2025/2/19 上午11:13 hacking: security in practice

Skip to main content

r/hacking Search in r/hacki… Create

r/hacking
2.8m members 52 online

Join

r/hacking Wiki

,----------------, ,---------,
,-----------------------, ," ,"|
," ,"| ," ," |
+-----------------------+ | ," ," |
| .-----------------. | | +---------+ |
| | | | | | -==----'| |
| | WELCOME TO THE | | | | | |
| | /r/hacking wiki | | |/----|`---= | |
| | C:\>_ | | | ,/|==== ooo | ;
| | | | | // |(((( [33]| ,"
| `-----------------' |," .;'| |(((( | ,"
+-----------------------+ ;; | | |," -Kevin Lam-
/_)______________(_/ //' | +---------+
___________________________/___ `,
/ oooooooooooooooo .o. oooo /, \,"-----------
/ ==ooooooooooooooo==.o. ooo= // ,`\--{)B ,"
/_==__==========__==_ooo__ooo=_/' /___________,"
`-----------------------------'

Welcome to /r/hacking!

A subreddit dedicated to hacking and hacking culture.

What we are about: quality and constructive discussion about the culture, profession and love of hacking.

This sub is aimed at those with an understanding of hacking - please visit /r/HowToHack for posting
beginner links and tutorials; any beginner questions should be directed there as they will result in a ban
here.

Guides and tutorials are welcome here as long as they are suitably complex and most importantly legal!

Please don't post illegal stuffs. Bans are handed out at moderator discretion.

https://www.reddit.com/r/hacking/wiki/index/ 1/28
2025/2/19 上午11:13 hacking: security in practice

Rules
Skip to main content
Create
1. Keep it legal. Hacking can be a grey area but keep it above board. Discussion around the legality of
issues is ok, encouraging or aiding illegal activities is not.
2. We are not your personal army. This is not the place to try to find hackers to do your dirty work and
you will be banned for trying. This includes: Asking someone to hack for you, trying to hire hackers,
asking for help with your DoS, asking how to get into your "girlfriend's" instagram, and offering to do
these things will also result in a ban.
3. No "how do i start hacking?" posts. See /r/howtohack or the stickied post. Intermediate questions are
welcomed - e.g. "How does HSTS prevent SSL stripping?" is a good question. "How do I hack wifi with
Kali?" is bad.
4. No "I got hacked" posts unless it's an interesting post-mortem of a unique attack. Your nan being
phished doesn't count.
5. Sharing of personal data is forbidden - no doxxing or IP dumping.
6. Spam is strictly forbidden and will result in a ban. Professional promotion e.g. from security firms/pen
testing companies is allowed within the confines of site-wide rules on self promotion found here, but
will otherwise be considered spam.
7. Off-topic posts will be treated as spam.
8. Low-effort content will be removed at moderator discretion.
9. We are not tech support, these posts should be kept on /r/techsupport.
10. Don't be a dick. Play nice, support each other and encourage learning.

FAQ
Beginning & Basics to hacking

How do I start hacking?

Hacking is an incredibly broad topic. There's is no single "hacking" action. You will need to describe what
you want to learn. This post will help you define hacking. From there, check out resources related to the
areas of hacking you are interested in.

Past Threads:

What are some educational tools to become a white hat hacker for a beginner?

Where should I start?

Again, narrow down what you want to learn. There is simply too much in the wide world of hacking to not
narrow it down. Here are a few resources that provide a good general basis:

Hacking: the art of exploitation (amazon) - General overview of hacker mentality and basic exploitation
techniques
Violent Python (amazon) - Using basic python skills to create powerful tools for offence and defence.
Web Application Hacker's Handbook (amazon) - Very in depth guide to website security and common
vulnerabilities.

https://www.reddit.com/r/hacking/wiki/index/ 2/28
2025/2/19 上午11:13 hacking: security in practice

Practical Malware Analysis (amazon) - This will teach you how to analyze malware thoroughly. Yes, it will
Skip to main content
teach you how malware is written and how malware authors think. Create

Has my password or email address been leaked, stolen or compromised? How can I check?

https://haveibeenpwned.com

Have I been hacked? What do I do if I've been hacked?

http://www.helpivebeenhacked.com/ - Format your computer or factory reset your phone. This is not a
tech support sub.

I want to scan a suspicious URL

https://urlscan.io/

I want to whois a domain name

https://whois.domaintools.com/google.com

I want to learn more about an IP address

https://search.censys.io/hosts/1.1.1.1
https://search.arin.net/rdap/?query=1.1.1.1

I want to see intel threat feeds

https://otx.alienvault.com/

I need a script that does X or Y

Check the Github section of this wiki.

I want to scan an IP ranges/domains

https://www.shodan.io/
https://nmap.org/

Group Sub Activities

Wardriving
Into war driving? Join the /r/hacking team on WiGLE :)

https://wigle.net/stats#groupstats

https://www.reddit.com/r/hacking/wiki/index/ 3/28
2025/2/19 上午11:13 hacking: security in practice

Search for /r/hacking and click join that is to the right of it. Anyone can join and contribute!
Skip to main content
Create
What is WiGLE?

Maps and database of 802.11 wireless networks, with statistics, submitted by wardrivers,
netstumblers, and net huggers.

Get started:

https://wigle.net/faq

Resources
Past AMAs
2024 - Hello. We are the Daily Dot and we are here to talk all things SiegedSec and the Heritage
Foundation breach
2022 I am Jon DiMaggio, professional "bad guy hunter" and author of The Art of Cyberwarfare from No
Starch Press. AMA/ Ask me anything!
2022 I became a Chief Information Security Officer without having a college degree. Ask me anything!
2022 We're hackers who just published books with No Starch Press. AUA/ Ask us anything!

News
https://krebsonsecurity.com/
https://nakedsecurity.sophos.com/
https://www.bleepingcomputer.com/
https://www.fireeye.com/blog/threat-research.html
https://news.ycombinator.com/
https://www.proofpoint.com/us/blog
https://blog.talosintelligence.com
https://blog.rapid7.com/tag/metasploit/
https://www.hackaday.com

Conferences
44Con - Annual Security Conference held in London.
Blackhat - Las Vegas
BSides - Worldwide
CarolinaCon - Infosec conference, held annually in North Carolina.
Chaos Communication Congress - Germany
CHCon - Christchurch Hacker Con, Only South Island of New Zealand hacker con.
DeepSec - Security Conference in Vienna, Austria.
DEF CON - Las Vegas
Ekoparty - Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina.
https://www.reddit.com/r/hacking/wiki/index/ 4/28
2025/2/19 上午11:13 hacking: security in practice

Hackers On Planet Earth aka HOPE - Semi-annual conference held in New York City.
Skip to main content
Create
LayerOne - Annual US security conference held every spring in Los Angeles.
Nolacon - New Orleans
OrangeCon - OrangeCon is a community driven, non-profit Cybersecurity Conference in the heart of
The Netherlands.
SAINTCON - SAINTCON is an annual cyber-security conference presented by the Utah Security Advisory
and Incident Network Team (“UtahSAINT”)
ShmooCon - Annual US East coast hacker convention.
SummerCon - One of the oldest hacker conventions in America, held during Summer.
THOTCON - Chicago
ToorCamp - San Juan Islands, Washington
Wild West Hackin’ Fest - San Diego

InfoSec Twitters
https://twitter.com/Bank_Security
https://twitter.com/briankrebs
https://twitter.com/IanColdwater
https://twitter.com/LitMoose
https://twitter.com/sshell_
https://twitter.com/zer0pwn
https://twitter.com/TraceLabs
https://twitter.com/LooseSecurity
https://twitter.com/leet_sauce
https://twitter.com/notdan
https://twitter.com/thugcrowd
https://twitter.com/Viking_Sec
https://twitter.com/netspooky
https://twitter.com/b1ack0wl
https://twitter.com/irongeek_adc
https://twitter.com/deviantollam
https://twitter.com/AlyssaM_InfoSec
https://twitter.com/d0rkph0enix
https://twitter.com/DAkacki
https://twitter.com/defcon
https://twitter.com/MalwareTechBlog
https://twitter.com/Intel471Inc
https://twitter.com/CISAKrebs
https://twitter.com/NSACyber
https://twitter.com/TinkerSec
https://twitter.com/ihackbanme

https://www.reddit.com/r/hacking/wiki/index/ 5/28
2025/2/19 上午11:13 hacking: security in practice

History
Skip to main content
Create
Reading & Culture

Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime
Scandal", "Hacker Arrested after Bank Tampering"...

