惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Security Archives - TechRepublic
Security Archives - TechRepublic
Project Zero
Project Zero
K
Kaspersky official blog
G
Google Developers Blog
T
Threat Research - Cisco Blogs
T
The Blog of Author Tim Ferriss
Cyberwarzone
Cyberwarzone
Y
Y Combinator Blog
Recorded Future
Recorded Future
Blog — PlanetScale
Blog — PlanetScale
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Cisco Talos Blog
Cisco Talos Blog
Latest news
Latest news
Microsoft Security Blog
Microsoft Security Blog
H
Help Net Security
S
Schneier on Security
P
Palo Alto Networks Blog
H
Hacker News: Front Page
N
News and Events Feed by Topic
N
Netflix TechBlog - Medium
博客园 - Franky
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
SecWiki News
SecWiki News
Cloudbric
Cloudbric
TaoSecurity Blog
TaoSecurity Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
The Hacker News
The Hacker News
C
Check Point Blog
L
LangChain Blog
腾讯CDC
小众软件
小众软件
T
Tenable Blog
Google DeepMind News
Google DeepMind News
GbyAI
GbyAI
L
LINUX DO - 最新话题
A
About on SuperTechFans
Google Online Security Blog
Google Online Security Blog
C
Cisco Blogs
Recent Announcements
Recent Announcements
Hacker News: Ask HN
Hacker News: Ask HN
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Vercel News
Vercel News
雷峰网
雷峰网
美团技术团队
D
DataBreaches.Net
Martin Fowler
Martin Fowler
Help Net Security
Help Net Security
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
F
Full Disclosure
博客园_首页

