Merge branch 'master' into update_Strategies_for_Analyzing_Native_Code_in_Android_Ap_20250916_124743

Author: carlospolop

.github/workflows/auto_merge_approved_prs.yml

@@ -2,7 +2,7 @@ name: Auto Merge Approved PRs
 
 on:
   schedule:
-    - cron: '0 */2 * * *'  # Every 2 hours
+    - cron: '0 */1 * * *'  # Every 1 hour
   workflow_dispatch:  # Allow manual triggering
 
 permissions:
@@ -15,6 +15,17 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.PAT_TOKEN }}
+
+      - name: Configure git
+        run: |
+          git config --global user.email "action@github.com"
+          git config --global user.name "GitHub Action"
+
       - name: Check for running workflows
         id: check_workflows
         run: |
@@ -93,6 +104,11 @@ jobs:
             if [ "$has_merge_comment" = true ]; then
               echo "Attempting to merge PR #$pr_number..."
 
+              # Get PR details including head branch
+              pr_details=$(gh pr view "$pr_number" --json headRefName,baseRefName --repo "$GITHUB_REPOSITORY")
+              head_branch=$(echo "$pr_details" | jq -r '.headRefName')
+              base_branch=$(echo "$pr_details" | jq -r '.baseRefName')
+
               # --- Polling for non-UNKNOWN mergeable status ---
               max_retries=10
               retry=0
@@ -118,6 +134,8 @@ jobs:
                 else
                   echo "Failed to merge PR #$pr_number: $pr_title"
                 fi
+              elif [ "$pr_mergeable" = "CONFLICTED" ] || [ "$pr_mergeable" = "CONFLICTING" ]; then
+                echo "PR #$pr_number has conflicts. Skipping auto-merge so it can be resolved manually."
               else
                 echo "PR #$pr_number is not mergeable (status: $pr_mergeable)"
               fi

.github/workflows/build_master.yml

@@ -35,60 +35,38 @@ jobs:
       - name: Build mdBook
         run: MDBOOK_BOOK__LANGUAGE=en mdbook build || (echo "Error logs" && cat hacktricks-preprocessor-error.log && echo "" && echo "" && echo "Debug logs" && (cat hacktricks-preprocessor.log | tail -n 20) && exit 1)
 
-      - name: Update searchindex in repo (purge history, keep current on HEAD)
+      - name: Install GitHub CLI
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y gh
+      
+      - name: Publish search index release asset
         shell: bash
+        env:
+          PAT_TOKEN: ${{ secrets.PAT_TOKEN }}
         run: |
           set -euo pipefail
 
-          ls -la
-          ls -la book
-
-          git config --global --add safe.directory /__w/hacktricks/hacktricks
-          git config --global user.email "build@example.com"
-          git config --global user.name "Build master"
-          git config pull.rebase false
-
-          # Ensure we're on the target branch and up to date
-          git fetch origin
-          git reset --hard origin/master
+          ASSET="book/searchindex.js"
+          TAG="searchindex-en"
+          TITLE="Search Index (en)"
 
-          # Choose the file to keep at HEAD:
-          # 1) Prefer freshly built version from book/
-          # 2) Fallback to the file currently at HEAD (if it exists)
-          HAS_FILE=0
-          if [ -f "book/searchindex.js" ]; then
-            cp "book/searchindex.js" /tmp/sidx.js
-            HAS_FILE=1
-          elif git cat-file -e "HEAD:searchindex.js" 2>/dev/null; then
-            git show "HEAD:searchindex.js" > /tmp/sidx.js
-            HAS_FILE=1
+          if [ ! -f "$ASSET" ]; then
+            echo "Expected $ASSET to exist after build" >&2
+            exit 1
           fi
 
-          # Skip if there's nothing to purge AND nothing to keep
-          if [ "$HAS_FILE" = "1" ] || git rev-list -n 1 HEAD -- "searchindex.js" >/dev/null 2>&1; then
-            # Fail early if working tree is dirty (avoid confusing rewrites)
-            git diff --quiet || { echo "Working tree has uncommitted changes; aborting purge." >&2; exit 1; }
-
-            # Install git-filter-repo and ensure it's on PATH
-            python -m pip install --quiet --user git-filter-repo
-            export PATH="$HOME/.local/bin:$PATH"
-
-            # Rewrite ONLY the current branch, dropping all historical blobs of searchindex.js
-            git filter-repo --force --path "searchindex.js" --invert-paths --refs "$(git symbolic-ref -q HEAD)"
-
-            # Re-add the current version on top of rewritten history (keep it in HEAD)
-            if [ "$HAS_FILE" = "1" ]; then
-              mv /tmp/sidx.js "searchindex.js"
-              git add "searchindex.js"
-              git commit -m "Update searchindex (purged history; keep current)"
-            else
-              echo "No current searchindex.js to re-add after purge."
-            fi
+          TOKEN="${PAT_TOKEN:-${GITHUB_TOKEN:-}}"
+          if [ -z "$TOKEN" ]; then
+            echo "No token available for GitHub CLI" >&2
+            exit 1
+          fi
+          export GH_TOKEN="$TOKEN"
 
