Merge branch 'master' into ad-enhance

1911-pentesting-fox.md

@@ -2,15 +2,15 @@
 
 And more services:
 
-ubiquiti-discover udp "Ubiquiti Networks Device" 
+ubiquiti-discover udp "Ubiquiti Networks Device" 
 
 dht udp "DHT Nodes"
 
 5060 udp sip "SIP/"
 
 ![](<.gitbook/assets/image (273).png>)
 
-![](<.gitbook/assets/image (345) (2) (2) (2) (2) (2) (2) (2) (2) (2) (1) (2).png>)
+![](<.gitbook/assets/image (345) (2) (2) (2) (2) (2) (2) (2) (2) (2) (1) (2) (1).png>)
 
 InfluxDB
 

README.md

@@ -30,7 +30,7 @@ If you want to **share some tricks with the community** you can also submit **pu
 
 ### [STM Cyber](https://www.stmcyber.com)
 
-![](<.gitbook/assets/image (642) (1).png>)
+![](<.gitbook/assets/image (642) (1) (1).png>)
 
 [**STM Cyber**](https://www.stmcyber.com) is a great cybersecurity company whose slogan is **HACK THE UNHACKABLE**. They perform their own research and develop their own hacking tools to **offer several valuable cybersecurity services** like pentestings, Red teams and training.
 

SUMMARY.md

@@ -190,13 +190,13 @@
 * [Pentesting Network](pentesting/pentesting-network/README.md)
   * [Spoofing LLMNR, NBT-NS, mDNS/DNS and WPAD and Relay Attacks](pentesting/pentesting-network/spoofing-llmnr-nbt-ns-mdns-dns-and-wpad-and-relay-attacks.md)
   * [Spoofing SSDP and UPnP Devices with EvilSSDP](pentesting/pentesting-network/spoofing-ssdp-and-upnp-devices.md)
-  * [Wifi Attacks](pentesting/pentesting-network/wifi-attacks/README.md)
-    * [Evil Twin EAP-TLS](pentesting/pentesting-network/wifi-attacks/evil-twin-eap-tls.md)
   * [Pentesting IPv6](pentesting/pentesting-network/pentesting-ipv6.md)
   * [Nmap Summary (ESP)](pentesting/pentesting-network/nmap-summary-esp.md)
   * [Network Protocols Explained (ESP)](pentesting/pentesting-network/network-protocols-explained-esp.md)
   * [IDS and IPS Evasion](pentesting/pentesting-network/ids-evasion.md)
   * [DHCPv6](pentesting/pentesting-network/dhcpv6.md)
+* [Pentesting Wifi](pentesting/pentesting-wifi/README.md)
+  * [Evil Twin EAP-TLS](pentesting/pentesting-wifi/evil-twin-eap-tls.md)
 * [Pentesting JDWP - Java Debug Wire Protocol](pentesting/pentesting-jdwp-java-debug-wire-protocol.md)
 * [Pentesting Printers](pentesting/pentesting-printers/README.md)
   * [Accounting bypass](pentesting/pentesting-printers/accounting-bypass.md)
@@ -458,6 +458,7 @@
   * [XSS Tools](pentesting-web/xss-cross-site-scripting/xss-tools.md)
   * [Iframes in XSS and CSP](pentesting-web/xss-cross-site-scripting/iframes-in-xss-and-csp.md)
   * [Other JS Tricks](pentesting-web/xss-cross-site-scripting/other-js-tricks.md)
+  * [Steal Info JS](pentesting-web/xss-cross-site-scripting/steal-info-js.md)
 * [XSSI (Cross-Site Script Inclusion)](pentesting-web/xssi-cross-site-script-inclusion.md)
 * [XS-Search](pentesting-web/xs-search.md)
 
@@ -530,6 +531,10 @@
     * [Monitoring with Falco](pentesting/pentesting-kubernetes/kubernetes-hardening/monitoring-with-falco.md)
     * [Kubernetes SecurityContext(s)](pentesting/pentesting-kubernetes/kubernetes-hardening/kubernetes-securitycontext-s.md)
     * [Kubernetes NetworkPolicies](pentesting/pentesting-kubernetes/kubernetes-hardening/kubernetes-networkpolicies.md)
+* [Concourse](cloud-security/concourse/README.md)
+  * [Concourse Architecture](cloud-security/concourse/concourse-architecture.md)
+  * [Concourse Lab Creation](cloud-security/concourse/concourse-lab-creation.md)
+  * [Concourse Enumeration & Attacks](cloud-security/concourse/concourse-enumeration-and-attacks.md)
 * [Cloud Security Review](cloud-security/cloud-security-review.md)
 * [AWS Security](cloud-security/aws-security.md)
 
@@ -625,10 +630,19 @@
 * [More Tools](todo/more-tools.md)
 * [MISC](todo/misc.md)
 * [Pentesting DNS](todo/pentesting-dns.md)
-* [Hardware Hacking](todo/hardware-hacking.md)
+* [Hardware Hacking](todo/hardware-hacking/README.md)
+  * [I2C](todo/hardware-hacking/i2c.md)
+  * [UART](todo/hardware-hacking/uart.md)
+  * [Radio](todo/hardware-hacking/radio.md)
+  * [JTAG](todo/hardware-hacking/jtag.md)
+  * [SPI](todo/hardware-hacking/spi.md)
 
