So, what happened?
Hiya! I can’t speak much towards the new domain/revamped experience (that’s on Mordak and the other admins), but I can say that I, too, am disappointed in the lack of interaction here. For what it’s worth, the forum was pretty dead before the name change as well, and it seems like the admins are spending all their time fixing the stuff that was broken when they inherited the server and less building the community, which is certainly a difficult choice to have to make. What I can say is that I’ve created a new series of challenges that I’m hoping will be difficult/engaging enough to reignite that part of the forum and I am working on a series of articles/tutorials that I’m hoping can jumpstart some more technical depth. I also think there’s difficulty knowing what is “worth” posting- all the current threads are either really basic “Hey I need help” -> “hey check your DMs” interactions, which are… not great. This leads to a not-great sense of community where people might have questions but are afraid to ask, or they don’t even realize questions are “allowed” to be asked. I don’t really know what the solutions is, only that I should be spending more effort trying to “fix it” and will hopefully do so in the future. Maybe an HBH-branded CTF team to help new members grow and more experienced members interact? Maybe a monthly “deep-dive” on a communally-interesting topic? Hard to say, but we certainly need help (and no, not just in my DMs).
I’m actually unfamiliar with cryptBB, so that was a pretty fun hole to fall into for a bit. Anyway, I think it might be disingenuous to speak for the entirety of “people nowadays” without putting in some sort of qualifiers. Personally, I think there are many ways to skin a cat potato(?), and while one method might work best for someone, that doesn’t mean that it’s automatically the way everyone should be doing it. I’ll say that the challenges here now aren’t necessarily the way they’re going to be forever, and will hopefully be augmented and improved over time. While the devs currently seem to be focusing on back-end cleanup, they have been hinting towards some large user-facing changes on the horizon, and I, personally, believe them. New challenges, labs, articles, tutorials (academy), etc. It’s just taking time to ensure the foundation is secure before moving too far forward.
So I suppose it all really depends on you- are you happy with the ones you’ve already solved? Are you willing to wait for new challenges? Are you interested in building new ones yourself? Can you more concretely describe what you’d like to see? Nothing can be everything for everyone, and I think that’s fair and okay, but hbh appears to be in a place where it can grow to be something for a lot of people. But it needs those people to come out and help direct its efforts if it’s going to be as successful as it can be.
As for the .onion
… eh.
We don’t have a .onion domain and we don’t currently have any plans to have one. If the feature request you submitted gets a large amount of up votes then we will looking into a .onion domain.
We do allow Tor traffic into our network and the labs network so the site is still usable with Tor you just lose the “anonymity”.
I will push back a small amount on your last point. I think all the posts trying to “contact people who develop and sell malware or leaks” is actually a huge minus. These (the searchers) are not people I’m interested in interacting with and can really clog up a board with inane requests rather than thought-out questions or useful information. Also, and more importantly, the fundamentals of “hacking” aren’t illegal and shouldn’t be treated as such. Pushing the learning of these skills to a hidden “darknet” only makes them seem more arcane and taboo, rather than the perfectly reasonable problem-solving skills that they are. Any core skills you want to learn can be learned on the “normal” internet, and this learning should not be stigmatized.
@Futility ‘s point has hit the nail on the head. We not a darknet site and that type of content won’t be here ever, if you want that type of content then unfortunately this isn’t the site for you.
As for the other sites you have mentioned, they are paid site basiclly you get some feature for free but have to pay to get more access, we are free and will always be free! The other sites are also companies with full time PAID staff, HBH has always been a group of unpaid people wanting to share knowledge freely, openly and provide activites to learn how hackers break in and how to protect your own systems. These activites will become clearer over the next few months with the Labs coming online and the update to challenges.
All I can say to the other points is keep an eye on the site for the changes, the new features and new content.