Damn kids. They're all alike.

But did you, in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes
of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have
molded him?

I am a hacker, enter my world...

Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach
us bores me...

Damn underachiever. They're all alike.

I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce
a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head..."

Damn kid. Probably copied it. They're all alike.

I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it
makes a mistake, it's because I screwed it up. Not because it doesn't like me... Or feels threatened by
me... Or thinks I'm a smart ass... Or doesn't like teaching and shouldn't be here...

Damn kid. All he does is play games. They're all alike.

And then it happened... a door opened to a world... rushing through the phone line like heroin
through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day
incompetencies is sought... a board is found. "This is it... this is where I belong..." I know everyone
here... even if I've never met them, never talked to them, may never hear from them again... I know
you all...

Damn kid. Tying up the phone line again. They're all alike...

You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for
steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been
dominated by sadists, or ignored by the apathetic. The few that had something to teach found us
willing pupils, but those few are like drops of water in the desert.

This is our world now... the world of the electron and the switch, the beauty of the baud. We make
use of a service already existing without paying for what could be dirt-cheap if it wasn't run by
profiteering gluttons, and you call us criminals. We explore... and you call us criminals. We seek after
knowledge... and you call us criminals. We exist without skin color, without nationality, without
religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat,
and lie to us and try to make us believe it's for our own good, yet we're the criminals.

Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say
and think, not what they look like. My crime is that of outsmarting you, something that you will never

https://www.reddit.com/r/hacking/wiki/index/ 6/28
2025/2/19 上午11:13 hacking: security in practice

forgive me for.
Skip to main content
Create
I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after
all, we're all alike.

~ The Conscience of a Hacker aka The Hacker Manifesto - Written on January 8, 1986

Malware

Viruses & Worms

Anna Kournikova
Blaster
Code Red
Conficker
ILOVEYOU virus
Melissa virus
Morris Worm
MyDoom
Santy
Slammer
Storm Worm
Stuxnet
WannaCry virus
Welchia

History

The Strange History of Ransomware

Hackers

Adrian Lamo - gained media attention for breaking into several high-profile computer networks,
including those of The New York Times, Yahoo!, and Microsoft, culminating in his 2003 arrest. Lamo was
best known for reporting U.S. soldier Chelsea Manning to Army criminal investigators in 2010 for
leaking hundreds of thousands of sensitive U.S. government documents to WikiLeaks. reddit username
= /u/Adapt/
Albert Gonzales - an American computer hacker and computer criminal who is accused of
masterminding the combined credit card theft and subsequent reselling of more than 170 million card
and ATM numbers from 2005 to 2007: the biggest such fraud in history.
Andrew Auernheimer (known as Weev) - Went to jail for using math against AT&T website.
Barnaby Jack - was a New Zealand hacker, programmer and computer security expert. He was known
for his presentation at the Black Hat computer security conference in 2010, during which he exploited
two ATMs and made them dispense fake paper currency on the stage. Among his other most notable
works were the exploitation of various medical devices, including pacemakers and insulin pumps.
Benjamin Delpy - Mimikatz
DVD-Jon - He wrote the DeCSS software, which decodes the Content Scramble System used for DVD
licensing enforcement.

https://www.reddit.com/r/hacking/wiki/index/ 7/28
2025/2/19 上午11:13 hacking: security in practice

Eric Corley (known as Emmanuel Goldstein) - 2600

Skip to main content
Create
Gary McKinnon - a Scottish systems administrator and hacker who was accused in 2002 of perpetrating
the "biggest military computer hack of all time," although McKinnon himself states that he was merely
looking for evidence of free energy suppression and a cover-up of UFO activity and other technologies
potentially useful to the public. 👽🛸
George Hotz aka geohot - "The former Facebook engineer took on the giants of the tech world by
developing the first iPhone carrier-unlock techniques," says Mark Greenwood, head of data science at
Netacea, "followed a few years later by reverse engineering Sony’s PlayStation 3, clearing the way for
users to run their own code on locked-down hardware. George sparked an interest in a younger
generation frustrated with hardware and software restrictions being imposed on them and led to a new
scene of opening up devices, ultimately leading to better security and more openness."
Guccifer 2.0 - a persona which claimed to be the hacker(s) that hacked into the Democratic National
Committee (DNC) computer network and then leaked its documents to the media, the website
WikiLeaks, and a conference event.
Hector Monsegur (known as Sabu) - an American computer hacker and co-founder of the hacking
group LulzSec. He Monsegur became an informant for the FBI, working with the agency for over ten
months to aid them in identifying the other hackers from LulzSec and related groups.
Jacob Appelbaum - an American independent journalist, computer security researcher, artist, and
hacker. He has been employed by the University of Washington, and was a core member of the Tor
project, a free software network designed to provide online anonymity.
James Forshaw - one of the world's foremost bug bounty huners
Jeanson James Ancheta - On May 9, 2006, Jeanson James Ancheta (born 1985) became the first person
to be charged for controlling large numbers of hijacked computers or botnets.
Jeremy Hammond - He was convicted of computer fraud in 2013 for hacking the private intelligence
firm Stratfor and releasing data to the whistle-blowing website WikiLeaks, and sentenced to 10 years in
prison.
John Draper - also known as Captain Crunch, Crunch or Crunchman (after the Cap'n Crunch breakfast
cereal mascot), is an American computer programmer and former legendary phone phreak.
Kevin Mitnick - Free Kevin
Kimberley Vanvaeck (known as Gigabyte) - a virus writer from Belgium known for a long-standing
dispute which involved the internet security firm Sophos and one of its employees, Graham Cluley.
Vanvaeck wrote several viruses, including Quis, Coconut and YahaSux (also called Sahay). She also
created a Sharp virus (also called "Sharpei"), credited as being the first virus to be written in C#.
Lauri Love - a British activist charged with stealing data from United States Government computers
including the United States Army, Missile Defense Agency, and NASA via computer intrusion.
Michael Calce (known as MafiaBoy) - a security expert from Île Bizard, Quebec who launched a series of
highly publicized denial-of-service attacks in February 2000 against large commercial websites,
including Yahoo!, Fifa.com, Amazon.com, Dell, Inc., E*TRADE, eBay, and CNN.
Mudge - Peiter C. Zatko, better known as Mudge, is a network security expert, open source
programmer, writer, and a hacker. He was the most prominent member of the high-profile hacker think
tank the L0pht as well as the long-lived computer and culture hacking cooperative the Cult of the Dead
Cow.
Phineas Fisher - vigilante hacker god
PRAGMA - Also known as Impragma or PHOENiX, PRAGMA is the author of Snipr, one of the most
prolific credential stuffing tools available online.

https://www.reddit.com/r/hacking/wiki/index/ 8/28
2025/2/19 上午11:13 hacking: security in practice

Timothy McVeigh - While in high school McVeigh became interested in computers, and hacked into
Skip to main content
Createtaken from the
government computer systems on his Commodore 64 under the handle The Wanderer,
song by Dion DiMucci.

