Skip to main content

Who to thank

Everything in this hub is fueled by other people’s work. If a writeup helped you solve a machine, subscribe to their channels and/or buy them a coffee, not this site.

Whitelisted authors

S4vitar

Marcelo Vázquez. Spanish-language videos, step by step, with deep explanation of the why behind each technique.

El Pingüino de Mario

Spanish-language videos covering each attack vector with a clear pedagogical approach.

0xdf

The gold standard for written walkthroughs in English. Clean structure, clear screenshots, copyable commands.

IppSec

YouTube videos covering virtually every retired machine. The ippsec.rocks search is essential.

Proposing a new author

Edit scripts/config.py, add the entry to the AUTHORS dict with its domains, and open a PR explaining why their material is consistent in quality. Please, no “random Medium list”.

Sources behind the professional content

The sections Methodology, Glossary, AD CS, Cloud, LLM Security, Red Team, and Bug Bounty were built from research at the following sources (cited inline where relevant):

PortSwigger Research

James Kettle: Smashing the state machine (race conditions), HTTP/2 The Sequel is Always Worse, Web Security Academy.

SpecterOps

Will Schroeder, Lee Christensen — Certified Pre-Owned (AD CS), BloodHound, Certify, Mythic, Empire.

Microsoft Threat Intelligence

Storm-2372 device code phishing, EchoLeak (CVE-2025-32711), Defender for Identity AD CS sensor.

MITRE ATT&CK

Tactics and techniques framework. Mandatory mapping in 2026 professional reports.

OWASP

Top 10 web, Top 10 API, Top 10 LLM 2025, Cheat Sheet Series, ASVS, Testing Guide.

HackTricks

Community pentesting wiki. Mandatory lookup before any AD/Linux/Cloud technique.

Mandiant / Google Threat Intel

M-Trends 2025, UNC2165 / RansomHub cases, AD CS defense.

Rhino Security Labs

Pacu, AWS IAM Privilege Escalation paths, GCPBucketBrute, GCP IAM PrivEsc.

ProjectDiscovery

subfinder, httpx, nuclei, dnsx — de-facto stack in bug bounty 2026.

OffSec / Hack The Box

PEN-200, OSCP+ 2024, HTB Academy, retired machines. Unaffiliated.

TrustedSec / harmj0y / ly4k

Certipy, Certify, EKUwu (CVE-2024-49019), continuous AD CS research.

OWASP Gen AI Project

Top 10 for LLM Applications 2025 — basis of the LLM Security section.

Other authors worth citing

  • Dirk-jan Mollema (dirkjanm.io) — ROADtools, mitm6, Pass-the-PRT, NTLM Relay + delegation research.
  • Oliver Lyak (ly4k) — original Certipy, CVE-2022-26923 Certifried.
  • Justin Bollinger (TrustedSec) — EKUwu (CVE-2024-49019).
  • mr.d0x — Browser-in-the-Browser attack disclosure.
  • Florian Roth (Neo23x0) — YARA signature-base, DFIR research.
  • chvancooten — NimPlant.
  • C5pider — Havoc framework.
  • kgretzky — Evilginx2.
  • Aim Labs (Aim Security) — EchoLeak disclosure.
Any omission is unintentional — links to specific sources are on each content page. If you contributed cited research and want to appear here, open a PR. Hack The Box is a trademark of Hack The Box Ltd. This project is not affiliated with HTB or any of the listed authors. It only links to material they have published openly. If you are one of the authors and wish to be removed, open an issue and you’ll be off by the next day.