 ***
 
+* [Radio Hacking](radio-hacking/README.md)
+  * [Pentesting RFID](radio-hacking/pentesting-rfid.md)
+  * [Low-Power Wide Area Network](radio-hacking/low-power-wide-area-network.md)
+  * [Pentesting BLE - Bluetooth Low Energy](radio-hacking/pentesting-ble-bluetooth-low-energy.md)
 * [Burp Suite](burp-suite.md)
 * [Other Web Tricks](other-web-tricks.md)
 * [Interesting HTTP](interesting-http.md)

about-the-author.md

@@ -10,15 +10,13 @@ I also wants to say **thanks to all the people that share cyber-security related
 
 ### BIO
 
-If for some weird reason you are interested in knowing about my bio here you have a summary:
-
-* I've worked in different companies as sysadmin, developer and **pentester**.
+* I've worked in different companies as sysadmin, developer and **pentester**
 * I'm a **Telecommunications Engineer** with a **Masters** in **Cybersecurity**
-* Relevant certifications: **OSCP, OSWE**, **CRTP, eMAPT, eWPTXv2** and Professional Drone pilot.
-* I speak **Spanish** and **English** and little of French (some day I will improve that).
+* Relevant certifications: **OSCP, OSWE**, **CRTP, eMAPT, eWPTXv2** and Professional Drone pilot
+* I speak **Spanish** and **English** and little of French (some day I will improve that)
 * I'm a **CTF player**
 * I'm very proud of this **book** and my **PEASS** (I'm talking about these peass: [https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite))
-* And I really enjoy researching, playing CTFs, pentesting and everything related to **hacking**.
+* And I really enjoy researching, playing CTFs, pentesting and everything related to **hacking**
 
 ### Support HackTricks
 

cloud-security/concourse/README.md

@@ -0,0 +1,31 @@
+# Concourse
+
+**Concourse allows you to build pipelines to automatically run tests, actions and build images whenever you need it (time based, when something happens...)**
+
+## Concourse Architecture
+
+Learn how the concourse environment is structured in:
+
+{% content-ref url="concourse-architecture.md" %}
+[concourse-architecture.md](concourse-architecture.md)
+{% endcontent-ref %}
+
+## Run Concourse Locally
+
+Learn how you can run a concourse environment locally to do your own tests in:
+
+{% content-ref url="concourse-lab-creation.md" %}
+[concourse-lab-creation.md](concourse-lab-creation.md)
+{% endcontent-ref %}
+
+## Enumerate & Attack Concourse
+
+Learn how you can enumerate the concourse environment and abuse it in:
+
+{% content-ref url="concourse-enumeration-and-attacks.md" %}
+[concourse-enumeration-and-attacks.md](concourse-enumeration-and-attacks.md)
+{% endcontent-ref %}
+
+## References
+
+* [https://concourse-ci.org/internals.html#architecture-worker](https://concourse-ci.org/internals.html#architecture-worker)

cloud-security/concourse/concourse-architecture.md

@@ -0,0 +1,26 @@
+# Concourse Architecture
+
+## Architecture
+
+![](<../../.gitbook/assets/image (651).png>)
+
+### ATC: web UI & build scheduler
+
+The ATC is the heart of Concourse. It runs the **web UI and API** and is responsible for all pipeline **scheduling**. It **connects to PostgreSQL**, which it uses to store pipeline data (including build logs).
+
+The [checker](https://concourse-ci.org/checker.html)'s responsibility is to continously checks for new versions of resources. The [scheduler](https://concourse-ci.org/scheduler.html) is responsible for scheduling builds for a job and the [build tracker](https://concourse-ci.org/build-tracker.html) is responsible for running any scheduled builds. The [garbage collector](https://concourse-ci.org/garbage-collector.html) is the cleanup mechanism for removing any unused or outdated objects, such as containers and volumes.
+
+### TSA: worker registration & forwarding
+
+The TSA is a **custom-built SSH server** that is used solely for securely **registering** [**workers**](https://concourse-ci.org/internals.html#architecture-worker) with the [ATC](https://concourse-ci.org/internals.html#component-atc).
+
+The TSA by **default listens on port `2222`**, and is usually colocated with the [ATC](https://concourse-ci.org/internals.html#component-atc) and sitting behind a load balancer.
+
+The **TSA implements CLI over the SSH connection,** supporting [**these commands**](https://concourse-ci.org/internals.html#component-tsa).
+
+### Workers
+
+In order to execute tasks concourse must have some workers. These workers **register themselves** via the [TSA](https://concourse-ci.org/internals.html#component-tsa) and run the services [**Garden**](https://github.com/cloudfoundry-incubator/garden) and [**Baggageclaim**](https://github.com/concourse/baggageclaim).
+
+* **Garden**: This is the **Container Manage AP**I, usually run in **port 7777** via **HTTP**.
+* **Baggageclaim**: This is the **Volume Management API**, usually run in **port 7788** via **HTTP**.