@chronosalfa, I am sad that we have to have this conversation but I knew it would come up and it’s not you personally that I write this response (entirely). I would like to first say, Welcome Back! I am sorry that the site isn’t up to par….yet. We are working hard to do what we can to make it happen but as others have already pointed out, we are a free community organization. The community is what has, currently, and forever will be the driving force of this site and its content. I would like to place a thought for you to ponder: Are you here to impress your friends? Or, are you here to learn? Answer that quietly to yourself, and I ask you to truly think about that question. From this point on, we are working on trying to make this a positive space for people to learn without the need to ‘pay to learn’, fear of being look down upon, or picked on. That is being offered elsewhere. I have been on the sites you have mention (except for cryptBB, so thank you for sharing) and personally love HTB myself. I wish them all the best and I currently tend to hop on those sites to get a fresh perspective and I encourage others to do so as well. I am sad to continuously see conversations that mention about ‘the darknet’ and “well I can buy-sell this malicious code”. I mean this in the most professional way, write code yourself! And being on the ‘Darknet’ is really positioning yourself. Code is not malicious, the intent behind it is. Code is just code. It is not alive to think for itself. The intent behind the usage is what confines it to be malicious. For example: Recording Keystrokes - Key Logger or a recording application that displays your keystrokes on screen. Same code, just the intent is different. Another thing I wish I could change is the constant ‘White Hat’, ‘Black Hat’, and ‘Gray/Grey Hat’ terminology usage. It’s overused and I personally think is complete cheese. I rather teach about intent.
I would like to also mention that if you are thinking about becoming a security analyst, then that I would like to hand out some free advice, you can take or leave it, ……..Get Certified. Rarely are you going to be hired in any professional field claiming that you learned all your skills online as a ‘hacker’. You will lose their trust (patience, and attention) before you finished your sentence. You want to know how to get through firewalls? Read up on how they work. Setup your own network. Get a certification to work for company to see how it’s done in the real world. The ‘hackers’ out there are professionals that, you guessed it, hack on the side. Not to contradict the purpose of this site, but I am going to, what if you want to know the latest and greatest tools and methods and look here to find it? Then you will have to wait a bit before someone shares that information. The latest and greatest tools that are out there (online) are being offered for sale or even free if you look hard enough (freeware). Do a google search, pick several, compare and find they all do the same thing. But, do you know how to use these tools? Do you know how and why these methods work? And bringing it back, this is what the purpose for this site is for. The mission for this site is to offer information that is free and shared by its’ community that will hopefully spark a new generation or reach to our existing ones in being more secure when on online. If this site has helped you, helping you, or made you pursue of career in info-sec, then considered giving back. You seem you have more knowledge then the average or new comer so we welcome your input to help improve this site. Remember this is a place that should help encourage others to learn.
I hope that whom ever reads this post, sees it for what it is and doesn’t look too deep into the message I wish to share. I am just offering a response to hopefully clarify our intent.
You are reading too deep into the message. Remember this post is read by others on this site not just the few who are part taking in the conversation. You were addressed in the post and I made it clear that what I wrote was to reach out to the community who choose to read this thread to ensure that we are working on trying to turn this site around to a more positive nature. Your initial posts came off as you wanted to know more about the sites’ changes. Your progression in this thread has shown that you feel that you know better and wish to express where other sites are excelling and that this site is not up to par with ‘your’ standards. If you wish to contribute, we welcome all who wish to. If not, then I ask that you kindly to use the site as you see fit, or move onto another one that suits your needs. I wish you the best in your learning journey.
I believe we are getting off on the wrong foot here, you are assuming that I am attacking you. I am not. I am merely responding to what I have read and if that you take it the wrong way, then I cannot help that. You are free to feel the way you want. I believe we all see community differently, hence why there are multiple communities that exist. You stated I assumed, yet you have done so, therefore this thread is out of context. And if with that I would like to offer that we bring it back to your original post inquiry: “So what happened”
The “what has happened” was addressed: In short, we inherited an old site that was already exhausted and at the time, the community didn’t want to lose what they worked hard on. The site interaction has been dying over the years and we do not want to see it die. We are trying to keep as much as we can, but honestly most of the content is old. There is a lot of work that has been done, being done, and still to be done. Most of this is behind the scenes as we try to clear up the policies and politics of this site to offer you and others free information as much as possible. We are working on this on our spare time.
I have seen that you made some code bank submissions and currently there is a bug that is only showing us one submission for all. This bug was corrected and will be pushed tonight. I will review the code and approve accordingly. You are assuming that we haven’t seen or approved it based on your own theories. I personally have not seen, doesn’t mean you haven’t, no attempt to reach out and ask why it hasn’t been approved.
Again, I would like to state that I am not trying to attack you, you are feel to speak you mind.
@chronosalfa As you have been told your code will be reviewed by staff when we can. This thread is being locked as its going no where.