Welcome to /r/hacking!
A subreddit dedicated to hacking and hacking culture.
What we’re about: quality and constructive discussion referring to the culture, profession and esteem of hacking.
This sub is geared toward these with an working out of hacking – please seek the advice of with /r/HowToHack for posting newbie links and tutorials; any newbie questions wants to be directed there as they’ll result in a ban right here.
Guides and tutorials are welcome right here as prolonged as they are suitably complex and most importantly honest!
Please don’t put up unlawful stuffs. Bans are handed out at moderator discretion.
Every other one bought caught right this moment, or not it is in every single attach the papers. “Teen
Arrested in Computer Crime Scandal”, “Hacker Arrested after Bank Tampering”…
Damn younger people. They’re all alike.
Nonetheless did you, for your three-portion psychology and 1950’s
technobrain, ever bewitch a gaze behind the eyes of the hacker?
Did you ever wonder what made him tick, what forces formed
him, what can also merely maintain molded him?
I’m a hacker, enter my world…
Mine is an world that begins with college… I’m smarter than most
of the other younger people, this crap they educate us bores me…
Damn underachiever. They’re all alike.
- Protect it honest. Hacking on the total is a gray attach nonetheless reduction it above board. Discussion spherical the legality of disorders is k, encouraging or assisting unlawful actions just isn’t.
- We aren’t your individual military. This just isn’t the gap to bewitch a stare upon to acquire hackers to originate your soiled work and you may possibly perchance possibly even be banned for attempting. This entails: Asking somebody to hack for you, attempting to rent hackers, inquiring for reduction with your DoS, asking how one can acquire into your “female friend’s” instagram, and providing to originate this stuff will also result in a ban.
- No “how originate i beginning hacking?” posts. Glimpse /r/howtohack or the stickied put up. Intermediate questions are welcomed – e.g. “How does HSTS discontinuance SSL stripping?” is a factual inquire of. “How originate I hack wifi with Kali?” is disagreeable.
- No “I purchased hacked” posts except or not it is a attention-grabbing put up-mortem of a particular attack. Your nan being phished doesn’t count.
- Sharing of non-public recordsdata is forbidden – no doxxing or IP dumping.
- Spam is strictly forbidden and must result in a ban. Knowledgeable promotion e.g. from safety companies/pen discovering out companies is allowed within the confines of field-broad guidelines on self promotion found right here, nonetheless will in any other case be thought to be order mail.
- Off-topic posts shall be handled as order mail.
- Low-effort impart shall be eradicated at moderator discretion.
- We aren’t tech enhance, these posts wants to be saved on /r/techsupport.
- Web not be a dick. Play good, enhance every other and aid discovering out.
Starting & Fundamentals to hacking
How originate I beginning hacking?
Hacking is an extremely mountainous topic. There’s just isn’t any single “hacking” action. You shall be able to desire to advise what you may want to learn. This put up will enable you to elaborate hacking. From there, test out sources related to the areas of hacking you are drawn to.
Where must I beginning?
All any other time, narrow down what you may want to learn. There may be merely too worthy within the broad world of hacking to not narrow it down. Here are about a sources that provide a factual fashioned foundation:
Hacking: the art work of exploitation (amazon) – Total overview of hacker mentality and fashioned exploitation tactics
Violent Python (amazon) – Utilizing fashioned python skills to originate highly efficient instruments for offence and defence.
Web Software program Hacker’s Handbook (amazon) – Very wide info to web web impart online safety and fashioned vulnerabilities.
Supreme Malware Diagnosis (amazon) – This can also merely educate you how one can analyze malware thoroughly. Certain, this can educate you how malware is written and how malware authors maintain.
Possess I been hacked? What originate I originate if I’ve been hacked?
Finding out & Custom
This is our world now… the area of the electron and the swap, the
great thing about the baud. We originate use of a service already present without paying
for what may possibly perchance even be dirt-cheap if it wasn’t flee by profiteering gluttons, and
you name us criminals. We stumble on… and you name us criminals. We observe
after recordsdata… and you name us criminals. We exist without skin color,
without nationality, without non secular bias… and you name us criminals.