Hacker News

Introducing Claude Opus 4.7 Qwen Studio The Future of Everything is Lies, I Guess: Where Do We Go From Here? GitHub - SeanFDZ/macmind: Single-layer transformer in HyperTalk for the classic Macintosh Show HN: Agent-cache – Multi-tier LLM/tool/session caching for Valkey and Redis Moving a large-scale metrics pipeline from StatsD to OpenTelemetry / Prometheus GitHub - Nightmare-Eclipse/RedSun: The Red Sun vulnerability repository GitHub - SethPyle376/hiraeth: Local AWS emulator focused on fast integration testing, with SQS support, SQLite-backed state, and a debug-friendly web UI. GitHub - macOS26/Agent: Any AI, replaces Claude Code, Cursor, OpenClaw. Over 18 LLM providers (Claude, OpenAI, Gemini, Ollama, Zai, HF, Qwen) wired into a native Mac app that writes code, builds Xcode projects, bumps versions, manages git, automates Safari, use AppleScript, JS or Accessibility, extend Agent! w/ MCP Servers, run tasks from your iPhone via Messages. YouTube now lets you turn off Shorts I Made a Terminal Pager Burgers | マクドナルド公式 Commands — HackerNews CLI documentation ChatGPT for Excel PiCore - Raspberry Pi Port of Tiny Core Linux Live Nation illegally monopolized ticketing market, jury finds Google Broke Its Promise to Me. Now ICE Has My Data. Founding Engineer at Adaptional | Y Combinator CRISPR takes important step toward silencing Down syndrome’s extra chromosome GitHub - saffron-health/libretto: The AI toolkit for building reliable browser automations US v. Heppner (S.D.N.Y. 2026) no attorney-client privilege for AI chats [pdf] Unexpected €54k billing spike in 13 hours: Firebase browser key without API restrictions used for Gemini requests Retrofitting JIT Compilers into C Interpreters IPv6 – Google The Accursèd Alphabetical Clock Cybersecurity Looks Like Proof of Work Now Fragments: April 14 Cal.com Goes Closed Source: Why AI Security Is Forcing Our Decision | Cal.com - Scheduling Software for Online Bookings Laravel raised money and now injects ads directly into your agent When moving fast, talking is the first thing to break Too much Discussion of the XOR swap trick – Heather Cafe Introduction to Spherical Harmonics for Graphics Programmers The Grand Line Building a Z-Machine in the worst possible language High-Level Rust: Getting 80% of the Benefits with 20% of the Pain GitHub - duguyue100/midnight-captain: Inspired by Midnight Commander, tailored to my taste. How to build a `git diff` driver · Jamie Tanna | Software Engineer Center for Responsible, Decentralized Intelligence at Berkeley The Local Universe’s Expansion Rate Is Clearer Than Ever, but Still Doesn’t Add Up - A new synthesis of astronomical measurements confirms a persistent mismatch that could point to physics beyond current models The air throughout our homes is infused with microplastics. But there are things you can do to breathe less of them The disturbing white paper Red Hat is trying to erase from the internet – OSnews The Future of Everything is Lies, I Guess: Annoyances ‘Abhorrent’: the inside story of the Polymarket gamblers betting millions on war Productive procrastination — Max van IJsselmuiden maps, territory and LMs 447 Terabytes per Square Centimetre at Zero Retention Energy: Non-Volatile Memory at the Atomic Scale on Fluorographane Show HN: Pardonned.com – A searchable database of US Pardons 20 Years on AWS and Never Not My Job The Seasons are Wrong Artemis II crew splashes down near San Diego after historic moon mission We gave an AI a 3 year retail lease in SF and asked it to make a profit | Andon Labs How a dancer with ALS used brainwaves to perform live On filing the corners off my MacBooks Installing every* Firefox extension OpenClaw’s memory is unreliable, and you don’t know when it will break Steve Blank Nowhere Is Safe Chimpanzees in Uganda locked in vicious 'civil war', say researchers watgo - a WebAssembly Toolkit for Go linux/Documentation/process/coding-assistants.rst at master · torvalds/linux GitHub - callumlocke/json-formatter: Makes JSON easy to read. Founding Product Engineer at Bild AI | Y Combinator A compelling title that is cryptic enough to get you to take action on it GitHub - Keychron/Keychron-Keyboards-Hardware-Design: Industrial design files for Keychron keyboards and mice. 100+ models with CAD assets in STEP, DXF, DWG, and PDF. Source-available, with commercial use allowed for original compatible accessories within the license terms. [ANNOUNCE] WireGuardNT v0.11 and WireGuard for Windows v0.6 Released 1D-Chess Helium Is Hard to Replace Cooperative Vectors Introduction | Evolve Keeping a Postgres queue healthy — PlanetScale Our response to the Axios developer tool compromise Do Americans read print books, e-books or audiobooks more? The Zettelkasten Method in Obsidian: A Practical Setup Guide Artemis II Is Competency Porn and We Are Starving For It WeakC4 Flight Viz — Cockpit View A Mexican surveillance giant you’ve never heard of is now watching the U.S. border Surelock: Deadlock-Free Mutexes for Rust RISC-V 101 – what is it and what does it mean for Canonical? | Ubuntu The Problem That Built an Industry How Much Linear Memory Access Is Enough? | Solidean Investigating Split Locks on x86-64 Simplest hash functions Sybilproof reputation mechanisms (2005) [pdf] What is a property? How Complex is my Code? Static code analysis in Kotlin — tools overview Toffoli gates are all you need PGLite evangelism dcmake: a new CMake debugger UI Clojure on Fennel part one: Persistent Data Structures Fragments: April 2 Python Release Python install manager 26.1 The Life and Death of the Book Review - Liberties Introducing Database Traffic Control — PlanetScale Bitcoin miners are losing $19,000 on every BTC produced as difficulty drops 7.8% God sleeps in the minerals Building slogbox Apple Silicon and Virtual Machines: Beating the 2 VM Limit Who was “Not Even Wrong” first? Pokemon Evolution Vs Darwinian Evolution The APL Programming Language Source Code
Back in my day we hacked with style: a sentimental tour of late 1990s and early 2000s tools
2026-05-14 · via Hacker News

Gather around, children. Put down your Rust-compiled eBPF probes, your Sigma rules, your billion-dollar EDR consoles. Sit on this pile of old floppy disks and let me tell you a story. A story of a time when a 56k modem was a weapon of mass destruction, when your entire operational infrastructure was a Windows 98 machine with a sticky residue on the keyboard, and when the most sophisticated command-and-control channel available to you was a chat room full of teenagers arguing about Linkin Park.

