r/Hacking_Tutorials

3,800 internal GitHub repositories. Gone. Not because of some nation-state zero day. Not because of a sophisticated multi-stage intrusion. Because somebody installed a sketchy VS Code extension.

This is the company that hosts the world's code. The platform security teams trust with their most sensitive internal projects. Taken down by the same threat vector we've been warning about since 2023.

TeamPCP has now hit Trivy, Checkmarx, Bitwarden CLI, TanStack and GitHub itself, all in the same year, all through developer tooling. They have a literal worm that automates the whole thing by stealing CI/CD credentials and self propagating through the supply chain. It's not complicated. It's just targeting the one place nobody looks.

And before that GitHub had a critical RCE vuln where any authenticated user could run arbitrary code on their servers with a git push. Like a normal everyday git push.

Hot take: the biggest security liability at most companies right now isn't your infra. It's your developers' laptops and nobody wants to have that conversation because devs push back hard on endpoint controls.

How many extensions do you have installed right now? Do you actually know what half of them do?

reddit.com

u/dondusi — 1 day ago

▲ 162 r/Hacking_Tutorials+5 crossposts

I built a free alternative to Epieos [pip install mailaccess]

Tired of paying $99/month for email OSINT. Built my own.

Checks 800+ platforms, breach exposure, infostealer logs, DNS/WHOIS, the works. But the part I'm actually proud of: instead of dumping a raw hit list, it builds an identity graph and tells you *why* something is high confidence, shared username, same avatar, matching display name across platforms. No other free tool does this.

Exports to STIX 2.1, Maltego, JSON, PDF. Pipeline-ready too.

pip install mailaccess

mailaccess investigate email@example.com

https://github.com/KatrielMoses/MailAccess

fully open source, happy to answer questions.

u/LockInternational893 — 2 days ago

▲ 8 r/Hacking_Tutorials+1 crossposts

Cybersecurity Challenge

My professor gave us a cybersecurity challenge in class. He provided the local IP address of a machine on our school network and said there’s a file containing a password somewhere on the PC. The goal is to learn about enumeration and network security, not to damage anything.

I’m a beginner in cybersecurity and I’d like to know what concepts or tools I should study to approach this kind of challenge in a legal and educational way.

What would be the first steps for reconnaissance and understanding what services are running on the target machine?

reddit.com

u/Johnnasz — 1 day ago

▲ 0 r/Hacking_Tutorials+1 crossposts

Free geometry dash for iPhone

I had an Android phone and I played the game without any problems for free, but now that I bought an iPhone and it asks for money to buy it, I can't get it from Google because my phone doesn't allow installations from Google. How can I unlock it and play the game for free?

u/mitselogloudim — 1 day ago

▲ 0 r/Hacking_Tutorials

Leaked

Can anyone tell me links where I can find leaked military data, maps, classified documents, images, videos?

reddit.com

u/Sweet_Wonder6755 — 2 days ago

▲ 1 r/Hacking_Tutorials

Why is this showing ?Need help!

Hello everyone, I need help on this.

I was following a video of david bombal 'rootless install kali linux on android'

As the tutorial shown ,I installed termux from github ,

Typed the package update command ,wget install nethunter, chmod , and .install nethunter

Then there was a command shown that skip some downloading file I think, didn't took any screen shot so that you guys understand what I was talking about , and then this came I just Typed nh, and nethunter but this error shows.

Currently I am on android 14.

Kindly help me to properly install kali nethunter on my phone rootless.

u/tivreke_28-rifat — 2 days ago

▲ 0 r/Hacking_Tutorials

Need Urgent Help!

Hi everyone, I need urgent help. Someone has been monitoring my screen, and I don't know where to look to fix it. Is there anything I can do to stop this and potentially see the perpetrator's device?

reddit.com

u/AdSalt1979 — 2 days ago

▲ 161 r/Hacking_Tutorials

L0p4Map - Cybersecurity network tool

𝗟𝟬𝗽𝟰𝗠𝗮𝗽 — Network monitoring, real topology visualization & traffic analysis tool with full nmap integration

GitHub: https://github.com/HaxL0p4/L0p4Map

---

𝗪𝗵𝗮𝘁 𝗟𝟬𝗽𝟰𝗠𝗮𝗽 𝗗𝗼𝗲𝘀

>L0p4Map combines high-speed ARP discovery, deep device fingerprinting, full nmap integration, real network topology mapping, and real-time traffic analysis into a single dark professional interface. It scans local networks and custom targets, fingerprints each host via TTL, TCP port probing and raw SNMP queries, classifies devices by role (gateway, router, AP, switch, PC, mobile, VM, Raspberry Pi...), and builds an authentic hierarchical topology graph — not just a pretty star diagram, but a technically accurate representation of how devices are structured, connected and exposed.