You assemble atomic bombs, you wage wars, you abolish, cheat, and mislead us
and try and originate us factor in or not it is for our non-public factual, but we’re the criminals.
Certain, I’m a prison. My crime is that of curiosity. My crime is
that of judging people by what they deliver and maintain, not what they gaze esteem.
My crime is that of outsmarting you, one thing that you will not ever forgive me
I’m a hacker, and right here is my manifesto. Potentialities are you’ll well perchance possibly possibly also merely discontinuance this particular person,
nonetheless that you may not discontinuance us all… in spite of the entirety, we’re all alike.
- Kevin Mitnick – Free Kevin
- The 414s – The 414s were a neighborhood of computer hackers who broke into dozens of high-profile computer systems, in conjunction with ones at Los Alamos Nationwide Laboratory, Sloan-Kettering Most cancers Center, and Security Pacific Bank, in 1982 and 1983.
- Jeanson James Ancheta – On Can also merely 9, 2006, Jeanson James Ancheta (born 1985) modified into the first person to be charged for controlling astronomical numbers of hijacked computers or botnets.
- Hector Monsegur (known as Sabu) – an American computer hacker and co-founding father of the hacking neighborhood LulzSec. He Monsegur modified into an informant for the FBI, working with the company for over ten months to help them in figuring out the other hackers from LulzSec and related groups.
- Jeremy Hammond – He modified into convicted of computer fraud in 2013 for hacking the non-public intelligence firm Stratfor and releasing recordsdata to the whistle-blowing web web impart online WikiLeaks, and sentenced to 10 years in penal complex.
- Lauri Like – a British activist charged with stealing recordsdata from United States Executive computers in conjunction with the United States Military, Missile Protection Agency, and NASA through computer intrusion.
- Gary McKinnon – a Scottish systems administrator and hacker who modified into accused in 2002 of perpetrating the “greatest militia computer hack of all time,” despite the true fact that McKinnon himself states that he modified into merely searching out for evidence of free vitality suppression and a veil-up of UFO exercise and other applied sciences most likely functional to the public. 👽🛸
- Adrian Lamo – gained media attention for breaking into several high-profile computer networks, in conjunction with these of The Unique York Cases, Yahoo!, and Microsoft, culminating in his 2003 arrest. Lamo modified into most efficient known for reporting U.S. soldier Chelsea Manning to Military prison investigators in 2010 for leaking heaps of of hundreds of sensitive U.S. authorities documents to WikiLeaks.
- Albert Gonzales – an American computer hacker and computer prison who’s accused of masterminding the combined credit card theft and subsequent reselling of upper than 170 million card and ATM numbers from 2005 to 2007: the finest such fraud in historical previous.
- Michael Calce (known as MafiaBoy) – a safety expert from Île Bizard, Quebec who launched a chain of highly publicized denial-of-service assaults in February 2000 against astronomical industrial websites, in conjunction with Yahoo!, Fifa.com, Amazon.com, Dell, Inc., E*TRADE, eBay, and CNN.
- John Draper – also called Captain Crunch, Crunch or Crunchman (after the Cap’n Crunch breakfast cereal mascot), is an American computer programmer and inclined legendary phone phreak.
- Andrew Auernheimer (known as Weev) – Went to penal complex for the use of math against AT&T web web impart online.
- Eric Corley (known as Emmanuel Goldstein) – 2600
- Guccifer 2.0 – a persona which claimed to be the hacker(s) that hacked into the Democratic Nationwide Committee (DNC) computer network after which leaked its documents to the media, the acquire web impart online WikiLeaks, and a conference tournament.
- Jacob Appelbaum – an American independent journalist, computer safety researcher, artist, and hacker. He has been employed by the College of Washington, and modified into a core member of the Tor project, a free machine network designed to produce on-line anonymity.
- Kimberley Vanvaeck (known as Gigabyte) – a virulent disease author from Belgium known for a prolonged-standing dispute which eager the acquire safety firm Sophos and one amongst its workers, Graham Cluley. Vanvaeck wrote several viruses, in conjunction with Quis, Coconut and YahaSux (also called Sahay). She also created a Spirited virus (also called “Sharpei”), credited as being the first virus to be written in C#.