-            # Safer force push (only updates if remote hasn't advanced)
-            git push --force-with-lease
+          if ! gh release view "$TAG" >/dev/null 2>&1; then
+            gh release create "$TAG" "$ASSET" --title "$TITLE" --notes "Automated search index build for master" --repo "$GITHUB_REPOSITORY"
           else
-            echo "Nothing to purge; skipping."
+            gh release upload "$TAG" "$ASSET" --clobber --repo "$GITHUB_REPOSITORY"
           fi
 
 

.github/workflows/translate_all.yml

@@ -65,7 +65,7 @@ jobs:
       - name: Update and download scripts
         run: |
           sudo apt-get update
-          sudo apt-get install wget -y
+          sudo apt-get install -y wget gh
           mkdir scripts
           cd scripts
           wget -O get_and_save_refs.py https://raw.githubusercontent.com/HackTricks-wiki/hacktricks-cloud/master/scripts/get_and_save_refs.py
@@ -123,57 +123,35 @@ jobs:
           git pull
           MDBOOK_BOOK__LANGUAGE=$BRANCH mdbook build || (echo "Error logs" && cat hacktricks-preprocessor-error.log && echo "" && echo "" && echo "Debug logs" && (cat hacktricks-preprocessor.log | tail -n 20) && exit 1)
       
-      - name: Update searchindex.js in repo (purge history, keep current on HEAD)
+      - name: Publish search index release asset
         shell: bash
+        env:
+          PAT_TOKEN: ${{ secrets.PAT_TOKEN }}
         run: |
           set -euo pipefail
 
-          # Be explicit about workspace trust (avoids "dubious ownership")
-          git config --global --add safe.directory "$GITHUB_WORKSPACE"
+          ASSET="book/searchindex.js"
+          TAG="searchindex-${BRANCH}"
+          TITLE="Search Index (${BRANCH})"
 
-          git checkout "$BRANCH"
-          git fetch origin "$BRANCH" --quiet
-          git pull --ff-only
-
-          # Choose the file to keep at HEAD:
-          # 1) Prefer freshly built version from book/
-          # 2) Fallback to the file currently at HEAD (if it exists)
-          HAS_FILE=0
-          if [ -f "book/searchindex.js" ]; then
-            cp "book/searchindex.js" /tmp/sidx.js
-            HAS_FILE=1
-          elif git cat-file -e "HEAD:searchindex.js" 2>/dev/null; then
-            git show "HEAD:searchindex.js" > /tmp/sidx.js
-            HAS_FILE=1
+          if [ ! -f "$ASSET" ]; then
+            echo "Expected $ASSET to exist after build" >&2
+            exit 1
           fi
 
-          # Skip if there's nothing to purge AND nothing to keep
-          if [ "$HAS_FILE" = "1" ] || git rev-list -n 1 "$BRANCH" -- "searchindex.js" >/dev/null 2>&1; then
-            # **Fail early if working tree is dirty** (prevents confusing filter results)
-            git diff --quiet || { echo "Working tree has uncommitted changes; aborting purge." >&2; exit 1; }
-
-            # Make sure git-filter-repo is callable via `git filter-repo`
-            python -m pip install --quiet --user git-filter-repo
-            export PATH="$HOME/.local/bin:$PATH"
-
-            # Rewrite ONLY this branch, dropping all historical blobs of searchindex.js
-            git filter-repo --force --path "searchindex.js" --invert-paths --refs "refs/heads/$BRANCH"
-
-            # Re-add the current version on top of rewritten history (keep it in HEAD)
-            if [ "$HAS_FILE" = "1" ]; then
-              mv /tmp/sidx.js "searchindex.js"
-              git add "searchindex.js"
-              git commit -m "Update searchindex (purged history; keep current)"
-            else
-              echo "No current searchindex.js to re-add after purge."
-            fi
+          TOKEN="${PAT_TOKEN:-${GITHUB_TOKEN:-}}"
+          if [ -z "$TOKEN" ]; then
+            echo "No token available for GitHub CLI" >&2
+            exit 1
+          fi
+          export GH_TOKEN="$TOKEN"
 