Hacking Groups

The 414s - The 414s were a group of computer hackers who broke into dozens of high-profile
computer systems, including ones at Los Alamos National Laboratory, Sloan-Kettering Cancer Center,
and Security Pacific Bank, in 1982 and 1983.
The Shadow Brokers - is a hacker group who first appeared in the summer of 2016. They published
several leaks containing hacking tools from the National Security Agency (NSA), including several zero-
day exploits. Specifically, these exploits and vulnerabilities targeted enterprise firewalls, antivirus
software, and Microsoft products.[6] The Shadow Brokers originally attributed the leaks to the Equation
Group threat actor, who have been tied to the NSA's Tailored Access Operations unit.
Equation Group - The Equation Group, classified as an advanced persistent threat, is a highly
sophisticated threat actor suspected of being tied to the Tailored Access Operations (TAO) unit of the
United States National Security Agency (NSA).
Fancy Bear - Fancy Bear (also known as APT28 (by Mandiant), Pawn Storm, Sofacy Group (by Kaspersky),
Sednit, Tsar Team (by FireEye) and STRONTIUM (by Microsoft)) is a Russian cyber espionage group.
Cybersecurity firm CrowdStrike has said with a medium level of confidence that it is associated with the
Russian military intelligence agency GRU.

Software

Sub7
Back Orifice
Netbus
WinNuke
AOHell

Groups

LulzSec
Goatse Security
GNAA

Music
YTCracker
Crime of Curiosity by Amplitude Problem
Hairetsu
yung innanet
DualCore
Rekt Network - Cyberpunk Radio - Free 24/7 Live Streaming
Programming / Coding / Hacking music vol.18
Programming / Coding / Hacking music vol.17
Programming / Coding / Hacking music vol.16

https://www.reddit.com/r/hacking/wiki/index/ 9/28
2025/2/19 上午11:13 hacking: security in practice

24/7 lofi hip hop radio - beats to study/chill/relax

Skip to main content
Create
Concentration Programming Music
Concentration \ Programming Music 0100 (Part 4)
Chillstep Music for Programming / Cyber / Coding - length 2:08:38
Crime City Nights - Cyberpunk / Dark Synthwave - length 2:05:23
Cyberpunk 2077 Mix (Best of Cyber Electro) - length - 2:47:56
'Back To The 80's' | Best of Synthwave And Retro Electro Music Mix for 2 Hours | Vol. 9 - length - 2:01:56

Movies & TV
Movies

Blackhat
Hacker
Hackers - Watch for free
Kung Fury
Plastic
Sneakers
Snowden
Swordfish
Takedown
The Girl with the Dragon Tattoo
The Matrix
The Net
The Score
Three Days of the Condor
Tron
War Games

TV

Bugs - BBC TV series from 1995

Mr. Robot

Anime

Blame!
Ghost In The Shell

Tools
nmap - Port Scanner & Network Exploration Tool

Proxy services

https://www.reddit.com/r/hacking/wiki/index/ 10/28
2025/2/19 上午11:13 hacking: security in practice

Shifter - Over 50M+ IPs. Worldwide Coverage. Ultra Low Latencies. Unlimited Sessions.
Skip to main content
Create
IntenseProxy - Lightning Fast Residential Proxies. We provide authentic residential proxies with pool of
over 26 million IPS in 149 countries.
Webshare - Buy anonymous and private proxy servers. HTTP & SOCKS5 Proxy supported. IP
Authentication or Password Authentication available.
ProxyScrape - Free proxy lists. HTTP, Socks4 and Socks5 proxy lists updated 24/7.
Proxiware - High-speed residential proxies.
Oxylabs - Mobile proxies. Large and stable Mobile Proxy network with 20M+ IPs.
BitcoinProxy - residential proxies

CAPTCHA Solving Services

2captcha - 2Captcha is best reCAPTCHA solving serivce. Pay only for solved captchas. The server load
does not affect the price.
Anti Captcha - Captcha Solving Service. Bypass reCAPTCHA, FunCaptcha Arkose Labs, image captcha,
GeeTest, HCaptcha.
BypassCaptcha - BypassCaptcha.com is dedicated for captcha decoding since 2008. It runs 24x7x365
and it owns detailed statistics since the first day you start using it, and so no hidden fee.
DeathByCaptcha - With Death by Captcha you can solve any CAPTCHA. All you need to do is
implement our API, pass us your CAPTCHAs and we’ll return the text. It’s that easy!
EndCaptcha - 7 second solving times, guaranteed Speed. We have a Slowness Insurance and an Outage
Insurance.
NextCaptcha - NextCaptcha is a Captcha solver for recaptcha, hcaptcha, funcaptcha online Service.

VPNs
If you are gunna be hackin, use a VPN.

Free

CalyxVPN - CalyxVPN is an open-source VPN service The Calyx Institute offers as part of our non-profit
mission. Our VPN is free for everyone on the internet to use, thanks to the generous support of our
members.
RiseUp - Riseup offers Personal VPN service for censorship circumvention, location anonymization and
traffic encryption. To make this possible, it sends all your internet traffic through an encrypted
connection to riseup.net, where it then goes out onto the public internet. Unlike most other VPN
providers, Riseup does not log your IP address.

Paid

Mullvad - Mullvad is an open-source commercial VPN service based in Sweden.

XSS
XSS Filter Evasion Cheat Sheet
XSS cheatsheet Esp: for filter evasion

https://www.reddit.com/r/hacking/wiki/index/ 11/28
2025/2/19 上午11:13 hacking: security in practice

XSS Vectors Cheat Sheet

Skip to main content
Create
/r/xss

Forums
Popular forums in the hacking scene.

HackForums (EN)
BlackHatWorld (EN)
RaidForums (EN) - RIP. Seized by the FBI in Feb 2022
Breached.vc (EN) - RIP. Seized by the FBI in March 2023.
BreachForums.cx (EN) - RIP. Seized by the FBI in May 2024.
BreachForums.st (EN)
OGUsers (EN)
SentryMBA (EN)
Nulled (EN) - RIP. Seized by the FBI in Jan 2025
UnKnoWnCheaTs (EN)
MPGH (EN)
Cracked.to (EN) - RIP. Seized by the FBI in Jan 2025
XSS (EN/RU)
Antichat (RU)
Exploit.in (RU)
BHF (RU)
FuckAV (RU)
Korovka (RU)
RUSdot (RU)
RAMP (RU)

CTFs
New to CTFs

If you know nothing about CTFs or this is your first attempt at doing a CTF, it is suggested you read over the
Awesome CTF list first.

If you are brand new to hacking or CTFs, we recommend making accounts on TryHackMe, HackTheBox, and
LearnCyber.

They are both free platforms.

Go through the courses and info and get through the basics and foundational knowledge. These will prepare
you for the world of hacking and CTFs.

What is a CTF?

https://www.reddit.com/r/hacking/wiki/index/ 12/28
2025/2/19 上午11:13 hacking: security in practice

CTF stands for Capture The Flag, a style of hacking event where you have one goal: hack in and find the flag.
Skip to main content
Create
Flags are placed in various locations -- they might be in a file, in the database, stuck into source code, or
otherwise -- and your goal is to hunt them all down.

CTF for Beginners

Bandit - The Bandit wargame is aimed at absolute beginners. It will teach the basics needed to be able
to play other wargames.
316ctf - Welcome to 316ctf! This FREE persistent and growing Capture-the-Flag game is intended for
middle school students, high school students, and anybody else interested in learning technical skills in
cybersecurity. There are currently 165+ challenges ready for you.