- Crime of Curiosity by Amplitude Misfortune
- Programming / Coding / Hacking tune vol.18
- Programming / Coding / Hacking tune vol.17
- Programming / Coding / Hacking tune vol.16
- 24/7 lofi hip hop radio – beats to acquire/relax/relax out
- Concentration Programming Music
- Concentration Programming Music 0100 (Section 4)
Movies & TV
- War Games
- The Rep
- The Woman with the Dragon Tattoo
- The Matrix
- The Rating
- nmap – Port Scanner & Network Exploration Tool
- XSS Filter Evasion Cheat Sheet
- XSS cheatsheet
Esp: for filter evasion
- XSS Vectors Cheat Sheet
Customary boards within the hacking scene.
- HackForums (EN)
- BlackHatWorld (EN)
- RaidForums (EN)
- OGUsers (EN)
- SentryMBA (EN)
- Nulled (EN)
- UnKnoWnCheaTs (EN)
- MPGH (EN)
- Cracked.to (EN)
- Leakforums (EN)
- Antichat (RU)
- Exploit.in (RU)
- BHF (RU)
- FuckAV (RU)
Unique to CTFs
Need to you understand nothing about CTFs or right here is your first try at doing a CTF, it is suggested you learn over the Awesome CTF list first.
What’s a CTF?
CTF stands for Take The Flag, a form of hacking tournament the attach you may possibly perchance possibly also merely maintain one blueprint: hack in and obtain the flag. Flags are positioned in various areas — they are able to also merely be in a file, within the database, stuck into provide code, or in any other case — and your blueprint is to hunt all of them down.
- Hack The Field – Hack The Field is an on-line platform allowing you to test your penetration discovering out skills and replace suggestions and methodologies with hundreds of people within the safety field. Click below to hack our invite peril, then acquire started on one amongst our many dwell machines or challenges.
- Hacker101 CTF – The Hacker101 CTF is a sport designed to enable you to learn to hack in a protected, rewarding atmosphere. Hacker101 is a free academic field for hackers, flee by HackerOne. This CTF is one other integral ingredient in our plans to originate the area a higher space, one computer virus at a time.
- Root Me CTF –
- Hack This Position – Hack This Position is a free, protected and honest coaching floor for hackers to test and develop their hacking skills. Bigger than factual one other hacker wargames field, we’re a living, breathing neighborhood with many active tasks in increase, with an enormous different of hacking articles and an astronomical forum the attach users can discuss hacking, network safety, and factual about the entirety. Tune in to the hacker underground and acquire eager with the project.
- Hack This! – Need to research hacking and network safety? See how hacks, dumps and defacements are performed and stable your web web impart online against hackers with HackThis!!
- OverTheWire – is a shining newbie resource. It gets you gentle to Linux, teaches you a pair of ramification of various instruments, applied sciences, protocols and so on. Even on the beginning on the peril it choices you within the upright direction whenever you are doubtful. This has positively helped me in extra stepped forward CTF challenges.
- picoCTF – is extraordinarily factual for discovering out a colossal different of skills or factual training gentle ones. It entails reverse engineering, binary exploitation, web hacking and extra. There shall be a astronomical different of walkthroughs on-line for every peril in case that you must gaze them.
- Vulnhub – Vulnhub is a most traditional platform that hosts factual boot2root vm’s that differ in peril. These too maintain hundreds of on-line walkthroughs in case you want them.
Need to discuss CTFs or tactics? Test out /r/securityCTF
Lessons (Free and Paid)
- Udemy – Moral Hacking
- Udemy – Cyber Security
- Udemy – Penetration Testing
- Udemy – Kali Linux
- Udemy – Metasploit
- Cybrary – Free Hacking Practicing
- Cybrary – ISC2 CISSP
- Cybrary – WiFi Security: WEP, WPA, and WPA2
- Cybrary – Moral Hacking
- HackerOne – Begin Hacking
- LambdaSchool – Summer Hackers
Professor Messer Videos
How To Guides & Tutorials
- Tutorial: Is My Wi-fi Card Appropriate?
