A subreddit dedicated to hacking and hackers.
Constructive collaboration and learning about exploits, industry standards, grey and white hat hacking, new hardware and software hacking technology, sharing ideas and suggestions for small business and personal security.
A subreddit dedicated to hacking and hacking culture.
What we are about: quality and constructive discussion about the culture, profession and love of hacking.
This sub is aimed at those with an understanding of hacking - please visit /r/HowToHack for posting beginner links and tutorials; any beginner questions should be directed there as they will result in a ban here.
Guides and tutorials are welcome here as long as they are suitably complex and most importantly legal!
Bans are handed out at moderator discretion.
Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"...
Damn kids. They're all alike.
Keep it legal Hacking can be a grey area but keep it above board. Discussion around the legality of issues is ok, encouraging or aiding illegal activities is not
We are not your personal army. This is not the place to try to find hackers to do your dirty work and you will be banned for trying. This includes:
No "how do i start hacking?" posts. See /r/howtohack or the stickied post. Intermediate questions are welcomed - e.g. "How does HSTS prevent SSL stripping?" is a good question. "How do I hack wifi with Kali?" is bad.
No "I got hacked" posts unless it's an interesting post-mortem of a unique attack. Your nan being phished doesn't count.
Sharing of personal data is forbidden - no doxxing or IP dumping
Spam is strictly forbidden and will result in a ban. Professional promotion e.g. from security firms/pen testing companies is allowed within the confines of site-wide rules on self promotion found here, but will otherwise be considered spam.
Off-topic posts will be treated as spam.
Low-effort content will be removed at moderator discretion
We are not tech support, these posts should be kept on /r/techsupport
Don't be a dick. Play nice, support each other and encourage learning.
I was unjustly blocked in a chatroom on charango. I need help unblocking myself.
Please excuse my poor art skills but the gist of the site allowed you to find connected information to whomever the input was. It was a tool we used at an old job when screening new employees and I cannot for the life of me recall what it’s called.
I have a spare phone I want to use on engagments, its a Huawei P10.
I want to know before rooting it if it will require a WiFi adaptor? Its not on their supported list, just wondering if anyone has tried this on a Huawei.
If an adaptor is required is it the same steps as using a Kali-VM?
As it says on the tin - Can anyone recommend a good honeypot to use at home?
I recenty setup OpenCanary but was hoping it would be a little bit more like the paid version which I have used before but is very expensive for the Pro version.
OpenCanary does work fine but I would like something a bit more graphical tbh like the paid version, where you can see a dashboard and stuff.
In ippsec's video, I noticed that he always emphasize about finding a hostname. For example, in HTB Search's video, he said that https leaking a hostname of "research"
I was wondering what can we do with the hostname?
There are two computers left in our building that have access to a shitty old nvr. It sounds like only one person, (maybe two?) still have the login. It’s been replaced but it still has some working cameras.
It use to be a joke but it’s becoming a competition between me and 8 others. Brute forcing it will take forever and resetting it would require someone to go into the security closet.
The software is so old that it’s no longer supported n runs like dogshit. (I think they both use IE on their PCs to play with the controls) but I’m not sure.
I was going to use a whid usb or make a vm and setup the exact same login when they connect via ip.
My biggest concern is plugging ina usb and someone catching me in the act. This lan is old shouldn’t even exist, it’s mostly used for a never ending game of civ5. Anyone have any ideas er suggestions ? (And Eric if you’re reading this then you’re just as guilty lol gitgud)
I know that Cryptography is a field that academic people really shine. It really needs a PHD to do serious research. What other fields do you know?
Thinking about RE, malware, embedded hacking, most of these doesn't seem to require a strong academic background (of course, it's good to have). But I suspect someone who is really good at fundamentals can push hacking to a new level.
I am currently SofDev and more and more System Engineer.
I don´t get the point how you could completely hide a troyan or anything in a e.g. picture. (jpeg etc) I know from long time ago you could spoof the endings, but i dont hink thats 2023, more 2003. Worked mostly in Web Dev and now more and more parts are System Engineer. Because of this I ask myself this questions. I know you can write some code which hurts the "PC" but it´s always the thing why would someone click this. If there is a real image beyond they maybe click it? But doesnt that get autospammed anyway? I had some of them in every adress but i clicked 0. Scams too. Why would I do this? Can someone explain?
i want to bypass the lightspeed filter agent (also jamf and cortex XDR but thats diffrent) on a M1 macbook air 2020 that my school gave us but lightspeed blocks a bunch of forums and other websites i use for school like calendars etc and using a VM or TOR is too slow, also we dont have admin but can add VPNs however they dont bypass it
covering the story of the stealing 30million pizza orders from pizza hut 😹😹 amazing job
is there a way to find things like promo codes with google dorks?
As The Title said,what is the hardest and most complex area of Hacking,What I mean by area is specialisity(Reverse engineer,Exploit developpement,Malware analysis,pwd,Web Hacking....)?
So I am not a noob, but definitely far from l337... I have been writing in python for a while now and again dont necessarily feel like I am expert by any means. Recently (past 3 years) I have seen a lot of tools and scrips being written in go. What do people think of it as a language. What advantages does it have in the cyber security space, over other langues. Thoughts on other languages besides python to learn and know... I know some basic java, and JS, i can also code in R, which is only really useful for data analysis post exploit and report generating...