Popular CTFs

TryHackMe - TryHackMe is a free online platform for learning cyber security, using hands-on exercises
and labs, all through your browser!
Hack The Box - Hack The Box is an online platform allowing you to test your penetration testing skills
and exchange ideas and methodologies with thousands of people in the security field. Click below to
hack our invite challenge, then get started on one of our many live machines or challenges.
Hacker101 CTF - The Hacker101 CTF is a game designed to let you learn to hack in a safe, rewarding
environment. Hacker101 is a free educational site for hackers, run by HackerOne. This CTF is another
integral component in our plans to make the world a better place, one bug at a time.
Root Me CTF - Improve your hacking skills in a realistic environment where the goal is to fully
compromise, « root » the host!
Hack This Site - Hack This Site is a free, safe and legal training ground for hackers to test and expand
their hacking skills. More than just another hacker wargames site, we are a living, breathing community
with many active projects in development, with a vast selection of hacking articles and a huge forum
where users can discuss hacking, network security, and just about everything. Tune in to the hacker
underground and get involved with the project.
Hack This! - Want to learn about hacking and network security? Discover how hacks, dumps and
defacements are performed and secure your website against hackers with HackThis!!
OverTheWire - is a brilliant beginner resource. It gets you used to Linux, teaches you about a range of
different tools, technologies, protocols etc. Even at the beginning at the challenge it points you in the
right direction if you are unsure. This has definitely helped me in more advanced CTF challenges.
picoCTF - is very good for learning a wide range of skills or just practicing old ones. It includes reverse
engineering, binary exploitation, web hacking and more. There is also a great number of walkthroughs
online for each challenge should you need to view them.
Vulnhub - Vulnhub is a popular platform that hosts good boot2root vm's that range in difficulty. These
too have a lot of online walkthroughs in case you need them.
The National Cyber League - The National Cyber League (NCL) is a biannual cybersecurity competition
for high school and college students. The competition consists of a series of challenges that allows
students to demonstrate their ability to identify hackers from forensic data, break into vulnerable
websites, recover from ransomware attacks, and more

Want to talk about CTFs or techniques? Check out /r/securityCTF.

Want to make your own CTF? Check out ctfd.

https://www.reddit.com/r/hacking/wiki/index/ 13/28
2025/2/19 上午11:13 hacking: security in practice

Education
Skip to main content
Create
Classes (Free and Paid)

pwn.guide - Your guide to pwning stuff. Welcome to a place, where you can learn how to attack &
defend stuff by learning from tutorials, created by cybersecurity experts.
Udemy - Ethical Hacking
Udemy - Cyber Security
Udemy - Penetration Testing
Udemy - Kali Linux
Udemy - Metasploit
Cybrary - Free Hacking Training
Cybrary - ISC2 CISSP
Cybrary - WiFi Security: WEP, WPA, and WPA2
Cybrary - Ethical Hacking
HackerOne - Start Hacking

Certification Help

Professor Messer Videos

CompTIA Security+ Study Groups

CompTIA A+ Study Groups
CompTIA Network+ Study Groups

How To Guides & Tutorials

Tutorial: Is My Wireless Card Compatible?
Defeating a Laptop's BIOS Password
More coming soon

Videos
I'll Let Myself In: Tactics of Physical Pen Testers
You’re Probably Not Red Teaming... And Usually I’m Not, Either - SANS ICS 2018
BREAKING in BAD (I’m the one who doesn’t knock) - Jayson Street
DEFCON - The Full Documentary
DEF CON 17 - That Awesome Time I Was Sued For Two Billion Dollars
DEF CON 18 - Zoz - Pwned By The Owner: What Happens When You Steal A Hacker's Computer
DEF CON 18 - Chris Paget - Practical Cellphone Spying
DEF CON 19 - Deviant Ollam - Safe to Armed in Seconds
DEF CON 21 - ZOZ - Hacking Driverless Vehicles
DEF CON 22 - Metacortex and Grifter - Touring the Darkside of the Internet. An Introduction to Tor
DEF CON 22 - Deviant Ollam & Howard Payne - Elevator Hacking - From the Pit to the Penthouse
DEF CON 22 - Zoz - Don't Fuck It Up!
DEF CON 23 - Robinson and Mitchell - Knocking my neighbors kids cruddy drone offline

https://www.reddit.com/r/hacking/wiki/index/ 14/28
2025/2/19 上午11:13 hacking: security in practice

DEF CON 23 - Van Albert and Banks - Looping Surveillance Cameras through Live Editing
Skip to main content
Create
DEF CON 23 - Chris Rock - I Will Kill You
DEF CON 24 - Chris Rock - How to Overthrow a Government
DEF CON 24 - Weston Hecker - Hacking Hotel Keys and Point of Sale Systems
DEF CON 24 - int0x80 - Anti Forensics AF
DEF CON 25 - Roger Dingledine - Next Generation Tor Onion Services
DEF CON 26 - smea - Jailbreaking the 3DS Through 7 Years of Hardening

Reading
2600
Phrack

Podcasts
Darknet Diaries - Darknet Diaries produces audio stories specifically intended to capture, preserve, and
explain the culture around hacking and cyber security in order to educate and entertain both technical
and non-technical audiences.
Hacking Humans - Join Dave Bittner and Joe Carrigan each week as they look behind the social
engineering scams, phishing schemes, and criminal exploits that are making headlines and taking a
heavy toll on organizations around the world.
Security Now - TechTV's Leo Laporte and I spend somewhat shy of two hours each week to discuss
important issues of personal computer security. Sometimes we'll discuss something that just happened.
Sometimes we'll talk about long-standing problems, concerns, or solutions. Either way, every week we
endeavor to produce something interesting and important for every personal computer user.
Modem Mischief Podcast - Modem Mischief is a true cybercrime podcast. Created, produced and
hosted by Keith Korneluk.

Bug Bounty Programs

Get paid to discover vulnerabilities and security issues.

Bugcrowd
HackerOne
Zerodium
Facebook
Github
Google
Intel
Microsoft
HP
Mozilla

https://pentester.land/writeups/ - View past writeups on discovered bugs

https://www.reddit.com/r/hacking/wiki/index/ 15/28
2025/2/19 上午11:13 hacking: security in practice

Lawto main content

Skip
Create
Computer Fraud and Abuse Act (CFAA) - US - is a United States cybersecurity bill that was enacted in
1986 as an amendment to existing computer fraud law (18 U.S.C. § 1030), which had been included in
the Comprehensive Crime Control Act of 1984. The law prohibits accessing a computer without
authorization, or in excess of authorization. This is what the FBI is gunna use to bust your ass (or a
conspiracy or wire fraud charge) if you fuck around and get caught. Read up about it. If you are busted,
the FBI may pressure you into becoming a Confidential Human Source aka a snitch. Do not do it.
Lawyer up!
Computer Misuse Act 1990 - UK - 1990 is a key piece of legislation that criminalizes the act of
accessing or modifying data stored on a computer system without appropriate consent or permission.

OSINT
Bellingcat’s OSINT Toolkit
Geonames - Extremely useful for finding alternative names and co-ordinates of places.
Who Posted What - A search engine for Facebook, built by Henk Van Ess.
Twitter Advanced Search - An advanced search for Twitter, which also allows you to search by date.
Google Earth Pro - Much better than normal Google Maps, make sure to check out the historic imagery
function.
Guide To Using Reverse Image Search For Investigations
A Beginner’s Guide To Flight Tracking
How To Tell Stories: A Beginner’s Guide For Open Source Researchers
How To Use Google Earth’s Three Dimensional View: Feat. Syria, Yemen, Sudan
Spiderfoot - Multi-source OSINT automation tool with a Web UI and report visualizations.
Maltego - Proprietary software for open source intelligence and forensics, from Paterva.
chatter - chatter is a proof of concept osint monitoring telegram bot for windows (server, ideally) that
monitors tweet content, reddit submission titles and 4chan post content for specific keywords - as well
as phrases in quotation marks. it feeds content that is discovered to your telegram group in near real-
time depending on your configuration. this is an early beta release with limited features.
Sherlock - Hunt down social media accounts by username across social networks

Scanning
OpenDoor - OpenDoor OWASP is console multifunctional web sites scanner. This application find all
possible ways to login, index of/ directories, web shells, restricted access points, subdomains, hidden
data and large backups.
Raccoon - A high performance offensive security tool for reconnaissance and vulnerability scanning
dirmap - An advanced web directory & file scanning tool that will be more powerful than DirBuster,
Dirsearch, cansina, and Yu Jian.一个高级web目录、文件扫描工具，功能将会强于DirBuster、Dirsearch、
cansina、御剑。
dirhunt - Dirhunt is a web crawler optimize for search and analyze directories. This tool can find
interesting things if the server has the "index of" mode enabled. Dirhunt is also useful if the directory
listing is not enabled. It detects directories with false 404 errors, directories where an empty index file
has been created to hide things and much more.

https://www.reddit.com/r/hacking/wiki/index/ 16/28
2025/2/19 上午11:13 hacking: security in practice

Cracking
Skip to main content
Create
Need help cracking a password hash? Try posting the hash to /r/crackthis for help.

