▲ 0 r/hacking
I made a 909.49 ZiB file (1,073,736,273,126,278.38 GB, in other words: about 1.2 quadrillion GB) file. I was bored :)
reddit.com
u/Jaded_Shame5989 — 13 hours ago
r/hacking
▲ 0 r/hacking
bypass internet restrictions
firstly I have no experience in any of this.
my school recently banned the use of artificial intelligence on the wifi, and it’s taking a toll on the way I study. I used to use it to educate me on problems that I wanted to learn how to solve (since in study periods there’s no teachers available). No headphones, so can’t even efficiently watch a video either.
They also blocked VPNs, and i’ve asked many times to make an exception but they won’t budge. I know the guest wifi doesn’t have these restrictions but I can’t get the password to that because students aren’t allowed to use it.
Anybody have any suggestions? the sooner I can get this resolved the sooner I can get back to studying at my best
u/SnooMemesjellies8516 — 16 hours ago
▲ 33 r/hacking
cpu backdoor
Are there any known cases of people being caught because of intel ME or amd PSP? Because I find it hard to believe that if it was really being used as a backdoor since 2008 we wouldn't have been able to figure out at least one arrest caused by it
u/zeroperks — 1 day ago
▲ 7 r/hacking
Wordlist generator based on WordNet graphs + LLM
Hi all, I built a wordlist-generator that uses a semantic knowledge graph instead of pure string manipulation.
You feed it a list of keywords and it builds a hypernym DAG using WordNet, expands it with LLM-generated hyponyms, scores leaf pairs by semantic similarity (Wu-Palmer), and permutes synonyms to produce the final wordlist. For terms WordNet doesn't know (brand names, games, slang) an LLM iteratively finds a valid hypernym using a Wikipedia summary as context.
The wordlist use case is the obvious one, but honestly the core engine is just a semantic expander: given a few seed words, it grows a contextually coherent vocabulary around them. I can see it being useful for:
- NLP / ML — data augmentation, building domain-sp ecific vocabularies, corpus enrichment
- Ontology / knowledge graphs* quick concept mapping from a small seed set.
Supports OpenAI or local models via llama.cpp.
Code: https://github.com/ivegotanheadache/WonaBee
Curious if anyone sees other uses for this kind of approach and likes it
u/Strange-Dimension675 — 1 day ago
▲ 431 r/hacking
Hackers: What age did you start? Where did you start, especially in practicing your skills?
Asking because I need somewhere to start.
u/anonymous480932843 — 2 days ago
Technical analysis of CVE-2026-34472 in ZTE H188A router firmware
I published a writeup for CVE-2026-34472 affecting the ZTE H188A V6 router.
The vulnerability involves the router’s pre-login setup wizard flow. During firmware analysis, I found that unauthenticated requests could reach logic that exposed sensitive configuration values before a normal authenticated session was established.
ZTE classified the issue as a “customer-specific low-risk requirement,” but MITRE assigned CVE-2026-34472 and the issue is now public.
The post focuses on:
- firmware extraction and analysis
- Lua / CGILua routing behavior
- root-cause analysis
- observed impact
- disclosure timeline
- vendor response
Writeup:
https://minanagehsalalma.github.io/cve-2026-34472-auth-bypass-zte-h188a-router/
u/TheReedemer69 — 1 day ago
I've reverse-engineered the ZDL file format
Hey community,
I’ve built a toolchain for developing custom effects for the MS-70CDR pedal series. At this point, the pedals can basically be treated as an open-source coding platform. Right now I’m porting Chris Johnson’s Airwindows plugins step by step.
“Stereo Chorus” is already up and running, sounding flawless so far.
If you want to contribute ports or simply download and use the FX, check out the GitHub repo:
https://github.com/repeat98/ZoomMultistompZDL
Custom ZDL support will be coming with the Zoom Effect Manager 2.3.3 update.
Spread the word, so we get more developers on board to make more FX.
Also, if you have suggestions for effects you’d like to see, leave them in the comments.
Cheers,
J
u/ReliktFarn98 — 2 days ago
▲ 155 r/hacking
CISA Admin Leaked AWS GovCloud Keys on Github
krebsonsecurity.comu/intelw1zard — 2 days ago
48 saatlik HASBLCTF'26 CTF yarışması
Öncelikle bu konunun bir reklam olmadığını, sadece liseli gençler olarak düzenlediğimiz bu etkinliğin daha fazla kişiye duyurulması amacıyla paylaşıldığını belirtmek isterim.