So I'm trying to do some work at school on the library computers, which is stored on a USB drive that I have. When I plug it in, it works as intended and the drive is visible on the computer but whenever I try to use it it says access denied. They also have the shortcuts for winX and the run dialogue disabled, cmd admin locked, and you can't get into settings through the search bar. They're also running on windows 11. Anyone know how they're blocking it and/or how I could bypass/disable it?
I’m a software engineer and I’ve being doing this for 5+ years and I really want to get into the world of cyber security.
I’ve use Kali Linux and see some course in it but I can find a path or way for me to get a job in cyber security.
So please, how do I transition over? are there certificates I should get or do I need to do some CFT’s
China has officially confirmed that the US spy agency NSA hacked into Huawei's headquarters and carried out repeated cyberattacks.
The Chinese State Security Ministry report accuses the NSA of systematic attacks on the telecoms giant and other targets in China and other countries.
The report also reveals that the NSA targeted Northwestern Polytechnical University and accuses the US government of using cyberattack weapons against China and other countries for over 10 years.
The report highlights the NSA's cyberwarfare intelligence-gathering unit, known as the Office of Tailored Access Operations (TAO), which hacked into Huawei's servers in 2009 and continued to monitor them.
It also mentions the NSA's attempts to exploit Huawei's technology to gain access to computer and telephone networks in other countries.
Im done with doing everything by myself I want to find a small community where I could expand my horizons share some knowledge and have fun with other people.
Do you know any groups that accept after solving some challenge?
I can’t figure out a way how to find any small community.
I’m skilled in python, web development, networks, web vulnerabilities, web scraping(I can create an api from 99% websites) I also posses seo skills. Im willing to share my knowledge and of course learn new stuff.
I still consider myself a complete beginner but I have give and take mindset and Im learning new stuff almost everyday. I do not bother asking questions that could be easily googled or found on other search engines.
If you know a way how to get into group like this I would highly appreciate your help!
After learning about CSRF, I feel like probably not, because IIUC, the malicious site cannot actually view the response, they can only send responses on behalf of a user via the browser.
So there is these YouTube videos where they mess with people by reading there name and address on xbox, but how are they doing this like an ip address can only give you a general location unless you are the actual isp. So how do they find peoples address?
Is this information actionable? I have a decent phone camera so the information on screen is legible. I have been keenly interested in hacking a Touchtunes Jukebox for a couple years now and today was finally gifted with a rare opportunity to take a pic of the maintenance screen whole a tech was working on it.
Can this information be used to effectively wrest control of the Jukebox for my own nefarious means?
overthewire bandit level 18 - at first i didn't understand, then i did some research and understood but i wasn't getting the answer so i googled the answer to see what i was missing. It turns out - nothing!
I've literally copied and pasted the solutions into the password prompt and I'm getting no response. Has anybody had this happen to them? I've tried looking through the password files by logging in on a different levels put permissions are denied. how can i move on to the next level?
I’m learning about ligolo-Ng, which sets up a TCP/TLS tunnel so you can pivot across networks.
However, I found that you can
ping hosts through this tunnel normally. How is an ICMP datagram is using TCP?
I’d appreciate any insight on this. I feel like I must be missing something.
As a side note,
nmap -sn <NETWORK> also works but
sudo nmap -sn <NETWORK> doesn’t (the additional checks must screw up the results)
FBI Director Chris Wray revealed that China has a cyberespionage program that surpasses all of its major competitors combined.
Wray emphasized that even if the FBI focused solely on China, Chinese hackers would still outnumber their cyber personnel by at least 50 to 1.
China has repeatedly denied using hackers to spy on the United States.
Recent high-profile hacks, including the theft of hundreds of thousands of emails from senior U.S. government officials, have been attributed to China.
According to Mandiant Chief Executive Kevin Mandia, Chinese hackers are among the best spies in the world.
Russian hacker Mikhail Matveev, also known as "Wazawaka" and "Boriselcin," is one of the FBI's most wanted hackers.
He has been indicted by the U.S. government for being a prolific ransomware affiliate and carrying out significant attacks against companies and critical infrastructure.
Matveev is accused of being a central figure in the development and deployment of ransomware variants like Hive, LockBit, and Babuk.
Despite being on the FBI's most wanted list, Matveev continues to taunt the government by making a T-shirt with his own most wanted poster and engaging in online activities.
The FBI believes Matveev remains in Russia and is unlikely to face extradition to the United States.
I have depression, and mild autism, my life is just the same in day in day out.
I was recently homeless and now I have a place to stay (sharehouse)
I just want an IT job, it's the only job I can see myself doing.
I have no qualifications, no car (i do have a motorbike)
I feel so useless so fucking worthless, I honestly don't know what to do anymore.
I have reported so many cybersecurity vulnerablities for what, for fucking nothing.
I am sorry about this rant, I just don't know where else to put this.
Can someone please just give me some advice.
I am sick of wasting my fucking life and I feel so alone.
A few months ago, I found cybersecurity vulnerability for Caltex. I found their whole rewards system vulnerability scanner and source code (basically confidential data for all you normies). I went through their bug bounty program, I spent hours on the phone navigating my way through support lines until I reached an IT guy, they said they will fix it and I'll get my bounty. (I just wanted a letter of recognition)
They eventually fixed the vulnerability and I waited two weeks after they fixed it, I called up and I was told word for word "Fuck off I don't care about the bug bounty program, go kill yourself"