- Extra coming quickly
- I will Let Myself In: Solutions of Bodily Pen Testers
- You’re Doubtlessly Now not Red Teaming… And On the total I’m Now not, Either – SANS ICS 2018
- BREAKING in BAD (I’m the one who doesn’t knock) – Jayson Avenue
- DEFCON – The Paunchy Documentary
- DEF CON 17 – That Awesome Time I Used to be Sued For Two Billion Bucks
- DEF CON 18 – Zoz – Pwned By The Proprietor: What Occurs When You Prefer A Hacker’s Computer
- DEF CON 18 – Chris Paget – Supreme Cell phone Spying
- DEF CON 19 – Deviant Ollam – Safe to Armed in Seconds
- DEF CON 21 – ZOZ – Hacking Driverless Autos
- DEF CON 22 – Metacortex and Grifter – Touring the Darkside of the Knowledge superhighway. An Introduction to Tor
- DEF CON 22 – Deviant Ollam & Howard Payne – Elevator Hacking – From the Pit to the Penthouse
- DEF CON 22 – Zoz – Web not Fuck It Up!
- DEF CON 23 – Robinson and Mitchell – Knocking my neighbors younger people cruddy drone offline
- DEF CON 23 – Van Albert and Banks – Looping Surveillance Cameras thru Are living Editing
- DEF CON 23 – Chris Rock – I Will Abolish You
- DEF CON 24 – Chris Rock – Easy systems to Overthrow a Executive
- DEF CON 24 – Weston Hecker – Hacking Hotel Keys and Level of Sale Systems
- DEF CON 24 – int0x80 – Anti Forensics AF
- DEF CON 25 – Roger Dingledine – Subsequent Abilities Tor Onion Services
- DEF CON 26 – smea – Jailbreaking the 3DS Via 7 Years of Hardening
Bug Bounty Programs
Receives a commission to leer vulnerabilities and safety disorders.
- Doable Wordlists – Model 2.0 – Model 2 is dwell! Wordlists sorted by probability on the beginning created for password technology and discovering out – originate obvious your passwords aren’t standard!
- Accurate Passwords – These are REAL passwords.
- Dictionary-Trend Lists – Files in conjunction with dictionaries, encyclopedic lists and miscellaneous. Wordlists in this folder were not necessarily related to the “password” mark.
Precious Github Resources
- Awesome OSINT – A curated list of amazingly awesome OSINT
- Awesome Malware Diagnosis – A curated list of awesome malware evaluation instruments and sources.
- Awesome CTF – A curated list of Take The Flag (CTF) frameworks, libraries, sources, softwares and tutorials. This list targets to help starters to boot to seasoned CTF avid gamers to acquire the entirety related to CTFs at one space.
- Awesome Hacking – A curated list of awesome Hacking.
- Awesome Honeypots – A curated list of awesome honeypots, plus related elements and hundreds extra, divided into lessons similar to Web, products and services, and others, with a focal level on free and beginning provide tasks.
- Awesome Incident Response – A curated list of instruments and sources for safety incident response, aimed to help safety analysts and DFIR teams.
- Awesome Car Security – curated list of awesome sources, books, hardware, machine, applications, people to look at, and extra chilly stuff about automobile safety, automobile hacking, and tinkering with the functionality of your automobile.
- Awesome Web Security – Curated list of Web Security affords and sources.
- Awesome Lockpicking – A curated list of awesome guides, instruments, and other sources touching on to the safety and compromise of locks, safes, and keys.
- Awesome Cybersecurity Blue Crew – A set of awesome sources, instruments, and other brilliant things for cybersecurity blue teams.
- Awesome AppSec – A curated list of sources for discovering out about application safety. Contains books, websites, weblog posts, and self-evaluation quizzes.
- Awesome Security – A set of awesome machine, libraries, documents, books, sources and chilly stuff about safety.