Kısaca: Biz 4 kişi HASBL CTF adında Jeopardy formatında olacak bir CTF düzenliyoruz, katılım linki en aşağıda mevcuttur.
Peki CTF nedir? CTF yani; Capture The Flag (Bayrağı Yakala), siber güvenlik alanında farklı kategorilerdeki becerilerimizi test etmek ve geliştirmek amacı güden bir yarışma formatıdır. Amacımız kategoriye göre verilen sorudaki açığı bularak cevaba (flag'e) erişmektir:
Kendimizden bahsetmem gerekirse biz sosyal bilimler lisesinde 11. sınıf öğrencisi olan 4 kişiyiz ve birçok CTF'e katıldıktan sonra; "Neden soru yazmayı da denemiyoruz?" dedik ve kendi CTF yarışmamızı yapmak istedik. Elimizden gelenin en iyisini yaparak bir şeyler yaptık işte...
Etkinlik detaylarına geçmek gerekirse:
Kategoriler:
- Web: Açtığınız Instance'da zafiyet bulup flag'e ulaşmak.
- OSINT (Açık Kaynaklı Bilgi/İstihbarat): Soruda verilen foto/video, sosyal medya hesap adı vb. ortamlarda kanıt inceleme ve analiz ederek flag'e ulaşmak.
- Cryptography (Kriptografi): Şifre kırma diyebiliriz basitçe. Kod ve/veya verinin mantığını çözerek şifrelenmiş flag'i okunabilir hale getirerek flag'e ulaşmak.
- Reverse/Reverse Engineering (Tersine Mühendislik): Derlenmiş bir yazılımı yada makine kodunun bazı programları kullanarak nasıl çalıştığını çözüp okunabilir hale getirme ve flag'e ulaşmak.
- Pwn (Zaafiyet/Sömürü): Hedef olarak verilen sistemin güvenlik açıklarını bularak sisteme sızıp yetki yükseltme ve flag'e ulaşmak.
- Forensic (Adli Bilişim): Dijital kanıtların (log, disk görüntüsü, wireshark vb.) inceleyerek flag'e ulaşmak.
Kategorilerin tanımını yaparken ben bile kötü bir şey yapıyormuş hissiyatına kapıldım ama emin olun öyle bir şey yapmıyoruz kesinlikle
Tarih:
- 29 - 30 - 31 Mayıs tarihlerinde 48 saat sürecek.
Platform:
- CTFd altyapısı üzerinden kendi sunucularımızda (Google Cloud) gerçekleşecek.
- CTF Time üzerinden de yarışma duyurusu yaptık ama kabul bekliyoruz, CTF'lerde önemli olduğu için kabul aldığında eklerim buraya.
Kurallar: Kurallar sitemizde yer almakta ama kısaca önemli birkaç kurala değineyim.
- Takımlar en az 1, en fazla 4 kişilik olabilir.
- Flag paylaşımı yapmak yasak.
- Yarışma boyunca write-up yayınlamak yasak.
- Yarışma sürecinde yarışmacıların birbirine saygılı olması ve sportmen olması önem arz etmekte.
Kayıt ve Daha fazla bilgi için:
- Kayıt ve daha fazla bilgi için sitemizi bağlantı kımından ziyaret edebilirsiniz.
- Yarışma sürecince kayıtlar açık olacak ve belirli bir şart olmaksızın isteyen herkes katılabilecek.
- Ödüller daha belli değil (TBA) maalesef..
- Lise düzeyinde kısıtlı süre ve bütçede hazırladığımız bu etkinlikte hata olacaktır ama bunları düzeltmeye ve kendimizi geliştirmeye özen gösteriyoruz.
- Sitede ve yarışma genelinde bir öneriniz, sorunuz olursa; bunları duymakta, cevaplamakta ve geliştirmekten memnuniyet duyarız.
Şimdiden ilgi gösteren herkese ve CuteTopia Sub'ına bu konuyu açamama izin verdiği için teşekkür ederim.
u/Rav3nnd — 2 days ago
Can I do anything cool with this network controller?