Ai miei tempi, we hacked with character.

cover

The golden age of the RAT

It all started, more or less, in 1998, when a group called Cult of the Dead Cow released something called Back Orifice at DEF CON. The name was a deliberate pun on Microsoft BackOffice, juvenile, precise, and entirely on brand for a group that understood that naming things well was half the battle. It was a Remote Administration Tool that let you control a Windows 95/98 machine remotely: browse files, capture screens, log keystrokes, redirect ports. It ran silently. It required no particular expertise to deploy. And it weighed less than 100KB.

The security establishment predictably lost its mind. Microsoft called it malware. Cult of the Dead Cow called it a demonstration of Windows security failures. Both were right.

Then came Back Orifice 2000, or BO2K, presented at DEF CON in July 1999, released as open source, extensible through plugins, and capable of encrypted communications. At the time, it was more feature-rich than most legitimate remote administration tools on the market.

That same year, NetBus was already circulating. Created in 1998 by a Swedish programmer named Carl-Fredrik Neikter, it shared Back Orifice’s basic premise, silent remote control of Windows machines, but came with a GUI clean enough to feel almost respectable. NetBus became notorious partly because it was used to plant child pornography on a law professor’s computer in Sweden, a case that dragged the tool into actual criminal courts and forced everyone involved to get considerably more serious about what “remote administration” implied. The professor was acquitted. The episode was a preview of legal and ethical discussions that would take another decade to mature into anything resembling policy.

But neither Back Orifice nor NetBus was the most widely deployed RAT of that era. That distinction belongs to Sub7, or SubSeven, written in Delphi by a Romanian teenager who went by the name mobman and first released in February 1999. By 2000 it was everywhere. It had a polished GUI. It had an address book to track which victims were currently online. It had a server editor to customise the payload before deployment, borrowing the idea directly from BO2K. It even supported notification via ICQ when a victim came online, which was unusually polished for malware. The exact origin of the name “Sub7” has never been definitively confirmed by mobman, and the various explanations that circulated on forums were mostly folk etymology. What mattered was that it worked, it was free, and it was trivial to configure.

The Swiss Army knives of the basement operator

RATs were the glamorous end of the toolkit. Below them sat a layer of tools that were genuinely useful, sometimes elegant, and in many cases still in active use today—a testament to how slowly the core infrastructure of the internet has evolved.

Nmap, Gordon Lyon’s network scanner, was already present in this era and was quickly becoming the first thing anyone ran against a target. If you had a subnet and five minutes, you knew exactly what was listening. Netcat was the tool that could not die: read from network, write to network, listen on a port, transfer files, create a rudimentary shell. It was called the “TCP/IP Swiss Army knife” so often that the phrase became a cliché, but the cliché was accurate. Both tools are still on every pentester’s machine in 2026.

John the Ripper handled password cracking. Cain & Abel did everything else on Windows: ARP poisoning, password recovery, network sniffing, VoIP interception. dsniff and ettercap covered the sniffing side on Unix. Hping gave you raw TCP/IP packet manipulation. Aircrack, in its early versions, was beginning to make the case that WEP was not so much an encryption protocol as a polite suggestion.

For web-facing targets, there were scanners and exploit packs of varying quality. Most of them worked by cycling through a list of known CGI vulnerabilities that should have been patched months earlier but were not, because patch management in 2001 was “someone’s nephew will look at it eventually.” Whisker, Nikto, and other vulnerability scanners circulated through the same channels as everything else.

The whole ecosystem ran on the implicit assumption that the target had not updated anything since installation, which, to be fair, was usually correct.

IRC: the command center, the social club, and the crime scene

To understand how everything worked, you need to understand IRC, Internet Relay Chat, and specifically what it meant to spend time on EFnet, DALnet, Undernet, and the various smaller networks that clustered around specific interests. IRC was where the scene lived: in channels like #hack, #warez, #sub7, #bo2k, and several others with names too creative to print here.