-            # **Safer force push** (prevents clobbering unexpected remote updates)
-            git push --force-with-lease origin "$BRANCH"
+          if ! gh release view "$TAG" >/dev/null 2>&1; then
+            gh release create "$TAG" "$ASSET" --title "$TITLE" --notes "Automated search index build for $BRANCH" --repo "$GITHUB_REPOSITORY"
           else
-            echo "Nothing to purge; skipping."
+            gh release upload "$TAG" "$ASSET" --clobber --repo "$GITHUB_REPOSITORY"
           fi
-      
+
       # Login in AWs
       - name: Configure AWS credentials using OIDC
         uses: aws-actions/configure-aws-credentials@v3

.gitignore

@@ -11,3 +11,4 @@ book
 book/*
 hacktricks-preprocessor.log
 hacktricks-preprocessor-error.log
+searchindex.js

src/README.md

@@ -222,6 +222,21 @@ Stay informed and up to date with the latest in cybersecurity by visiting our [*
 https://www.lasttowersolutions.com/
 {{#endref}}
 
+---
+
+### [K8Studio - The Smarter GUI to Manage Kubernetes.](https://k8studio.io/)
+
+<figure><img src="images/k8studio.png" alt="k8studio logo"><figcaption></figcaption></figure>
+
+K8Studio IDE empowers DevOps, DevSecOps, and developers to manage, monitor, and secure Kubernetes clusters efficiently. Leverage our AI-driven insights, advanced security framework, and intuitive CloudMaps GUI to visualize your clusters, understand their state, and act with confidence.
+
+Moreover, K8Studio is **compatible with all major kubernetes distributions** (AWS, GCP, Azure, DO, Rancher, K3s, Openshift and more).
+
+{{#ref}}
+https://k8studio.io/
+{{#endref}}
+
+
 ---
 
 ## License & Disclaimer

src/SUMMARY.md

@@ -37,6 +37,7 @@
   - [Mobile Phishing Malicious Apps](generic-methodologies-and-resources/phishing-methodology/mobile-phishing-malicious-apps.md)
   - [Phishing Files & Documents](generic-methodologies-and-resources/phishing-methodology/phishing-documents.md)
 - [Basic Forensic Methodology](generic-methodologies-and-resources/basic-forensic-methodology/README.md)
+  - [Adaptixc2 Config Extraction And Ttps](generic-methodologies-and-resources/basic-forensic-methodology/adaptixc2-config-extraction-and-ttps.md)
   - [Baseline Monitoring](generic-methodologies-and-resources/basic-forensic-methodology/file-integrity-monitoring.md)
   - [Anti-Forensic Techniques](generic-methodologies-and-resources/basic-forensic-methodology/anti-forensic-techniques.md)
   - [Docker Forensics](generic-methodologies-and-resources/basic-forensic-methodology/docker-forensics.md)
@@ -58,6 +59,7 @@
     - [Decompile compiled python binaries (exe, elf) - Retreive from .pyc](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/.pyc.md)
     - [Browser Artifacts](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/browser-artifacts.md)
     - [Deofuscation vbs (cscript.exe)](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/desofuscation-vbs-cscript.exe.md)
+    - [Discord Cache Forensics](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/discord-cache-forensics.md)
     - [Local Cloud Storage](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md)
     - [Office file analysis](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md)
     - [PDF File analysis](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md)
@@ -81,6 +83,7 @@
   - [Basic Python](generic-methodologies-and-resources/python/basic-python.md)
 - [Threat Modeling](generic-methodologies-and-resources/threat-modeling.md)
 - [Blockchain & Crypto](blockchain/blockchain-and-crypto-currencies/README.md)
+  - [Defi/AMM Hook Precision](blockchain/blockchain-and-crypto-currencies/defi-amm-hook-precision.md)
 - [Lua Sandbox Escape](generic-methodologies-and-resources/lua/bypass-lua-sandboxes/README.md)
 