---

𝗙𝗲𝗮𝘁𝘂𝗿𝗲𝘀

ARP Network Scan — fast host discovery with local IEEE OUI database lookup
Hostname Resolution — multi-method: reverse DNS, NetBIOS (Windows), mDNS/Avahi (Linux, Mac, IoT)
Device Fingerprinting — TTL-based OS hint, TCP probing on topology-relevant ports (BGP, Winbox, Zebra, SNMP...), raw SNMP sysDescr query without external libraries
Role Detection — each host automatically classified as gateway, router, access point, switch, PC, Apple, mobile, Raspberry Pi or VM — combining vendor, hostname, TTL, open ports and SNMP response
Real Network Topology Graph — hierarchical vis.js graph reflecting the actual network structure: internet → gateway → intermediates (routers/APs/switches) → clients grouped under their parent node. Toggleable between Hierarchical and Force Atlas layouts
Subnet Bounding Boxes — each subnet drawn as a labeled dashed overlay directly on the graph canvas
Typed Edges — three visually distinct link types: uplink, backbone, client link
Full nmap Integration — SYN scan, UDP, OS detection, service version, NSE scripts
Banner Grabbing — HTTP, SMB, FTP, SSH, SSL enumeration
Vulnerability Detection — CVE lookup via vulners, vuln and malware scripts
Attack Surface — per-host view of exposed services, open ports and CVEs with CVSS scoring and direct NVD links; exportable as CSV
Traffic Analyzer — real-time packet capture with per-device stats, protocol coloring, filter bar, double-click to send IP directly to port scan; exportable as CSV
Traceroute — ICMP-based with real-time output
Interface Selection — choose which network interface to scan on
Live Monitoring — auto-refresh the topology graph at configurable intervals (30s / 60s / 120s)
Scan / Graph Export — nmap output to .txt, topology as CSV or PNG
Custom Node Labels — double-click any node on the graph to assign a custom name
Dark Professional UI — built with PyQt6

---

𝙏𝙖𝙧𝙜𝙚𝙩 𝘼𝙪𝙙𝙞𝙚𝙣𝙘𝙚

Security researchers, network administrators, and students learning network reconnaissance. It's an early-stage but functional tool — not yet production-ready, but solid enough for personal labs, CTF environments, and authorized network auditing.

---

𝗖𝗼𝗺𝗽𝗮𝗿𝗶𝘀𝗼𝗻

Nmap is powerful but terminal-based and outputs raw text. Zenmap (the official nmap GUI) is abandoned and outdated. Wireshark focuses on packet capture rather than topology or attack surface analysis. L0p4Map bridges the gap — it doesn't just wrap nmap in a window, it fingerprints every host independently (TTL, ports, SNMP), infers the real network hierarchy, and renders it as an interactive topology graph that shows you the actual structure of the network you're looking at.

𝗡𝗺𝗮𝗽 𝘄𝗮𝘀 𝗯𝗹𝗶𝗻𝗱. 𝗟𝟬𝗽𝟰𝗠𝗮𝗽 𝘀𝗲𝗲𝘀. 👁

u/HaxL0p4 — 3 days ago

▲ 2 r/Hacking_Tutorials

Infos

hi, I'm new to hacking, and I'd like to know a few sites where free platforms to learn

reddit.com

u/jonhack27 — 3 days ago

▲ 0 r/Hacking_Tutorials

Carrier growth

I currently work as a cybersecurity trainer, but I also have strong penetration testing skills and decent malware analysis knowledge.

I have experience with:

Web pentesting API testing Network pentesting. AD pentesting CTFs and labs Malware analysis

As a trainer, I’m worried about long-term technical growth.

Which role should I transition into for better future growth, good salary, and stable job opportunities?

Application Security Engineer DevSecOps Security Engineer Malware Analyst Cloud Security Pentester Threat detection engineer

I’m also from a non-CS background, so I want a role where hands-on skills matter more than degree pedigree.

What would you recommend and why?

reddit.com

u/No-Flatworm-5445 — 3 days ago

▲ 0 r/Hacking_Tutorials

Soy nuevo en reddit

me dan la bienvenida? alguien me explicaria como funciona esto un poco?
tipo que es lo del karma? para que lo usan habitualmente a reddit? a que se dedican? gracias

reddit.com

u/Travisgodd — 2 days ago

▲ 4 r/Hacking_Tutorials+1 crossposts

Kali Linux on Windows 11

to learn Kali linux how it works with commands and all its tool , is Kali linux ( on microsoft store ) a good option , i dont want to fully switch it to linux without being confident?

reddit.com

u/FlakyIndependence888 — 4 days ago

▲ 0 r/Hacking_Tutorials

These people griefed my minecraft server, im just mad because they did a lot of damage, what can I do with this information that can hurt them?

u/Awkward_Performer_99 — 3 days ago

▲ 12 r/Hacking_Tutorials

show me you're favorite nmap scan command.

mine is, sudo nmap -sC -sV -p- (IP)

reddit.com

u/SQLinjectionboiiii — 3 days ago