Sub7’s IRC integration was not accidental. Starting with version 2.1, the trojan’s server component could connect to a specified IRC channel and listen for commands from the operator, responding like a bot. This was elegant, in a slightly horrifying way: your compromised machines were just IRC clients. Your command-and-control infrastructure was a free chat server you did not control and could not be traced to. Law enforcement had to figure out how to subpoena an IRC network before they could begin to understand what they were looking at.

It was the conceptual predecessor of every modern C2 framework that hides inside legitimate cloud services—the architecture, not the technology, was the innovation. The innovation was not technical. It was architectural: use infrastructure that already exists, that already generates traffic, that defenders are not monitoring because they are focused on more obvious attack surfaces. Today’s threat actors do the same thing with Slack, Telegram, and Google Drive. Ai miei tempi, we did it with a chat room called #r00t on EFnet.

Beyond pure operations, IRC was also a social space with its own culture, rituals, and hierarchy. You proved yourself by sharing information, by having access to tools before others did, by being present when something interesting happened. The channels were chaotic, frequently toxic, and also a brutal apprenticeship in network security for anyone who could not afford a conference ticket. Many people who are now respected professionals in DFIR, threat intelligence, and red teaming learned the fundamentals there.

The Italian scene: creative chaos, interrupted

Italy had its own dimension in all of this. Before IRC displaced everything else, the Italian hacker and smanettone community had built itself around BBS (Bulletin Board Systems) running on Fidonet, with a culture that blended technical curiosity, political activism, and a distinctly Mediterranean attitude toward rules.

Then came May 11, 1994.

On that morning, officers from the Guardia di Finanza knocked simultaneously on the doors of system operators across the country, executing warrants as part of what became known as Operation Hardware 1. Acting on a warrant issued by a prosecutor from Pesaro, they raided 119 Fidonet nodes on the suspicion that two individuals were using the network to distribute pirated software. The strategy was simple and brutal: take the entire directory of Fidonet nodes and raid all of them. Two were suspected; the rest would be a collateral problem. The equipment confiscated included modems, floppy disks, CD-ROMs, audio tapes, and in at least one documented case a power strip, apparently seized as “suitable for reproduction of illicit material.”

The effect on the Italian BBS community was devastating. Many sysops simply stopped. Years of informal knowledge-sharing, file archives, and community-building evaporated overnight. It was a technical community dismantled by a legal action that, in legal terms, barely held up to scrutiny. The two people originally suspected were eventually prosecuted. The hundred-and-some collateral casualties received apologies that landed with roughly the force of a handshake.

The Italian Crackdown did not kill the scene. Within months of the raids, networks like CyberNet saw their user numbers grow, partly from people who had discovered that the internet was harder to raid than a BBS at a fixed phone number. By the time IRC became the dominant medium in the late 1990s, Italian hackers and security researchers were back, distributed across international channels, slightly more cautious about where they stored their files, and considerably more articulate about digital rights.

What we learned

The tools of that era look primitive now. Sub7’s GUI resembles a Visual Basic learning exercise. Back Orifice 2000’s plugin architecture was clever for 1999 and would be immediately detected by any modern endpoint protection product. Cain & Abel stopped being maintained in 2014 and runs only on operating systems you should not be running anyway.

But the mental models were not primitive. The idea that you could use a compromised machine as a relay node, that C2 traffic should blend into legitimate traffic, that operators should avoid reusing infrastructure: these were present in the late 1990s toolkit and they are present in every serious threat actor’s playbook today. The people who built Sub7’s IRC bot integration understood operational security better than many enterprise defenders understood it a decade later.

The Italian Crackdown, for all its legal ham-fistedness, produced a generation of practitioners who thought seriously about the relationship between technical communities, legal systems, and civil liberties. Some became journalists. Some became lawyers. Some became incident responders. A few became all three at once.

Ai miei tempi, you learned by doing things you probably should not have done, in channels you definitely should not have been in, with tools you downloaded from sites that are now digital archaeology. And somehow, out of all that chaos, a profession emerged.

You’re welcome.