Found this network controller in the trash in our laundry room and I was just wondering if there is anything cool or useful I can do with it?
u/eloquentcode — 2 days ago
Ongoing development
Got some pictures from DXL, the main developer, doing the #flipper integration
u/iceman2001 — 1 day ago
Built a full disassembler & decompiler for Reverse Engineering | Free and open source.
I wanted a disassembler that's a single executable, loads instantly, runs everywhere. So I wrote one from scratch.
It's called Hyperion it's made in C++, No runtime dependencies. No installer.
What it actually does: It has a real decompiler, It produces readable pseudo-C for x86/x64 and ARM64.
Formats & architectures:
| Format | Architectures |
|---|---|
| PE (exe, dll, sys) | x86, x64 |
| ELF (so, o, executables) | x86, x64, ARM, ARM64, MIPS, PPC |
| Mach-O (dylib, fat/universal) | x64, ARM64 |
| .NET (managed assemblies) | CIL/IL bytecode |
Scripting:
Embedded Lua 5.4. Drop .lua plugins in a folder. Full API, rename, comment, patch bytes, create functions, navigate, query xrefs. Register custom menu items and hotkeys from scripts.
The numbers:
| Hyperion | IDA Pro | Ghidra | |
|---|---|---|---|
| Download size | <3 MB | ~120 MB | ~500 MB |
| Runtime deps | None | Python, Qt | JVM |
| Price | Free (MIT) | $1,800/yr | Free |
| Startup time | <1s | ~3s | ~15s |
| Binary | Single exe | Installer | Installer |
Platforms: Windows, Linux, macOS (Intel + Apple Silicon).
This will stay open source and free. MIT licensed.
u/Designer_Mind3060 — 3 days ago
Slopinator - a poisoned GitHub repository generator
It's exactly what it sounds like.
Use at your own risk, folks!
u/RNSAFFN — 3 days ago
Looking for where to ask about finding the 55.4 yottabyte zip bomb
This image, I want that zip file, where can I find it?
u/Admirable-Food9942 — 4 days ago
▲ 8 r/hacking
Micro controller safety?
Hey y'all, this might not be the exact right place to ask this so if not just lemme know/ maybe point me in the right direction but I just bought a couple extremely cheap micro controllers (ATmega32U4s) and was just wondering exactly what safety measurements I should take if any when buying/using super cheap micro controllers/picos from places like Ali/Amazon Haul
Should I be plugging them into an offline machine? Is there anything to worry about at all?
Thanks!
u/VictorReal_Monster — 2 days ago
▲ 115 r/hacking
Microsoft Exchange 0-Day Exploit Sparks Emergency Warning — Hackers Are Attacking Unpatched Servers
ibtimes.co.uku/Useful_Tangerine4340 — 3 days ago
▲ 19 r/hacking
Just received an email from shinyhackers about their amtrack hack
I just received an email from shinyhunters about this amtrack hacking (purchased tickets via amtrack once several years ago). The email went directly into my gmail spam folder and I did not open it. Is there anything I should do / be concerned about?
u/witty__username5 — 3 days ago
▲ 25 r/hacking
CVE-2026-34473: Unauthenticated Denial of Service in ZTE Routers affecting 140K+ devices worldwide (17+ models)
u/TheReedemer69 — 3 days ago
▲ 10 r/hacking
I wrote an async scanner that runs about 9x faster than nmap for discovery.
I've been working on a recon tool called Specter to speed up my initial scans on larger scopes. It's written in Python using asyncio to handle concurrent TCP connections.
I benchmarked it against nmap for raw port discovery and it's consistently about 9.4x faster. To be clear, it isn't meant to replace nmap's scripts or OS detection. It's just built to be a lot more efficient at the "find what is open" phase by stripping away the extra weight and focusing on high concurrency.
The tool handles a few different parts of the recon process:
- Subdomain enumeration through passive sources like crt.sh, alienvault, and hackertarget.
- Active bruteforcing if you want to use a wordlist.
- Automatic IP resolution and port scanning for any discovered hosts.
- Scrapes page titles and server headers so you can see what is actually running.
I set up a web version so you can try it out without installing anything: https://scan.x3r0day.me
The full source is on GitHub here: https://github.com/X3r0Day/X3r0Day-Specter
It is free and open source. If you use it for bug bounties or pentesting, let me know how it performs for you. I'm looking for feedback on any bugs or features you think are missing.
u/X3r0DayHQ — 3 days ago