r/Hacking_Tutorials

▲ 106 r/Hacking_Tutorials+8 crossposts

The Seal, Harwich

I was jumped by a group of three men who shouted homophobic slurs at me near their pickup truck outside of The Seal pub in Harwich. Message me if you witnessed the incident or if you have any information.

reddit.com
u/ChadThunderconch — 4 hours ago

necesito encontrar a mi marido

buenas alguien me puede ayudar a localizar a mimarido , lleva mi telefono pero esta apagado el localizador que puedo hacer , algo gratis o por favor la localizacion del telefono esta apagada

reddit.com
u/Strange_Machine_8439 — 17 hours ago
▲ 10 r/Hacking_Tutorials+3 crossposts

Criei uma statusline nativa pro Claude Code mostrar tokens/custo direto no terminal (Windows/PowerShell, sem extensão)

Depois de me perder tentando controlar quantos tokens eu tava gastando no Claude Code, descobri que ele já tem um recurso nativo chamado **statusline** — uma barra que fica embaixo de onde você digita, mostrando o que você quiser (modelo, tokens, custo, etc).

O problema é que todo exemplo que encontrei era em bash, e no Windows/PowerShell (inclusive no terminal integrado do VS Code) dava um monte de erro de parser. Então resolvi escrever uma versão em PowerShell puro, sem precisar instalar nada extra.

Resultado:

```
[Sonnet] ##-------- 25% | tokens in:15000 out:3000 | custo: $0.12
Plano | sessao 5h: 4% (reinicia 17:40) | semana: 20% (reinicia qui 13:00)

```
A primeira linha é o context window daquela conversa. A segunda linha mostra os **limites de uso do plano** (os mesmos que aparecem no app do Claude no PC) — a janela de sessão de 5h e a janela semanal, cada uma com % usado e horário de reset (só pra assinantes Pro/Max, vem do campo `rate_limits` que o Claude Code expõe).

**Como funciona:** o Claude Code manda um JSON com os dados da sessão via stdin pra um script que você configura, e o que o script imprimir aparece na tela. Tudo local, sem chamada de API extra, sem custo adicional.

Deixei tudo documentado passo a passo no repositório (clonar, copiar o script pra `~/.claude/`, editar o `settings.json` — com um trecho de PowerShell que faz isso sem sobrescrever suas outras configurações, tipo plugins e tema).

🔗 Repo: https://github.com/waine-r/claude-token-statusline

Se alguém quiser adaptar pra bash/Mac/Linux ou melhorar o script, PRs são bem-vindos.

u/Asgard_x2 — 20 hours ago

How do I learn offensive security from an attacker's perspective?

I'm interested in cybersecurity, mainly blue teaming (SOC/DFIR), but I strongly believe that understanding how attackers think is essential to becoming a better defender.

I don't mean using these skills illegally. I want to learn offensive security, adversary techniques, exploitation, privilege escalation, persistence, evasion, malware analysis, and post-exploitation in legal lab environments so I can improve my detection and incident response skills.

For those who've gone down this path:

Are there books or courses that teach how real attackers operate?

How deep should I go into exploit development or malware development if my end goal is blue team/DFIR?

What mistakes do beginners usually make?

I'd appreciate any roadmap or resources from people who have experience in both offensive and defensive security.

reddit.com
u/marlinspikee — 22 hours ago

How do you ensure a website is locked down tight? Seeking advice!

Hey folks,

I'm diving into web security and trying to get a grip on ensuring a website is secure from common vulnerabilities. I want to make sure there aren't any APIs exposed or API keys left in the code that users can easily access.

What are some best practices or tools you use to double-check these areas? Are there any reliable methods or checks you can recommend to catch things that are often overlooked?

Appreciate any guidance or resources you can share! Thanks!

reddit.com
u/SearchTricky7875 — 1 day ago

how do I start learning hacking from zero?

Hey, I’m 19 and in college. I’m really interested in hacking but have literally no idea where to start. Can anyone give me a proper roadmap from absolute basics? Like what should I learn first and what skills are actually needed?

reddit.com
u/LowGood2828 — 21 hours ago

Using apps without subscriptions

I’ve been wondering if there’s a certain way I can use an app that requires subscription without paying, the broke chud, keep in mind that I use an iOS.

reddit.com
u/lwkirlmarie — 1 day ago

Can any genius tell me how to I become a genius hacker!

its my dream to became a pro hacker but i think any pro hacker need pro knowledge and I don't know where to find so anybody help me plz.

reddit.com

Course for Linux security

hi every body

i have been working in cybersecurity field for over a year and i have being studying linux for some time. can any body suggest courses on :
Linux internals (like windows internals course)
Linux security
Linux hardening

reddit.com
u/Clean_Ad7689 — 2 days ago
▲ 45 r/Hacking_Tutorials+5 crossposts

Got an AI agent past a Cloudflare WAF by giving it a RAG over past bypass research

Sharing a workflow that worked for me. The retrieval layer involved is my own project, so mentioning that upfront.

Setup: I was testing an XSS on a target behind Cloudflare, and every payload I tried was getting blocked by the WAF.

