Photograph via snooOG

A subreddit dedicated to hacking and hackers.

Constructive collaboration and learning about exploits, industry standards, grey and white hat hacking, new hardware and software hacking technology, sharing ideas and suggestions for small business and personal security.

A subreddit dedicated to hacking and hacking culture.

What we are about: quality and constructive discussion about the culture, profession and love of hacking.

This sub is aimed at those with an understanding of hacking - please visit /r/HowToHack for posting beginner links and tutorials; any beginner questions should be directed there as they will result in a ban here.

Guides and tutorials are welcome here as long as they are suitably complex and most importantly legal!

Bans are handed out at moderator discretion.

Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"...

Damn kids. They're all alike.


  1. Keep it legal Hacking can be a grey area but keep it above board. Discussion around the legality of issues is ok, encouraging or aiding illegal activities is not

  2. We are not your personal army. This is not the place to try to find hackers to do your dirty work and you will be banned for trying. This includes:

  • Asking someone to hack for you
  • Trying to hire hackers
  • Asking for help with your DoS
  • Asking how to get into your "girlfriend's" instagram
  • Offering to do these things will also result in a ban
  • No "how do i start hacking?" posts. See /r/howtohack or the stickied post. Intermediate questions are welcomed - e.g. "How does HSTS prevent SSL stripping?" is a good question. "How do I hack wifi with Kali?" is bad.

  • No "I got hacked" posts unless it's an interesting post-mortem of a unique attack. Your nan being phished doesn't count.

  • Sharing of personal data is forbidden - no doxxing or IP dumping

  • Spam is strictly forbidden and will result in a ban. Professional promotion e.g. from security firms/pen testing companies is allowed within the confines of site-wide rules on self promotion found here, but will otherwise be considered spam.

  • Off-topic posts will be treated as spam.

  • Low-effort content will be removed at moderator discretion

  • We are not tech support, these posts should be kept on /r/techsupport

  • Don't be a dick. Play nice, support each other and encourage learning.

  • Recommended Subreddits:


    2,651,177 Subscribers


    How to unflag myself on Chatango

    I was unjustly blocked in a chatroom on charango. I need help unblocking myself.

    05:09 UTC


    Looking for a website with a layout similar to this:

    Please excuse my poor art skills but the gist of the site allowed you to find connected information to whomever the input was. It was a tool we used at an old job when screening new employees and I cannot for the life of me recall what it’s called.

    16:53 UTC


    Nethunter on Android/Huawei - Is an adaptor required?


    I have a spare phone I want to use on engagments, its a Huawei P10.

    I want to know before rooting it if it will require a WiFi adaptor? Its not on their supported list, just wondering if anyone has tried this on a Huawei.

    If an adaptor is required is it the same steps as using a Kali-VM?

    1 Comment
    15:47 UTC


    Recommended Honeypot for home network?


    As it says on the tin - Can anyone recommend a good honeypot to use at home?

    I recenty setup OpenCanary but was hoping it would be a little bit more like the paid version which I have used before but is very expensive for the Pro version.

    OpenCanary does work fine but I would like something a bit more graphical tbh like the paid version, where you can see a dashboard and stuff.


    15:35 UTC


    What can we do with a hostname?

    In ippsec's video, I noticed that he always emphasize about finding a hostname. For example, in HTB Search's video, he said that https leaking a hostname of "research"


    I was wondering what can we do with the hostname?

    14:31 UTC


    What would be the most efficient way to get a device’s credentials from a (windows) computer that’s on the same lan.

    There are two computers left in our building that have access to a shitty old nvr. It sounds like only one person, (maybe two?) still have the login. It’s been replaced but it still has some working cameras.

    It use to be a joke but it’s becoming a competition between me and 8 others. Brute forcing it will take forever and resetting it would require someone to go into the security closet.

    The software is so old that it’s no longer supported n runs like dogshit. (I think they both use IE on their PCs to play with the controls) but I’m not sure.

    I was going to use a whid usb or make a vm and setup the exact same login when they connect via ip.

    My biggest concern is plugging ina usb and someone catching me in the act. This lan is old shouldn’t even exist, it’s mostly used for a never ending game of civ5. Anyone have any ideas er suggestions ? (And Eric if you’re reading this then you’re just as guilty lol gitgud)

    03:27 UTC


    Following another post, what sick hacking can one do if one is very good at fundamental mathematics/CS

    Following this post: https://www.reddit.com/r/hacking/comments/16nrqlu/what_is_the_hardest_and_most_complex_area_of/

    I know that Cryptography is a field that academic people really shine. It really needs a PHD to do serious research. What other fields do you know?