 # 🧙‍♂️ Generic Hacking
@@ -129,6 +132,7 @@
     - [Seccomp](linux-hardening/privilege-escalation/docker-security/seccomp.md)
     - [Weaponizing Distroless](linux-hardening/privilege-escalation/docker-security/weaponizing-distroless.md)
   - [Escaping from Jails](linux-hardening/privilege-escalation/escaping-from-limited-bash.md)
+  - [Posix Cpu Timers Toctou Cve 2025 38352](linux-hardening/privilege-escalation/linux-kernel-exploitation/posix-cpu-timers-toctou-cve-2025-38352.md)
   - [euid, ruid, suid](linux-hardening/privilege-escalation/euid-ruid-suid.md)
   - [Interesting Groups - Linux Privesc](linux-hardening/privilege-escalation/interesting-groups-linux-pe/README.md)
     - [lxd/lxc Group - Privilege escalation](linux-hardening/privilege-escalation/interesting-groups-linux-pe/lxd-privilege-escalation.md)
@@ -238,7 +242,6 @@
 - [Windows Local Privilege Escalation](windows-hardening/windows-local-privilege-escalation/README.md)
   - [Abusing Auto Updaters And Ipc](windows-hardening/windows-local-privilege-escalation/abusing-auto-updaters-and-ipc.md)
   - [Arbitrary Kernel Rw Token Theft](windows-hardening/windows-local-privilege-escalation/arbitrary-kernel-rw-token-theft.md)
-  - [Dll Hijacking](windows-hardening/windows-local-privilege-escalation/dll-hijacking.md)
   - [Abusing Tokens](windows-hardening/windows-local-privilege-escalation/privilege-escalation-abusing-tokens.md)
   - [Access Tokens](windows-hardening/windows-local-privilege-escalation/access-tokens.md)
   - [ACLs - DACLs/SACLs/ACEs](windows-hardening/windows-local-privilege-escalation/acls-dacls-sacls-aces.md)
@@ -353,6 +356,7 @@
     - [Frida Tutorial 3](mobile-pentesting/android-app-pentesting/frida-tutorial/owaspuncrackable-1.md)
     - [Objection Tutorial](mobile-pentesting/android-app-pentesting/frida-tutorial/objection-tutorial.md)
   - [Google CTF 2018 - Shall We Play a Game?](mobile-pentesting/android-app-pentesting/google-ctf-2018-shall-we-play-a-game.md)
+  - [In Memory Jni Shellcode Execution](mobile-pentesting/android-app-pentesting/in-memory-jni-shellcode-execution.md)
   - [Insecure In App Update Rce](mobile-pentesting/android-app-pentesting/insecure-in-app-update-rce.md)
   - [Install Burp Certificate](mobile-pentesting/android-app-pentesting/install-burp-certificate.md)
   - [Intent Injection](mobile-pentesting/android-app-pentesting/intent-injection.md)
@@ -487,6 +491,7 @@
 - [88tcp/udp - Pentesting Kerberos](network-services-pentesting/pentesting-kerberos-88/README.md)
   - [Harvesting tickets from Windows](network-services-pentesting/pentesting-kerberos-88/harvesting-tickets-from-windows.md)
   - [Harvesting tickets from Linux](network-services-pentesting/pentesting-kerberos-88/harvesting-tickets-from-linux.md)
+  - [Wsgi](network-services-pentesting/pentesting-web/wsgi.md)
 - [110,995 - Pentesting POP](network-services-pentesting/pentesting-pop.md)
 - [111/TCP/UDP - Pentesting Portmapper](network-services-pentesting/pentesting-rpcbind.md)
 - [113 - Pentesting Ident](network-services-pentesting/113-pentesting-ident.md)
@@ -566,6 +571,7 @@
 - [15672 - Pentesting RabbitMQ Management](network-services-pentesting/15672-pentesting-rabbitmq-management.md)
 - [24007,24008,24009,49152 - Pentesting GlusterFS](network-services-pentesting/24007-24008-24009-49152-pentesting-glusterfs.md)
 - [27017,27018 - Pentesting MongoDB](network-services-pentesting/27017-27018-mongodb.md)
+- [32100 Udp - Pentesting Pppp Cs2 P2p Cameras](network-services-pentesting/32100-udp-pentesting-pppp-cs2-p2p-cameras.md)
