diff --git a/.gitbook/assets/image (1) (1) (1).png b/.gitbook/assets/image (1) (1) (1).png index ee23c3b512..0197610ce0 100644 Binary files a/.gitbook/assets/image (1) (1) (1).png and b/.gitbook/assets/image (1) (1) (1).png differ diff --git a/.gitbook/assets/image (1) (1).png b/.gitbook/assets/image (1) (1).png index 0197610ce0..a05b0f3399 100644 Binary files a/.gitbook/assets/image (1) (1).png and b/.gitbook/assets/image (1) (1).png differ diff --git a/.gitbook/assets/image (1).png b/.gitbook/assets/image (1).png index a05b0f3399..ce8af1068d 100644 Binary files a/.gitbook/assets/image (1).png and b/.gitbook/assets/image (1).png differ diff --git a/.gitbook/assets/image (2) (1) (1).png b/.gitbook/assets/image (2) (1) (1).png index 372d616695..d1b61b8152 100644 Binary files a/.gitbook/assets/image (2) (1) (1).png and b/.gitbook/assets/image (2) (1) (1).png differ diff --git a/.gitbook/assets/image (2) (1).png b/.gitbook/assets/image (2) (1).png index d1b61b8152..4d17f2da42 100644 Binary files a/.gitbook/assets/image (2) (1).png and b/.gitbook/assets/image (2) (1).png differ diff --git a/.gitbook/assets/image (2).png b/.gitbook/assets/image (2).png index 4d17f2da42..54ee1fb931 100644 Binary files a/.gitbook/assets/image (2).png and b/.gitbook/assets/image (2).png differ diff --git a/.gitbook/assets/image (3) (1).png b/.gitbook/assets/image (3) (1).png index 2c2920a7ed..ee23c3b512 100644 Binary files a/.gitbook/assets/image (3) (1).png and b/.gitbook/assets/image (3) (1).png differ diff --git a/.gitbook/assets/image (3).png b/.gitbook/assets/image (3).png index ee23c3b512..a05b0f3399 100644 Binary files a/.gitbook/assets/image (3).png and b/.gitbook/assets/image (3).png differ diff --git a/.gitbook/assets/image.png b/.gitbook/assets/image.png index a05b0f3399..ce8af1068d 100644 Binary files a/.gitbook/assets/image.png and b/.gitbook/assets/image.png differ diff --git a/pentesting-ci-cd/supabase-security.md b/pentesting-ci-cd/supabase-security.md index b8ecb84fbb..5f264c2037 100644 --- a/pentesting-ci-cd/supabase-security.md +++ b/pentesting-ci-cd/supabase-security.md @@ -140,7 +140,7 @@ By **default** supabase will allow **new users to create accounts** on your proj However, these new accounts, by default, **will need to validate their email address** to be able to login into the account. It's possible to enable **"Allow anonymous sign-ins"** to allow people to login without verifying their email address. This could grant access to **unexpected data** (they get the roles `public` and `authenticated`).\ This is a very bad idea because supabase charges per active user so people could create users and login and supabase will charge for those: -
+
### Passwords & sessions diff --git a/pentesting-cloud/aws-security/aws-post-exploitation/aws-api-gateway-post-exploitation.md b/pentesting-cloud/aws-security/aws-post-exploitation/aws-api-gateway-post-exploitation.md index d73a6fd8f7..a27a3b2b3a 100644 --- a/pentesting-cloud/aws-security/aws-post-exploitation/aws-api-gateway-post-exploitation.md +++ b/pentesting-cloud/aws-security/aws-post-exploitation/aws-api-gateway-post-exploitation.md @@ -1,18 +1,19 @@ # AWS - API Gateway Post Exploitation +{% hint style="success" %} + Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ + Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte) +
-Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! +Support HackTricks -Other ways to support HackTricks: - -* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)! -* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com) -* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family) +* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)! * **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** -* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos. +* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
+{% endhint %} ## API Gateway diff --git a/pentesting-cloud/gcp-security/gcp-basic-information/README.md b/pentesting-cloud/gcp-security/gcp-basic-information/README.md index fc58ecf9e1..169c3bfc71 100644 --- a/pentesting-cloud/gcp-security/gcp-basic-information/README.md +++ b/pentesting-cloud/gcp-security/gcp-basic-information/README.md @@ -29,7 +29,7 @@ Organization A virtual machine (called a Compute Instance) is a resource. A resource resides in a project, probably alongside other Compute Instances, storage buckets, etc. -

https://cloud.google.com/static/resource-manager/img/cloud-hierarchy.svg

+

https://cloud.google.com/static/resource-manager/img/cloud-hierarchy.svg

## **Projects Migration** diff --git a/pentesting-cloud/gcp-security/gcp-services/gcp-compute-instances-enum/gcp-vpc-and-networking.md b/pentesting-cloud/gcp-security/gcp-services/gcp-compute-instances-enum/gcp-vpc-and-networking.md index e3be3e7f1c..56a570f014 100644 --- a/pentesting-cloud/gcp-security/gcp-services/gcp-compute-instances-enum/gcp-vpc-and-networking.md +++ b/pentesting-cloud/gcp-security/gcp-services/gcp-compute-instances-enum/gcp-vpc-and-networking.md @@ -68,7 +68,7 @@ You can read here how to [**create a Hierarchical Firewall Policy**](https://clo ### Firewall Rules Evaluation -
+
1. Org: Firewall policies assigned to the Organization 2. Folder: Firewall policies assigned to the Folder diff --git a/pentesting-cloud/gcp-security/gcp-services/gcp-logging-enum.md b/pentesting-cloud/gcp-security/gcp-services/gcp-logging-enum.md index 106fd221e9..a95d010e08 100644 --- a/pentesting-cloud/gcp-security/gcp-services/gcp-logging-enum.md +++ b/pentesting-cloud/gcp-security/gcp-services/gcp-logging-enum.md @@ -30,7 +30,7 @@ Key Features: ### Logs flow -

https://betterstack.com/community/guides/logging/gcp-logging/

+

https://betterstack.com/community/guides/logging/gcp-logging/

Basically the sinks and log based metrics will device where a log should be stored. @@ -140,7 +140,7 @@ Example to check the logs of **`cloudresourcemanager`** (the one used to BF perm There aren't logs of **`testIamPermissions`**: -
+
### Post Exploitation