.


1. Introduction

Welcome to the tenth blog post of 100 tools in 100 days.

Disclaimer: HackTricks is not a Kali or Parrot default tool.

HackTricks is a resource developed and combined by Carlos Polop. Below are links to his platforms:
LinkedIn
GitHub
Twitter
Discord

Not all information within HackTricks is owned by Carlos and he has given credit where it is due throughout the book.

Find HackTricks here.

HackTricks is not a tool in the sense that you cannot run or load this to perform an action.

However, HackTricks is a resource that is absolutely valuable to anyone in the information security realm.

Carlos Polop is the developer of the popular privilege escalation script suite PEASS. Check out his work on PEASS here.

He was a presenter at DEFCON in 2021 where he discussed PEASS and demonstrated the uses of the various PEAS from the suite. Click here to watch the video on YouTube.


2. What is HackTricks?

Hacktricks is a resource that can help a pentester develop their methodology during penetration testing. Below are some of the key topics Carlos has compiled and written information for.

Pentesting Methodology - Carlos gives an excellent example of Pentesting Methodology where he breaks down the process into 12 main steps.

Hardening - Carlos discusses hardening steps for Linux, MacOS, and Windows. These are all excellent resources for checking up on your system security and implementing safer procedures to harden your systems.

Pentesting - Carlos discusses in great detail a variety of pentesting processes on networks, websites, mobile devices, the cloud, and even hardware.

Reversing & Exploiting - Carlos discusses reversing procedures in-depth as well as various exploit tools used on all operating systems.

Cryptography & Steganography - Carlos discusses cryptography and steganography in-depth and the tools/information available to understand each of these subjects.


3. Why use HackTricks?

HackTricks is an excellent resource that can be used during pentesting to reference the types of exploits and vulnerabilities that may exist for a system or network you are trying to gain access to.

Training - this is an excellent tool for training and understanding how, why, and when to use certain pentesting techniques.

Capture the Flags - Use this during your CTF as a reference to help you achieve a foothold on the target.


4. How to use HackTricks?

Go to the HackTricks website here.

Which is also this URL:

https://book.hacktricks.xyz/welcome/readme


5. Summary

HackTricks is one of the best resources for referencing when conducting penetration testing.

Carlos Polop developed the resource on GitHub and offers it as an OpenSource tool to the community.

If you want to support Carlos Polop you can do so by subscribing to him here:

https://github.com/sponsors/carlospolop

Or purchasing swag from him here:

https://peass.creator-spring.com/

Or purchasing NFTs here:

https://opensea.io/collection/the-peass-family

Or purchasing the PDF of HackTricks here:

https://www.buymeacoffee.com/carlospolop/shop

Thanks for reading!

If you have suggestions for what tool to cover next, contact me!