Beginner Tutorial YouTube Videos

Cracking PASSWORD HASHES

Hashcat Beginner's guide to cracking MD5 hashes with the Rockyou wordlist
How to use Hashcat on Windows 10
Cracking NTLM Hashes

ZIP & RAR files

How To Crack ZIP & RAR Files With Hashcat

Password Hacking | Cracking RAR & ZIP Files with Hashcat

Hashes

HashMob
Hash Killer
Crackstation
OnlineHashCrack
Hashes.com

Passwords

hashcat
HAT - HAT (Hashcat Automation Tool) - An Automated Hashcat Tool for common wordlists and rules to
speed up the process of cracking hashes during engagements. Created for Linux based systems
John The Ripper
SentryMBA
Open Bullet
SNIPR
CUPP - Common User Passwords Profiler

Password & Wordlists (HTTP/HTTPS) - working as of 2/2023

Probable Wordlists - Version 2.0 - Version 2 is live! Wordlists sorted by probability originally created for
password generation and testing - make sure your passwords aren't popular!
Real Passwords - These are REAL passwords.
Dictionary-Style Lists - Files including dictionaries, encyclopedic lists and miscellaneous. Wordlists in
this folder were not necessarily associated with the "password" label.
NetgearKiller.dict - my Netgear WPA dict
https://download.g0tmi1k.com/wordlists/wifi/
https://github.com/soxrok2212/PSKracker/tree/master/dicts
https://github.com/kennyn510/wpa2-wordlists
https://github.com/danielmiessler/SecLists/tree/master/Passwords

https://www.reddit.com/r/hacking/wiki/index/ 17/28
2025/2/19 上午11:13 hacking: security in practice

adjective_noun_3_digits_router.lst.gz - Some routers have this naming scheme. 4.1G

Skip to main content
Create
breachcompletion_no_emails.lst.gz - A long list of passwords from breaches with email pairs stripped.
1.3G.
super_wpa.lst.gz - WPA wifi wordlist. 4.3G.
more lists from the above source @ https://oxagast.org/wordlists/
https://wiki.skullsecurity.org/Passwords
https://github.com/xajkep/wordlists
https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt (~14,300,000
words)
https://github.com/dwyl/english-words/blob/master/words.txt (~466,000 words)
http://storage.aircrack-ng.org/users/PsycO/PsycOPacKv2.rar (1.4GB)
http://www.mediafire.com/file/9tf3n2d45tgktq1/Rocktastic12a.7z/file (1.37GB - Compressed)
https://crackstation.net/files/crackstation-human-only.txt.gz (4.2 GB)
https://crackstation.net/crackstation-wordlist-password-cracking-dictionary.htm
https://download.g0tmi1k.com/wordlists/large/
https://download.g0tmi1k.com/wordlists/large/sp00ks_merged_file_uniq.7z (2.7 GB - Compressed)
https://download.g0tmi1k.com/wordlists/large/10-million-combos.zip (8.8 GB)
https://download.g0tmi1k.com/wordlists/large/36.4GB-18_in_1.lst.7z (48.4 GB)
http://download1568.mediafire.com/yuh4jmehecwg/8oazhwqzexid771/WordlistBySheez_v8.7z (166.17
GB)

WPA/WPA2

Aircrack-ng - Aircrack-ng is a complete suite of tools to assess WiFi network security.

Cracking my first WPA2 password!
Cracking WPA/WPA2 with hashcat
Practical WPA2 Attacks on NETGEAR Routers

hashcat

Hashcat GPU benchmarking table for Nvidia & AMD (WPA2 hashes) - If you are planning to create a
cracking rig for research purposes check out GPU hashcat benchmark table below.
Hashcat Cheatsheet for OSCP
hashcat - Howtos, Videos, Papers, Articles, etc. in the wild

Google Dorks
Google Hacking Database

SQLi
sqlmap - Automatic SQL injection and database takeover tool
SQLi Dumper

https://www.reddit.com/r/hacking/wiki/index/ 18/28
2025/2/19 上午11:13 hacking: security in practice

Misc.
Skip to main content
Create
Make your own BadUSB

ATTINY85

How to:
https://macrosec.tech/index.php/2021/06/10/creating-bad-usb/
Scripts:
https://github.com/CedArctic/DigiSpark-Scripts
https://github.com/MTK911/Attiny85/tree/master/payloads

Hacker Gift Ideas

We frequently have posts from users asking what they can buy for their significant other, family, or friend.
Below is a list of some simple gift ideas.

Stickers

Stickers are like currency in the hacking world, you can never go wrong there!

https://neatstickersco.etsy.com (you can use promo code REDDIT for 5% off) - hacking & cybersecurity
related stickers
https://www.etsy.com/shop/TheGarbageFile
https://www.etsy.com/shop/hackerculture

Devices

FlipperZero - https://flipperzero.one
Raspberry Pis - https://www.raspberrypi.com
ATTINY85
BadUSB
O.MG Cable - https://shop.hak5.org/products/omg-cable
USB Killer - https://usbkill.com
Arduino - https://www.arduino.cc

Clothing

https://dustrial.net
https://www.vx-underwear.org/ - all proceeds are split between the artist and vx-underground.

Misc.

Hak5 - https://shop.hak5.org

Useful Github Resources

Awesome Lists

Awesome OSINT - A curated list of amazingly awesome OSINT

https://www.reddit.com/r/hacking/wiki/index/ 19/28
2025/2/19 上午11:13 hacking: security in practice

Awesome Malware Analysis - A curated list of awesome malware analysis tools and resources.
Skip to main content
Create
Awesome CTF - A curated list of Capture The Flag (CTF) frameworks, libraries, resources, softwares and
tutorials. This list aims to help starters as well as seasoned CTF players to find everything related to
CTFs at one place.
Awesome Hacking - A curated list of awesome Hacking.
Awesome Honeypots - A curated list of awesome honeypots, plus related components and much more,
divided into categories such as Web, services, and others, with a focus on free and open source
projects.
Awesome Incident Response - A curated list of tools and resources for security incident response,
aimed to help security analysts and DFIR teams.
Awesome Vehicle Security - curated list of awesome resources, books, hardware, software, applications,
people to follow, and more cool stuff about vehicle security, car hacking, and tinkering with the
functionality of your car.
Awesome Web Security - Curated list of Web Security materials and resources.
Awesome Lockpicking - A curated list of awesome guides, tools, and other resources relating to the
security and compromise of locks, safes, and keys.
Awesome Cybersecurity Blue Team - A collection of awesome resources, tools, and other shiny things
for cybersecurity blue teams.
Awesome AppSec - A curated list of resources for learning about application security. Contains books,
websites, blog posts, and self-assessment quizzes.
Awesome Security - A collection of awesome software, libraries, documents, books, resources and cool
stuff about security.
Awesome Pentest - A collection of awesome penetration testing resources, tools and other shiny things

Cracking & Bruteforce & Scanning

Subdomain bruteforce - a subdomain brute forcing tool for windows

Instashell - Multi-threaded Instagram Brute Forcer without password limit
Nuclei - a fast tool for configurable targeted scanning based on templates offering massive extensibility
and ease of use.
gobuster - Gobuster is a tool used to brute-force: URLs, DNS, Vhosts, Amazon s3 buckets, Google
Cloud buckets, and TFTP servers.
getallurls aka gau - getallurls (gau) fetches known URLs from AlienVault's Open Threat Exchange, the
Wayback Machine, Common Crawl, and URLScan for any given domain. Inspired by Tomnomnom's
waybackurls.
subfinder - subfinder is a subdomain discovery tool that returns valid subdomains for websites, using
passive online sources. It has a simple, modular architecture and is optimized for speed. subfinder is
built for doing one thing only - passive subdomain enumeration, and it does that very well.
ffuf - A fast web fuzzer written in Go.

