Home
HBH is a non-profit community designed to inform and teach web developers, system administrators and everyone else in between the various methods and tactics used by malicious hackers to access systems and sensitive information. With our hand-on style you will learn the methods and the steps you need to take to protect yourself, from our forum, articles and our simulated security challenges. Learn how hackers break in, and how to keep them out.
Latest Features:
Latest Challenges:
| Forum | Thread | Views | Replies | Last Post |
|---|---|---|---|---|
| Basic | Basic 1 | 63608 | 19 |  Futility |
| Basic | Basic 3 | 138173 | 10 |  rex_mundi |
| Bugs | Can't change email address | 54852 | 3 |  Mordak |
| Javascript | Javascript 5 | 20948 | 2 | rex_mundi |
| Questions | SQL injection | 14965 | 6 | rex_mundi |
| Timed Challenges | CSRF TOKEN???!!!! | 41404 | 4 | rex_mundi |
| Basic | Basic 9 completion | 68482 | 7 |  clapsclaps |
| Off Topic | EnigmaGroup | 172531 | 14 | YounesWinter |
: : HBH Blog : :
I just wanted to give everyone a quick update on the development of version 3.0.0 and my plan for the next few months. Around two weeks ago, we published our first three timed challenges for the community to complete, with a further four currently being tested. We have also pushed a number of fixes to some background systems for monitoring, logging and performance to production. For version 3.0.0 we have completed the following systems:
This year has been the best year for HBH in terms of visits, new members, longer session times and more members being active daily. With the work we put in last year on the core system for HBH Version 2.0.0 we have been able to fix issues faster than ever before and allowed us to push and build challenges faster. For this year we have had 209 commits, 127 issues that have been fixed, 32 versions tagged in GitHub and 8 of those versions tagged and released to production. We also have several challenges in testing by staff ready to be moved to private beta with members in the new year.
We are currently putting the finish touches to the next version of HBH 2.0.16 which is a small update to the site. However, we are also working on HBH version 3.0.0 which will be a huge update to HBH and all our challenges. We will post more information about HBH version 3.0.0 closer to the time of release, however we can say here that no point will be reset!
This is a just a short post to welcome you all to the new version and to let you know that we are aware of an issue with the challenges where Lorem Ipsum text is being displayed instead of the correct content for the challenges and hints. Were currently working on resolving the issue and should have it resolved shortly.
I'm pleased to announce that the new version of HBH will be going live at the end of August, with maintenance taking place this weekend (14th August) in preparation for the new version the follow week. The new version of HBH is a full rebuild of HBH with very few new features as the main focus for this new version is a solid base system for us and to keeping as much of the old database content as possible. This has limited features and changes that we wanted to make however once the new version is live, we can move quickly and upgrade or replace big parts of the database letting us add features and clean up some of the hacks which are in place currently.
We have pushed some fixes out to some of the broken challenges. Real7 is now back online! Please check the status page before asking if a challenge is down. We will have some big news about HBH coming soon, If you want to help out with beta testing this big news please let rex_mundi know so we can add you to the list. Any EM members are already on the list :) If you have questions about this big news feel free to post them in the following thread. ~ Mordak
Today we implemented Forward Secrecy in order to improve the security and privacy of HBH. Forward Secrecy "should" make it "impossible" to eavesdrop on data being transmitted from your browser to HBH's servers. We also have Strict Transport Security enabled. You can check the report on our SSL here. The SSL report is provided by Qualys SSL Labs Also we have updated PHP so a few page may be offline, if you find any please report them here. We have also updated the Development page so you can all see what we are working on and things we would like to do. Feel free to post your thoughts on the current projects. Also we have updated the Change Log to reflect these changes. Points for Creating Challenges & Points for Hall of Fame entries have been returned to the accounts that lost them.
Since the points reset, We have had a lot of complaints about administrators being in the top ten on the rankings page. The current Admin staff have been here for a while and had already completed the challenges BUT to keep everyone happy, Administrators will no longer be included in the points rankings and will be unranked in their profiles. On another note Real 15 IS up and running fine. UPDATE: Real 9 an 10 are also now back up. korg
All Members Read This! There has been a few changes to HBH over the past few weeks. Here are a list of changes and some reason why: We have removed the old database tables and reset the points. This is due to old and corrupted accounts and no way for other members to get on the score board, Points cannot and will not be reinstated. We have also removed user accounts that haven\'t logged in in over a year. We have two new staff members Euforia33 & rex_mundi they have been a great help to HBH over the years! We also have improved the forum and replaced some old code which should make things faster. Thanks HBH Staff
Due to the recent upgrade in the PHP on the server, Some pages may not display properly and a few challenges will be offline. Basic 26, Real 7, 9 Will be Offline till I get them recoded. Realistic 17 is back up and running. On the other hand, The Application page is completely redone to make it easier to submit your answers. I\'m going to upload a few new challenges to keep everyone occupied while I work on the site. Any bugs you see please submit them, Any Vulnerabilities Pm me them directly. UPDATE: Application 17 by 4rm4g3dd0n released today. UPDATED UPDATE: Stegano 25, 26 and 27 by Euforia33 released also! UPDATED UPDATE UPDATE: Mordak has bought HBH a proper SSL Cert. UPDATED UPDATED UPDATE UPDATE: HBH Change log is now active. korg
: : Tech News : :
Privacy campaigners have called for independent oversight of police use of car hacking software after two thirds of forces refused to disclose whether they possess the technology - despite acknowledging increased reliance on the technique.
Massive MediSecure Hack Exposes Data Of 12.9 Million Australians
In yet another massive breach, attackers stole sensitive information of millions of people using the phone monitoring app.
New Downfall vulnerability targets the Gather Instruction in Intel chips,
Famed hacker and KnowBe4 part-owner Kevin Mitnick dies following cancer battle.
Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through Firewalls
Personal emails linked to 235 million Twitter accounts hacked some time ago have been exposed according to Israeli security researcher Alon Gal — making millions vulnerable to having their accounts compromised or identities exposed if they have used the site anonymously to criticize oppressive governments, for instance
Phishing / Social Engineering / Trojan RAT