 - [44134 - Pentesting Tiller (Helm)](network-services-pentesting/44134-pentesting-tiller-helm.md)
 - [44818/UDP/TCP - Pentesting EthernetIP](network-services-pentesting/44818-ethernetip.md)
 - [47808/udp - Pentesting BACNet](network-services-pentesting/47808-udp-bacnet.md)
@@ -725,6 +731,7 @@
   - [SOME - Same Origin Method Execution](pentesting-web/xss-cross-site-scripting/some-same-origin-method-execution.md)
   - [Sniff Leak](pentesting-web/xss-cross-site-scripting/sniff-leak.md)
   - [Steal Info JS](pentesting-web/xss-cross-site-scripting/steal-info-js.md)
+  - [Wasm Linear Memory Template Overwrite Xss](pentesting-web/xss-cross-site-scripting/wasm-linear-memory-template-overwrite-xss.md)
   - [XSS in Markdown](pentesting-web/xss-cross-site-scripting/xss-in-markdown.md)
 - [XSSI (Cross-Site Script Inclusion)](pentesting-web/xssi-cross-site-script-inclusion.md)
 - [XS-Search/XS-Leaks](pentesting-web/xs-search/README.md)
@@ -768,7 +775,7 @@
     - [Stack Shellcode - arm64](binary-exploitation/stack-overflow/stack-shellcode/stack-shellcode-arm64.md)
   - [Stack Pivoting - EBP2Ret - EBP chaining](binary-exploitation/stack-overflow/stack-pivoting-ebp2ret-ebp-chaining.md)
   - [Uninitialized Variables](binary-exploitation/stack-overflow/uninitialized-variables.md)
-- [ROP & JOP](binary-exploitation/rop-return-oriented-programing/README.md)
+  - [ROP & JOP](binary-exploitation/rop-return-oriented-programing/README.md)
   - [BROP - Blind Return Oriented Programming](binary-exploitation/rop-return-oriented-programing/brop-blind-return-oriented-programming.md)
   - [Ret2csu](binary-exploitation/rop-return-oriented-programing/ret2csu.md)
   - [Ret2dlresolve](binary-exploitation/rop-return-oriented-programing/ret2dlresolve.md)
@@ -838,8 +845,14 @@
   - [WWW2Exec - \_\_malloc_hook & \_\_free_hook](binary-exploitation/arbitrary-write-2-exec/aw2exec-__malloc_hook.md)
 - [Common Exploiting Problems](binary-exploitation/common-exploiting-problems.md)
 - [Linux kernel exploitation - toctou](binary-exploitation/linux-kernel-exploitation/posix-cpu-timers-toctou-cve-2025-38352.md)
+- [PS5 compromission](binary-exploitation/freebsd-ptrace-rfi-vm_map-prot_exec-bypass-ps5.md)
 - [Windows Exploiting (Basic Guide - OSCP lvl)](binary-exploitation/windows-exploiting-basic-guide-oscp-lvl.md)
-- [iOS Exploiting](binary-exploitation/ios-exploiting.md)
+- [iOS Exploiting](binary-exploitation/ios-exploiting/README.md)
+  - [ios CVE-2020-27950-mach_msg_trailer_t](binary-exploitation/ios-exploiting/CVE-2020-27950-mach_msg_trailer_t.md)
+  - [ios CVE-2021-30807-IOMobileFrameBuffer](binary-exploitation/ios-exploiting/CVE-2021-30807-IOMobileFrameBuffer.md)
+  - [ios Corellium](binary-exploitation/ios-exploiting/ios-corellium.md)
+  - [ios Heap Exploitation](binary-exploitation/ios-exploiting/ios-example-heap-exploit.md)
+  - [ios Physical UAF - IOSurface](binary-exploitation/ios-exploiting/ios-physical-uaf-iosurface.md)
 
 # 🤖 AI
 - [AI Security](AI/README.md)
@@ -889,7 +902,6 @@
 - [RC4 - Encrypt\&Decrypt](crypto-and-stego/rc4-encrypt-and-decrypt.md)
 - [Stego Tricks](crypto-and-stego/stego-tricks.md)
 - [Esoteric languages](crypto-and-stego/esoteric-languages.md)
-- [Blockchain & Crypto Currencies](crypto-and-stego/blockchain-and-crypto-currencies.md)
 
 # ✍️ TODO
 
@@ -931,4 +943,4 @@
 - [Stealing Sensitive Information Disclosure from a Web](todo/stealing-sensitive-information-disclosure-from-a-web.md)
 - [Post Exploitation](todo/post-exploitation.md)
 - [Investment Terms](todo/investment-terms.md)
-- [Cookies Policy](todo/cookies-policy.md)
+- [Cookies Policy](todo/cookies-policy.md)