Cracking & Bruteforce
- Subdomain bruteforce – a subdomain brute forcing machine for windows
- Instashell – Multi-threaded Instagram Brute Forcer without password restrict
Remote Administration & Payloads
- pupy – Pupy is an opensource, imperfect-platform (Home windows, Linux, OSX, Android) far off administration and put up-exploitation machine basically written in python
- BYOB (Beget Your Beget Botnet) – BYOB is an beginning-provide project that presents a framework for safety researchers and developers to assemble and feature a fashioned botnet to deepen their working out of the comely malware that infects tens of millions of devices yearly and spawns in vogue botnets, in show to enhance their ability to invent counter-measures against these threats.
- QuasarRAT – Free, Begin-Source Remote Administration Tool for Home windows
- Antivirus Evasion – Varied Antivirus evasion instruments
- UACMe – Defeating Home windows User Story Control by abusing built-in Home windows AutoElevate backdoor.
- Genesis Scripting Engine (gscript) – framework to immediate put into effect personalized droppers for all three predominant operating systems
- Gophish – Begin-Source Phishing Toolkit
- SocialFish – Tutorial Phishing Tool & Knowledge Collector
- Blackeye – Essentially the most total Phishing Tool, with 32 templates +1 customizable
- Hidden Peep – Neatly-liked Phishing Tool With Evolved Functionality
- Evilginx2 – Standalone man-in-the-heart attack framework gentle for phishing login credentials along with session cookies, thinking the bypass of two-ingredient authentication
- Modlishka – Modlishka is a highly efficient and versatile HTTP reverse proxy. It implements a completely contemporary and appealing formulation of facing browser-basically based fully mostly HTTP visitors waft, which permits to transparently proxy multi-domain vacation field visitors, every TLS and non-TLS, over a single domain, without a requirement of inserting in any extra certificate on the client. What does this precisely mean? In short, it merely has hundreds of capacity, that will even be gentle in a lot of use case scenarios.
- Fluxion – MITM WPA attack toolset
- howmanypeoplearearound – Count the different of people spherical you 👨👨👦 by monitoring wifi signals 📡
- Wifiphisher – The Rogue Procure entry to Level Framework
- Tails – The Amnesic Incognito Are living Scheme. Tails is a dwell method that targets to defend your privacy and anonymity. It helps you to use the Knowledge superhighway anonymously and circumvent censorship almost anyplace you accelerate and on any computer nonetheless leaving no label except you ask it to explicitly.
- Whonix – A High Security Blueprint of Browsing the Knowledge superhighway. Whonix is a desktop operating method designed for stepped forward safety and privacy.
- QubesOS – Qubes is a safety-oriented, free and beginning-provide operating method for non-public computers that enables you to securely compartmentalize your digital lifestyles.
- Kali Linux – a Debian-derived Linux distribution designed for digital forensics and penetration discovering out.
- Parrot OS – a Linux distribution in accordance to Debian with a focal level on computer safety. It is designed for penetration discovering out, vulnerability evaluation and mitigation, computer forensics and anonymous web attempting.
- BlackArch – an Arch Linux-basically based fully mostly penetration discovering out distribution for penetration testers and safety researchers.
Knowledge superhighway web hosting
- Debian – The Universal Working Scheme
- FreeBSD – FreeBSD is an operating method gentle to energy in vogue servers, desktops, and embedded platforms.
- Ubuntu – Ubuntu is an beginning provide machine operating method that runs from the desktop, to the cloud, to your total web related things.
- Fedora – Fedora creates an innovative, free, and beginning provide platform for hardware, clouds, and containers that enables machine developers and neighborhood members to assemble tailor-made solutions for his or her users.
- CentOS – a Linux distribution that presents a free, endeavor-class, neighborhood-supported computing platform functionally esteem minded with its upstream provide, Red Hat Endeavor Linux (RHEL).
- Home windows Server 2019
- LineageOS – /r/lineageos – A free and beginning-provide operating method for various devices, in accordance to the Android cellular platform.
- GrapheneOS – /r/GrapheneOS/ – GrapheneOS is a privacy and safety focused cellular OS with Android app compatibility.
- Mint – Linux Mint is an clean, easy to use, up previously and jubilant GNU/Linux desktop distribution.
- Rasberrian – Raspbian is a free operating method in accordance to Debian optimized for the Raspberry Pi hardware.
Subscribe to the newsletter news
We hate SPAM and promise to keep your email address safe