WordPress

WPScan - WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written
for security professionals and blog maintainers to test the security of their WordPress websites. Can be
used to discover usernames and bruteforce logins.
WordPress Exploit Framework - WPXF. A Ruby framework designed to aid in the penetration testing of
WordPress systems.

https://www.reddit.com/r/hacking/wiki/index/ 20/28
2025/2/19 上午11:13 hacking: security in practice

CMSeeK - CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other
Skip to main content
CMSs Create

Remote Administration & Payloads

pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration
and post-exploitation tool mainly written in python
BYOB (Build Your Own Botnet) - BYOB is an open-source project that provides a framework for security
researchers and developers to build and operate a basic botnet to deepen their understanding of the
sophisticated malware that infects millions of devices every year and spawns modern botnets, in order
to improve their ability to develop counter-measures against these threats.
QuasarRAT - Free, Open-Source Remote Administration Tool for Windows
SillyRAT - A Cross Platform multifunctional (Windows/Linux/Mac) RAT.
TheFatRat - TheFatRat is an exploiting tool which compiles a malware with famous payload, and then
the compiled maware can be executed on Linux , Windows , Mac and Android. TheFatRat Provides An
Easy way to create Backdoors and Payload which can bypass most anti-virus.
Powershell RAT - This RAT will help someone during red team engagements to backdoor any Windows
machines. It tracks the user activity using screen capture and sends the information to an attacker as an
e-mail attachment.
Remcos - Remcos is a lightweight, fast and highly customizable Remote Administration Tool with a wide
array of functionalities.

CTI

OpenCTI - an open source platform allowing organizations to manage their cyber threat intelligence
knowledge and observables. It has been created in order to structure, store, organize and visualize
technical and non-technical information about cyber threats.

Red Team

Antivirus Evasion - Various Antivirus evasion tools

UACMe - Defeating Windows User Account Control by abusing built-in Windows AutoElevate
backdoor.
Genesis Scripting Engine (gscript) - framework to rapidly implement custom droppers for all three
major operating systems
SlackPirate - This is a tool developed in Python which uses the native Slack APIs to extract 'interesting'
information from a Slack workspace given an access token.
Empire - Empire 3.0 is a PowerShell and Python 3.x post-exploitation framework.
https://github.com/RoseSecurity/Red-Teaming-TTPs
seatbelt - Seatbelt is a C# project that performs a number of security oriented host-survey "safety
checks" relevant from both offensive and defensive security perspectives.
Impacket - Impacket is a collection of Python classes for working with network protocols. Impacket is
focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-
3 and MSRPC) the protocol implementation itself.
Sliver - Sliver is an open source cross-platform adversary emulation/red team framework, it can be used
by organizations of all sizes to perform security testing. Sliver's implants support C2 over Mutual TLS
(mTLS), WireGuard, HTTP(S), and DNS and are dynamically compiled with per-binary asymmetric
encryption keys.

https://www.reddit.com/r/hacking/wiki/index/ 21/28
2025/2/19 上午11:13 hacking: security in practice

Maldocs
Skip to main content
Create
MacroPack - is a tool used to automatize obfuscation and generation of retro formats such as MS
Office documents or VBS like format. It also handles various shortcuts formats. This tool can be used for
red teaming, pentests, demos, and social engineering assessments. MacroPack will simplify antimalware
solutions bypass and automatize the process from vb source to final Office document or other payload
type.

Phishing

Gophish - Open-Source Phishing Toolkit

SocialFish - Educational Phishing Tool & Information Collector
Evilginx2 - Standalone man-in-the-middle attack framework used for phishing login credentials along
with session cookies, allowing for the bypass of 2-factor authentication
Modlishka - Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and
interesting approach of handling browser-based HTTP traffic flow, which allows to transparently proxy
multi-domain destination traffic, both TLS and non-TLS, over a single domain, without a requirement of
installing any additional certificate on the client. What does this exactly mean? In short, it simply has a
lot of potential, that can be used in many use case scenarios.
BlackPhish - Super lightweight with many features and blazing fast speeds.
The Social Engineer Toolkit (SET) - The Social-Engineer Toolkit is an open-source penetration testing
framework designed for social engineering. SET has a number of custom attack vectors that allow you
to make a believable attack quickly.
Muraena - Muraena is an almost-transparent reverse proxy aimed at automating phishing and post-
phishing activities.

Routers

RouterSploit - The RouterSploit Framework is an open-source exploitation framework dedicated to

embedded devices.

Wifi

Fluxion - MITM WPA attack toolset

howmanypeoplearearound - Count the number of people around you 👨‍👨‍👦 by monitoring wifi signals 📡
Wifiphisher - The Rogue Access Point Framework
wifite2 - Rewrite of the popular wireless network auditor, "wifite"
wifijammer - Continuously jam all wifi clients and access points within range. The effectiveness of this
script is constrained by your wireless card. Alfa cards seem to effectively jam within about a block
radius with heavy access point saturation. Granularity is given in the options for more effective
targeting.
hashcatch - Capture handshakes of nearby WiFi networks automatically
pwnagotchi - Pwnagotchi is an A2C-based “AI” powered by bettercap and running on a Raspberry Pi
Zero W that learns from its surrounding WiFi environment in order to maximize the crackable WPA key
material it captures (either through passive sniffing or by performing deauthentication and association
attacks). This material is collected on disk as PCAP files containing any form of handshake supported by
hashcat, including full and half WPA handshakes as well as PMKIDs.
bettercap - The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM
attacks.

https://www.reddit.com/r/hacking/wiki/index/ 22/28
2025/2/19 上午11:13 hacking: security in practice

Wifipumpkin3 - wifipumpkin3 is powerful framework for rogue access point attack, written in Python,
Skip to main content
that allow and offer to security researchers, red teamers and reverse engineers to Create
mount a wireless
network to conduct a man-in-the-middle attack.

Shells

RevShells - Online Reverse Shell generator with Local Storage functionality, URI & Base64 Encoding,
MSFVenom Generator, and Raw Mode. Great for CTFs.
ShellPop
Reverse Shell Cheat Sheet
PHP Webshells - Common PHP shells is a collection of PHP webshells that you may need for your
penetration testing (PT) cases or in a CTF challenge.
Webshells - This is a webshell collection project. This project covers various common scripts such as:
asp, aspx, php, jsp, pl, py
Lazypariah - A tool for generating reverse shell payloads on the fly

Internet of Things

Cotopaxi - Set of tools for security testing of Internet of Things devices using protocols: AMQP, CoAP,
DTLS, HTCPCP, mDNS, MQTT, MQTT-SN, QUIC, RTSP, SSDP.

Ransomware

Demonware - Ransomware, made for a demo on ransomware awareness and how easy it is to do.
Encrypt every file in your Home and send the key to a remote server.

Misc.