    Thinking about RE, malware, embedded hacking, most of these doesn't seem to require a strong academic background (of course, it's good to have). But I suspect someone who is really good at fundamentals can push hacking to a new level.

    01:52 UTC


    Pictures or other files to Troyan Keysnap or something? (I dont get it as SysDev)


    I am currently SofDev and more and more System Engineer.

    I don´t get the point how you could completely hide a troyan or anything in a e.g. picture. (jpeg etc) I know from long time ago you could spoof the endings, but i dont hink thats 2023, more 2003. Worked mostly in Web Dev and now more and more parts are System Engineer. Because of this I ask myself this questions. I know you can write some code which hurts the "PC" but it´s always the thing why would someone click this. If there is a real image beyond they maybe click it? But doesnt that get autospammed anyway? I had some of them in every adress but i clicked 0. Scams too. Why would I do this? Can someone explain?

    01:07 UTC


    bypass lightspeed M1

    i want to bypass the lightspeed filter agent (also jamf and cortex XDR but thats diffrent) on a M1 macbook air 2020 that my school gave us but lightspeed blocks a bunch of forums and other websites i use for school like calendars etc and using a VM or TOR is too slow, also we dont have admin but can add VPNs however they dont bypass it

    00:27 UTC


    ahahaha the shiny hunters made the australian 8am news

    covering the story of the stealing 30million pizza orders from pizza hut 😹😹 amazing job

    1 Comment
    22:04 UTC



    is there a way to find things like promo codes with google dorks?

    18:28 UTC


    What is the hardest and most complex area of Hacking?

    As The Title said,what is the hardest and most complex area of Hacking,What I mean by area is specialisity(Reverse engineer,Exploit developpement,Malware analysis,pwd,Web Hacking....)?

    17:51 UTC


    Honest opinions about Go in the hacker space

    So I am not a noob, but definitely far from l337... I have been writing in python for a while now and again dont necessarily feel like I am expert by any means. Recently (past 3 years) I have seen a lot of tools and scrips being written in go. What do people think of it as a language. What advantages does it have in the cyber security space, over other langues. Thoughts on other languages besides python to learn and know... I know some basic java, and JS, i can also code in R, which is only really useful for data analysis post exploit and report generating...

    16:54 UTC


    How do I pypass an external drive blocker?

    So I'm trying to do some work at school on the library computers, which is stored on a USB drive that I have. When I plug it in, it works as intended and the drive is visible on the computer but whenever I try to use it it says access denied. They also have the shortcuts for winX and the run dialogue disabled, cmd admin locked, and you can't get into settings through the search bar. They're also running on windows 11. Anyone know how they're blocking it and/or how I could bypass/disable it?

    16:35 UTC


    Software developer wanting to switch to cyber career, how?

    I’m a software engineer and I’ve being doing this for 5+ years and I really want to get into the world of cyber security.

    I’ve use Kali Linux and see some course in it but I can find a path or way for me to get a job in cyber security.

    So please, how do I transition over? are there certificates I should get or do I need to do some CFT’s

    13:33 UTC


    NSA's TAO hacked Huawei: China officially confirms

    • China has officially confirmed that the US spy agency NSA hacked into Huawei's headquarters and carried out repeated cyberattacks.

    • The Chinese State Security Ministry report accuses the NSA of systematic attacks on the telecoms giant and other targets in China and other countries.

    • The report also reveals that the NSA targeted Northwestern Polytechnical University and accuses the US government of using cyberattack weapons against China and other countries for over 10 years.

    • The report highlights the NSA's cyberwarfare intelligence-gathering unit, known as the Office of Tailored Access Operations (TAO), which hacked into Huawei's servers in 2009 and continued to monitor them.

    • It also mentions the NSA's attempts to exploit Huawei's technology to gain access to computer and telephone networks in other countries.

    Source : https://www.scmp.com/news/china/politics/article/3235174/us-spy-agency-nsa-hacked-huawei-hq-china-confirms-snowden-leak

    12:02 UTC


    Looking for private communites/groups

    Im done with doing everything by myself I want to find a small community where I could expand my horizons share some knowledge and have fun with other people.

    Do you know any groups that accept after solving some challenge?

    I can’t figure out a way how to find any small community.

    I’m skilled in python, web development, networks, web vulnerabilities, web scraping(I can create an api from 99% websites) I also posses seo skills. Im willing to share my knowledge and of course learn new stuff.

    I still consider myself a complete beginner but I have give and take mindset and Im learning new stuff almost everyday. I do not bother asking questions that could be easily googled or found on other search engines.