This time, instead of manually digging through old writeups, I gave my agent access to a retrieval layer built on top of a corpus of web security research (Preview RAG). The agent queries it in plain language, gets back actual writeups with sources attached, and uses that context to generate and test payload variants. One of those variants eventually got through and the XSS fired.

I'm not claiming the bypass itself is novel. It may already exist in a public writeup somewhere. What mattered to me was the workflow: the agent wasn't limited to whatever happened to be inside its training data. It could pull in relevant prior research and iterate from there.

That's the main reason I built this in the first place. Models have a training cutoff, but WAF evasion evolves quickly. Public bypasses get patched, new techniques appear, and the most useful information is usually the newest information. A retrieval layer helps bridge that gap.

The corpus is updated regularly and exposed over MCP, so it can be connected to any model with minimal setup, including smaller open-weight models.

Current limitations: it's strongest on client-side topics right now—XSS, WAF evasion, CSP, CORS, SSRF, request smuggling, and similar areas. Server-side coverage is improving, but still thinner, and it definitely won't have an answer for every problem.

Happy to share more about the setup. I'm honestly more interested in where this approach fails than where it succeeds. If you've experimented with agent-driven WAF bypassing and ran into hard limits, I'd love to hear about them.

u/Substantial_Kick4689 — 2 days ago

i want to learn hacking from basics

im a 14 year old child i want to learn ethical hacking dor my intrest but i dont know where to start from if anyone intreseted to guide me full road map pls say in comment

reddit.com
u/Spirited_Emphasis108 — 2 days ago

BBF a script that made Bluetooth jamming much cheaper and much more effective, without even jamming

Bluetooth jammers are a joke. The cheap ones ($150+) barely work, and the "professional" ones ($2,000+) just blast noise blindly across 79 channels 1,600 times a second. They're unreliable, often illegal to even own, and a complete waste of money.

I built BBF, a free and open source tool that doesn't jam at all. It discovers the hidden part of a Bluetooth device's address, then continuously floods that address with pings until the target disconnects or shuts down. Even after a reset, the script keeps running, so the device gets hit again immediately. And the whole time, the tool never hops a single channel. It doesn't need to.

The catch: to sniff unknown addresses out of the air, you need an Ubertooth One ($120, one time). That's it. No $500 SDR rig, no lab gear. Find the LAP and UAP once, and you have the key to keep DOSing that device forever, without touching the Ubertooth again.

Why it's better than any jammer:

Jammers: blind noise, expensive, unreliable, legally questionable just to own.

BBF: finds the address (Ubertooth + a 256 ping sweep), then a standard l2ping pages the device on its own hopping pattern. You never touch a channel. Deterministic, cheap, effective.

If this sounds useful, a star on the repo goes a long way ⭐

github.com
u/Trick-Resolve-6085 — 4 days ago

Can I get a best hacker

I got hacked so they reset everything I don't know what I must do and I need that account so I need best hacker guys please help me I want revenge they will pay

reddit.com
u/SouthernRate2706 — 3 days ago
▲ 141 r/Hacking_Tutorials+1 crossposts

FSK/OOK based layer-2 protocol reverse engineering

Lately I've been trying to recove the key fob protocol of my bmw 320d 2005 car till I discovered that the key fob operates on 868.35mhz with what is called Frequency Shift Keying to lock/unlock or trunk, everytime I capture something using the RTL sdr with gqrx on Kali I get different signals for pressing same button which indicates that this is not a trivial On Off Keying but some proprietary protocol is being implemented, from the amplitude to time plot I can clearly see the preamble alternating bits then a fixed and indow of bits across all button pressings which suggests some sort of an identifier.

Any one has experience on such project feel free to leave a comment.

Or if u know some sort of tip that helps me recover the binary representation of the msg being transmitted you are welcomed.

u/Sufficient-Pair-1856 — 4 days ago

Saturday Hacker Day - What are you hacking this week?

Weekly forum post: Let's discuss current projects, concepts, questions and collaborations. In other words, what are you hacking this week?

reddit.com
u/happytrailz1938 — 3 days ago

Your personal learning methods

Undoubtedly, every hacker or anyone interested in this field has their own personal learning methods at the beginning, and that piqued my curiosity to learn about them. I hope you will share your methods or how you started.

reddit.com
u/AdventurousSound5806 — 4 days ago

cybersecurity study group

Hey everyone,

I'm looking for a cybersecurity study buddy who's serious about learning and improving together. I'm currently studying cybersecurity and working through topics step by step with hands-on practice.

Some of the areas I'm learning include:

  • Networking fundamentals
  • Linux & Windows
  • Python scripting
  • OSINT & Reconnaissance
  • Web application security
  • Buffer overflows & exploit development
  • Metasploit
  • Active Directory & Windows privilege escalation (planning to learn more)

My goal isn't just to watch tutorials—I'd like to:

  • Learn together regularly
  • Solve CTFs and Hack The Box/TryHackMe labs
  • Share notes and resources
  • Practice troubleshooting and explaining concepts to each other
  • Stay accountable and motivated

I'm in the IST (UTC+5:30) time zone, but I'm happy to work with people from other time zones as long as we can find a suitable schedule.

If you're genuinely interested in learning consistently (whether you're a beginner or slightly more experienced), leave a comment or send me a DM. Let's improve our skills together.

reddit.com
u/hostsaratosff — 5 days ago