LaZagne - The LaZagne project is an open source application used to retrieve lots of passwords stored
on a local computer. Each software stores its passwords using different techniques (plaintext, APIs,
custom algorithms, databases, etc.). This tool has been developed for the purpose of finding these
passwords for the most commonly-used software
Lazy script
Sonar.js - A framework for identifying and launching exploits against internal network hosts. Works via
WebRTC IP enumeration, WebSocket host scanning, and external resource fingerprinting.
GTFOBins - is a curated list of Unix binaries that can be used to bypass local security restrictions in
misconfigured systems.
bedevil / bdvl - Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)

Organizations
The Tor Project
Electronic Frontier Foundation
TOOOL - The Open Organisation Of Lockpickers

Operating Systems

Privacy

https://www.reddit.com/r/hacking/wiki/index/ 23/28
2025/2/19 上午11:13 hacking: security in practice

Tails - The Amnesic Incognito Live System. Tails is a live system that aims to preserve your privacy and
Skip to main content
anonymity. It helps you to use the Internet anonymously and circumvent censorship Create
almost anywhere
you go and on any computer but leaving no trace unless you ask it to explicitly.
Whonix - A High Security Method of Surfing the Internet. Whonix is a desktop operating system
designed for advanced security and privacy.
QubesOS - Qubes is a security-oriented, free and open-source operating system for personal
computers that allows you to securely compartmentalize your digital life.

Pentesting

Kali Linux - /r/KaliLinux - a Debian-derived Linux distribution designed for digital forensics and
penetration testing.
Parrot OS - /r/ParrotOS - a Linux distribution based on Debian with a focus on computer security. It is
designed for penetration testing, vulnerability assessment and mitigation, computer forensics and
anonymous web browsing.
BlackArch - an Arch Linux-based penetration testing distribution for penetration testers and security
researchers.

Hosting

Debian - The Universal Operating System

FreeBSD - FreeBSD is an operating system used to power modern servers, desktops, and embedded
platforms.
Ubuntu - Ubuntu is an open source software operating system that runs from the desktop, to the
cloud, to all your internet connected things.
Fedora - Fedora creates an innovative, free, and open source platform for hardware, clouds, and
containers that enables software developers and community members to build tailored solutions for
their users.
CentOS - a Linux distribution that provides a free, enterprise-class, community-supported computing
platform functionally compatible with its upstream source, Red Hat Enterprise Linux (RHEL).
Windows Server 2019

Android

LineageOS - /r/lineageos - A free and open-source operating system for various devices, based on the
Android mobile platform.
GrapheneOS - /r/GrapheneOS - GrapheneOS is a privacy and security focused mobile OS with Android
app compatibility.

Misc.

Mint - Linux Mint is an elegant, easy to use, up to date and comfortable GNU/Linux desktop
distribution.
Rasberrian - Raspbian is a free operating system based on Debian optimized for the Raspberry Pi
hardware.

RSS Feeds
Credit to u/PM_ME_YOUR_SHELLCODE

https://www.reddit.com/r/hacking/wiki/index/ 24/28
2025/2/19 上午11:13 hacking: security in practice

Technical Blogs
Skip to main content
Create
nedwill’s security blog - https://nedwill.github.io/blog/feed.xml (https://nedwill.github.io/blog/)
Realmode Labs - Medium - https://medium.com/feed/realmodelabs
(https://medium.com/realmodelabs)
Hanno's blog - https://blog.hboeck.de/feeds/index.rss2 (https://blog.hboeck.de/)
Active Directory Security - https://adsecurity.org/?feed=rss2 (https://adsecurity.org)
Mogozobo - https://www.mogozobo.com/?feed=rss2 (https://www.mogozobo.com)
Jump ESP, jump! - https://jumpespjump.blogspot.com/feeds/posts/default
(https://jumpespjump.blogspot.com/)
Carnal0wnage & Attack Research Blog - http://carnal0wnage.attackresearch.com/feeds/posts/default
(http://carnal0wnage.attackresearch.com/)
gynvael.coldwind//vx.log (pl) - http://feeds.feedburner.com/GynvaelColdwindPL
(https://gynvael.coldwind.pl/)
Raelize - https://raelize.com/posts/index.xml (https://raelize.com/posts/)
DigiNinja - https://digi.ninja/rss.xml (https://digi.ninja/rss.xml)
enigma0x3 - https://enigma0x3.net/feed/ (https://enigma0x3.net)
Randy Westergren - https://randywestergren.com/feed/ (https://randywestergren.com)
ZeroSec - Adventures In Information Security - https://blog.zsec.uk/rss/ (https://blog.zsec.uk/)
Max Justicz - https://justi.cz/feed.xml (https://justi.cz)
Blog of Osanda - https://osandamalith.com/feed/ (https://osandamalith.com)
ADD / XOR / ROL - http://addxorrol.blogspot.com/feeds/posts/default (http://addxorrol.blogspot.com/)
Intercept the planet! - https://intercepter-ng.blogspot.com/feeds/posts/default (https://intercepter-
ng.blogspot.com/)
The Exploit Laboratory - https://blog.exploitlab.net/feeds/posts/default (https://blog.exploitlab.net/)
Linux Audit - https://linux-audit.com/feed/ (https://linux-audit.com)
markitzeroday.com - https://markitzeroday.com/feed.xml (https://markitzeroday.com/)
The Human Machine Interface - https://h0mbre.github.io/feed.xml (https://h0mbre.github.io/)
Trail of Bits Blog - https://blog.trailofbits.com/feed/ (https://blog.trailofbits.com)
F-Secure Labs - https://labs.f-secure.com/blog/rss.xml (https://labs.f-secure.com/blog/)
Exodus Intelligence - https://blog.exodusintel.com/feed/ (https://blog.exodusintel.com)
Diary of a reverse-engineer - https://doar-e.github.io/feeds/rss.xml (https://doar-e.github.io/)
Sean Heelan's Blog - https://sean.heelan.io/feed/ (https://sean.heelan.io)
Alex Chapman's Blog - https://ajxchapman.github.io/feed.xml (https://ajxchapman.github.io/)
MKSB(en) - https://mksben.l0.cm/feeds/posts/default?alt=rss (https://mksben.l0.cm/)
pi3 blog - http://blog.pi3.com.pl/?feed=rss2 (http://blog.pi3.com.pl)
Mozilla Attack & Defense - https://blog.mozilla.org/attack-and-defense/feed/
(https://blog.mozilla.org/attack-and-defense)
Doyensec's Blog - https://blog.doyensec.com/atom.xml (https://blog.doyensec.com//)
TRIOX - https://trioxsecurity.com/feed/ (https://trioxsecurity.com)
secret club - https://secret.club/feed.xml (https://secret.club/)
Va_start's Vulnerability Research - https://blog.vastart.dev/feeds/posts/default
(https://blog.whtaguy.com/)

https://www.reddit.com/r/hacking/wiki/index/ 25/28
2025/2/19 上午11:13 hacking: security in practice

Revers.engineering - https://revers.engineering/feed/ (https://revers.engineering)

Skip to main content
Create
phoenhex team - https://phoenhex.re/feed.xml (https://phoenhex.re/)
Rhino Security Labs - https://rhinosecuritylabs.com/feed/ (https://rhinosecuritylabs.com)
Zero Day Initiative - Blog - https://www.zerodayinitiative.com/blog?format=rss
(https://www.thezdi.com/blog/)
BlackArrow - https://www.blackarrow.net/feed/ (https://www.blackarrow.net)
PortSwigger Research - https://portswigger.net/research/rss (https://portswigger.net/research)
Praetorian Security Blog - https://www.praetorian.com/blog/rss.xml (https://www.praetorian.com)
research.securitum.com - https://research.securitum.com/feed/ (https://research.securitum.com)
Project Zero - http://googleprojectzero.blogspot.com/feeds/posts/default
(https://googleprojectzero.blogspot.com/)
Corelan Team - https://www.corelan.be/index.php/feed/ (https://www.corelan.be)
NCC Group Research - https://research.nccgroup.com/feed/ (https://research.nccgroup.com)
Zeta-Two.com - https://zeta-two.com/feed.xml (https://zeta-two.com/)
Grsecurity Blog RSS Feed - https://grsecurity.net/blog.rss (https://www.grsecurity.net/blog.rss)
Positive Technologies - learn and secure -
http://feeds.feedburner.com/positiveTechnologiesResearchLab (http://blog.ptsecurity.com/)
Alexander Popov - https://a13xp0p0v.github.io/feed.xml (https://a13xp0p0v.github.io/)
Windows Internals Blog - https://windows-internals.com/feed/ (https://windows-internals.com)
Tyranid's Lair (James Foreshaw) - https://www.tiraniddo.dev/feeds/posts/default
(https://www.tiraniddo.dev/)