    If you know a way how to get into group like this I would highly appreciate your help!

    10:16 UTC


    Is there any reason a read-only API shoud use a CSRF token?

    After learning about CSRF, I feel like probably not, because IIUC, the malicious site cannot actually view the response, they can only send responses on behalf of a user via the browser.

    03:44 UTC


    How are people finding out address from a gamer tag or ip address in general

    So there is these YouTube videos where they mess with people by reading there name and address on xbox, but how are they doing this like an ip address can only give you a general location unless you are the actual isp. So how do they find peoples address?

    00:03 UTC


    Touchtunes Jukebox.

    Is this information actionable? I have a decent phone camera so the information on screen is legible. I have been keenly interested in hacking a Touchtunes Jukebox for a couple years now and today was finally gifted with a rare opportunity to take a pic of the maintenance screen whole a tech was working on it.

    Can this information be used to effectively wrest control of the Jukebox for my own nefarious means?

    23:13 UTC


    stuck on ctf even though i have the answer

    overthewire bandit level 18 - at first i didn't understand, then i did some research and understood but i wasn't getting the answer so i googled the answer to see what i was missing. It turns out - nothing!

    I've literally copied and pasted the solutions into the password prompt and I'm getting no response. Has anybody had this happen to them? I've tried looking through the password files by logging in on a different levels put permissions are denied. how can i move on to the next level?

    21:28 UTC


    ICMP works over TCP Tunnel?

    I’m learning about ligolo-Ng, which sets up a TCP/TLS tunnel so you can pivot across networks.

    However, I found that you can ping hosts through this tunnel normally. How is an ICMP datagram is using TCP?

    I’d appreciate any insight on this. I feel like I must be missing something.

    As a side note,

    nmap -sn <NETWORK> also works but

    sudo nmap -sn <NETWORK> doesn’t (the additional checks must screw up the results)

    19:10 UTC


    FBI chief: China has bigger hacking program than all the competition combined

    • FBI Director Chris Wray revealed that China has a cyberespionage program that surpasses all of its major competitors combined.

    • Wray emphasized that even if the FBI focused solely on China, Chinese hackers would still outnumber their cyber personnel by at least 50 to 1.

    • China has repeatedly denied using hackers to spy on the United States.

    • Recent high-profile hacks, including the theft of hundreds of thousands of emails from senior U.S. government officials, have been attributed to China.

    • According to Mandiant Chief Executive Kevin Mandia, Chinese hackers are among the best spies in the world.

    Source : https://www.reuters.com/world/fbi-chief-says-china-has-bigger-hacking-program-than-competition-combined-2023-09-18/

    12:22 UTC


    One of the FBI’s most wanted hackers is trolling the U.S. government

    • Russian hacker Mikhail Matveev, also known as "Wazawaka" and "Boriselcin," is one of the FBI's most wanted hackers.

    • He has been indicted by the U.S. government for being a prolific ransomware affiliate and carrying out significant attacks against companies and critical infrastructure.

    • Matveev is accused of being a central figure in the development and deployment of ransomware variants like Hive, LockBit, and Babuk.

    • Despite being on the FBI's most wanted list, Matveev continues to taunt the government by making a T-shirt with his own most wanted poster and engaging in online activities.

    • The FBI believes Matveev remains in Russia and is unlikely to face extradition to the United States.

    Source : https://techcrunch.com/2023/09/18/fbi-most-wanted-hacker-trolling-the-u-s-government/

    08:55 UTC


    I feel so fucking lost

    I have depression, and mild autism, my life is just the same in day in day out.

    I was recently homeless and now I have a place to stay (sharehouse)

    I just want an IT job, it's the only job I can see myself doing.

    I have no qualifications, no car (i do have a motorbike)
    I feel so useless so fucking worthless, I honestly don't know what to do anymore.

    I have reported so many cybersecurity vulnerablities for what, for fucking nothing.

    I am sorry about this rant, I just don't know where else to put this.

    Can someone please just give me some advice.

    I am sick of wasting my fucking life and I feel so alone.

    08:32 UTC


    Name and Shame time

    A few months ago, I found cybersecurity vulnerability for Caltex. I found their whole rewards system vulnerability scanner and source code (basically confidential data for all you normies). I went through their bug bounty program, I spent hours on the phone navigating my way through support lines until I reached an IT guy, they said they will fix it and I'll get my bounty. (I just wanted a letter of recognition)

    They eventually fixed the vulnerability and I waited two weeks after they fixed it, I called up and I was told word for word "Fuck off I don't care about the bug bounty program, go kill yourself"

    05:16 UTC

    Back To Top