Less Technical Blogs

anti-virus rants - http://feeds.feedburner.com/Anti-virusRants (http://anti-virus-rants.blogspot.com/)

Secureworks Blog - https://www.secureworks.com/rss?feed=blog (https://www.secureworks.com/blog)
Microsoft Security Response Center - https://msrc-blog.microsoft.com/feed/ (https://msrc-
blog.microsoft.com)
ColbaltStrike Blog - https://blog.cobaltstrike.com/feed/ (https://blog.cobaltstrike.com)
CERT Blogs - https://insights.sei.cmu.edu/cert/atom.xml (https://insights.sei.cmu.edu/cert/)
xorl %eax, %eax - https://xorl.wordpress.com/feed/ (https://xorl.wordpress.com)
TRUESEC Blog - https://blog.truesec.com/feed/ (https://blog.truesec.com)
The Daily Swig - https://portswigger.net/daily-swig/rss (https://portswigger.net/daily-swig)
(IN)SECURE Magazine Notifications RSS - http://feeds.feedburner.com/insecuremagazine
(http://www.insecuremag.com)
Unit42 - http://feeds.feedburner.com/Unit42 (https://unit42.paloaltonetworks.com)
r2c website - https://r2c.dev/rss.xml (https://r2c.dev)
BREAKDEV - https://feeds.feedburner.com/breakdev (https://breakdev.org/)
Deeplinks - https://www.eff.org/rss/updates.xml (https://www.eff.org/rss/updates.xml)
SANS Internet Storm Center, InfoCON: green - https://isc.sans.edu/rssfeed_full.xml (https://isc.sans.edu)
NotSoSecure - https://notsosecure.com/feed/ (https://notsosecure.com)
TrustedSec - https://www.trustedsec.com/feed/ (https://www.trustedsec.com)
Microsoft Security - https://www.microsoft.com/security/blog/feed/
(https://www.microsoft.com/security/blog)

https://www.reddit.com/r/hacking/wiki/index/ 26/28
2025/2/19 上午11:13 hacking: security in practice

Zimperium Mobile Security Blog - https://blog.zimperium.com/feed/ (https://blog.zimperium.com)

Skip to main content
Create
Bugcrowd - https://www.bugcrowd.com/feed/ (https://www.bugcrowd.com)
codeblog - https://outflux.net/blog/feed/ (https://outflux.net/blog)
Google Online Security Blog - https://security.googleblog.com/feeds/posts/default
(http://security.googleblog.com/)
Mozilla Security Blog - https://blog.mozilla.org/security/feed/ (https://blog.mozilla.org/security)
HackerOne - https://www.hackerone.com/blog.rss (https://www.hackerone.com/)
Rendition Infosec - https://blog.renditioninfosec.com/feed/ (https://blog.renditioninfosec.com)
Check Point Research - https://research.checkpoint.com/feed/ (https://research.checkpoint.com)
Offensive Security - https://www.offensive-security.com/feed/ (https://www.offensive-security.com)
Rapid7 Blog - https://blog.rapid7.com/rss/ (https://blog.rapid7.com/)

Social

newest submissions : ExploitDev - https://www.reddit.com/r/exploitdev/new.rss

(https://www.reddit.com/r/exploitdev/new)
disclose.io - Latest topics - https://community.disclose.io/latest.rss
(https://community.disclose.io/latest)
newest submissions : netsec - https://www.reddit.com/r/netsec/new.rss
(https://www.reddit.com/r/netsec/new)
newest submissions : websecurityresearch - https://www.reddit.com/r/websecurityresearch/new.rss
(https://www.reddit.com/r/websecurityresearch/new)
newest submissions : ReverseEngineering - https://www.reddit.com/r/ReverseEngineering/new.rss
(https://www.reddit.com/r/ReverseEngineering/new)
newest submissions : lowlevel - https://www.reddit.com/r/lowlevel/new.rss
(https://www.reddit.com/r/lowlevel/new)

News

Wired - Security Latest - https://www.wired.com/feed/category/security/latest/rss

(https://www.wired.com/category/security/latest)
News ≈ Packet Storm - https://rss.packetstormsecurity.com/news/ (https://packetstormsecurity.com/)
Naked Security - https://nakedsecurity.sophos.com/feed (https://nakedsecurity.sophos.com)
The Hacker News - http://www.thehackernews.com/feeds/posts/default (https://thehackernews.com/)
ZDNet - Security - http://www.zdnet.com/topic/security/rss.xml (https://www.zdnet.com/)
Ars Technica - http://feeds.arstechnica.com/arstechnica/index/ (https://arstechnica.com)
Threatpost | The first stop for security news - http://threatpost.com/feed/ (https://threatpost.com)
Krebs on Security - http://krebsonsecurity.com/feed/atom/ (https://krebsonsecurity.com)
Dark Reading: - http://www.darkreading.com/rss_simple.asp (https://www.darkreading.com)
BleepingComputer - http://www.bleepingcomputer.com/feed/ (https://www.bleepingcomputer.com/)

Research

arXiv Crypto and Security Papers - http://export.arxiv.org/api/query?

search_query=cat:cs.CR&sortBy=submittedDate&sortOrder=descending&max_results=50
IACR Transactions on Cryptographic Hardware and Embedded Systems -
https://tches.iacr.org/index.php/TCHES/gateway/plugin/WebFeedGatewayPlugin/atom
https://www.reddit.com/r/hacking/wiki/index/ 27/28
2025/2/19 上午11:13 hacking: security in practice

(https://tches.iacr.org/index.php/TCHES)
Create
Full Disclosure - http://seclists.org/rss/fulldisclosure.rss (http://seclists.org/#fulldisclosure)
Files ≈ Packet Storm - https://rss.packetstormsecurity.com/files/ (https://packetstormsecurity.com/)

Related Subs
Hacking Malware & RE Security Misc.

/r/HowToHack /r/malware /r/netsec /r/pwned

/r/blackhat /r/ReverseEngineering /r/security /r/privacy

/r/asknetsec /r/computerforensics /r/infosec /r/Piracy

/r/lockpicking /r/REMath /r/websec /r/Tor

/r/defcon /r/rootkit /r/physec /r/onions

/r/SocialEngineering /r/LinuxMalware /r/opsec /r/cyberpunk

/r/xss /r/Antivirus /r/OperationsSecurity /r/ActLikeYouBelong

/r/antiforensics /r/memoryforensics - /r/i2p

/r/CarHacking/ - - -

Tech Jobs Learning Crypto

/r/sysadmin /r/ITCareerQuestions /r/CompTIA /r/crypto

/r/linuxadmin /r/sysadminjobs /r/netsecstudents /r/cryptography

/r/devops - - /r/encryption

/r/K12Sysadmin - - /r/gpgpractice

/r/HigherEDsysadmin - - /r/codes

/r/programming /r/workreform - -

- - - -

- - - -

Last revised by intelw1zard 20 days ago

https://www.reddit.com/r/hacking/wiki/index/ 28/28