Information Security

Hacking Forums List

Computer screen with words, 'My only crime is that of curiousity'.

Web hacking forums with ties to confirmed criminal activity don’t often last very long, as was the case for RaidForums, earlier this year. These forums are often a treasure trove for security researchers and are a valuable tool for information security professionals.

Here is a list of both clear web and dark web (Tor) hacking forums available, validated as of 2022-08-13.

Clear Web

Website URLDomain Name
xss.isxss.is
hackforums.nethackforums.net
exploit.inexploit.in
EvilZoneevilzone.org
0x00Sec0x00sec.org
Nulled.tonulled.to
Cracked.iocracked.io
Cracking.orgcracking.org
Leak Forumsleakforums.co
Hacking Father Forumhackingfather.com
Hack Forumzhackforumz.com
$Hackersploit_forum.hackersploit.org
Altenens.isaltenens.is
BugCrowd Forumforum.bugcrowd.com
/r/hackingreddit.com
/r/ethicalhackingreddit.com
Clear Web Hacking Forum List

Dark Web

Website URLDomain Name
Hell Hacking Forumhell2ker5i3xsy6szrl2pulaqo3jhcz6pt7ffdxtuqjqiycvmlkcddqd.onion
Dread Hacking Forumdreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion
DarkWeb Forumsdwforumuugiyderhybcpfxmlmoawgq6z3w6hk45nrnem3p7kwszhybad.onion
Hack Townhacktowns3sba2xavxecm23aoocvzciaxirh3vekg2ovzdjgjxedfvqd.onion
Dark Web Hacking Forum List

Traffic Light Protocol v2.0 Released

Paper reading, "Sharing" coming out of a typewriter.

The Traffic Light Protocol (TLP) is a simple schema to facilitate effective communication and information sharing when it comes to sensitive information. The Traffic Light Protocol provides simple labeling to indicate the sharing boundaries for information recipients. The TLP lends its name from the same traffic light system used all over the word, and also adopts the familiar RED, AMBER, GREEN coloring schema to be even more readable.

Information labeling is the responsibility of the information source, and may be shared with one or multiple parties.

Changes between TLP 1.0 and 2.0

New
  • The four TLP labels MUST not contain spaces, and SHOULD be all capitals. (i.e. TLP:RED, TLP:AMBER, TLP:GREEN, TLP:CLEAR). The TLP portion of the label must remain in the original form, regardless of language being used.
  • The information source may add additional sharing restrictions above those defined by the TLP. These additional restrictions MUST be adhered to by recipients.
  • TLP now mentions its use in automated information exchange systems, i.e. MISP or IEP. It also provides TLP usage details for automated information exchanges.
  • TLP now provides definitions for Community, Organization, and Clients
Changes
  • The definitions for TLP:RED, TLP:AMBER, TLP:GREEN, and TLP:CLEAR have been redefined. See below.
  • The TLP now suggests the designation of the end of text where the TLP applies.
  • TLP:AMBER now limits information sharing to the participants organization and its clients. Using the label TLP:AMBER+STRICT restricts sharing to the organization only.

TLP Color-Coding (RGB, CMYK, and Hex)

TLPRGB: FontRGB: BackgroundCMYK: FontCMYK: BackgroundHex: FontHex: Background
TLP:RED255 43 430 0 00 83 83 00 0 0 100#FF2B2B#000000
TLP:AMBER255 192 00 0 00 25 100 00 0 0 100#FFC000#000000
TLP:GREEN51 255 00 0 079 0 1 00 00 0 0 100#33FF00#000000
TLP:CLEAR255 255 2550 0 00 0 0 00 0 0 100#FFFFFF#000000
Traffic Light Protocol (TLP) Color-coding

TLP Definitions

TLP Protocolv1.0 Definitionv2.0 Definition
TLP:REDNot for disclosure, restricted to participants only.
Sources may use TLP:RED when information cannot be effectively acted upon by additional parties, and could lead to impacts on a party’s privacy, reputation, or operations if misused. Recipients may not share TLP:RED information with any parties outside of the specific exchange, meeting, or conversation in which it was originally disclosed. In the context of a meeting, for example, TLP:RED information is limited to those present at the meeting. In most circumstances, TLP:RED should be exchanged verbally or in person.
For the eyes and ears of individual recipients only, no further disclosure. Sources may use TLP:RED when information cannot be effectively acted upon without significant risk for the privacy, reputation, or operations of the organizations involved. Recipients may therefore not share TLP:RED information with anyone else. In the context of a meeting, for example, TLP:RED information is limited to those present at the meeting.
TLP:AMBERLimited disclosure, restricted to participants’ organizations.
Sources may use TLP:AMBER when information requires support to be effectively acted upon, yet carries risks to privacy, reputation, or operations if shared outside of the organizations involved. Recipients may only share TLP:AMBER information with members of their own organization, and with clients or customers who need to know the information to protect themselves or prevent further harm. Sources are at liberty to specify additional intended limits of the sharing: these must be adhered to.
Limited disclosure, recipients can only spread this on a need-to-know basis within their organization and its clients. Note that TLP:AMBER+STRICT restricts sharing to the organization only. Sources may use TLP:AMBER when information requires support to be effectively acted upon, yet carries risk to privacy, reputation, or operations if shared outside of the organizations involved. Recipients may share TLP:AMBER information with members of their own organization and its clients, but only on a need-to-know basis to protect their organization and its clients and prevent further harm. Note: if the source wants to restrict sharing to the organization only, they must specify TLP:AMBER+STRICT.
TLP:GREENLimited disclosure, restricted to the community.
Sources may use TLP:GREEN when information is useful for the awareness of all participating organizations as well as with peers within the broader community or sector. Recipients may share TLP:GREEN information with peers and partner organizations within their sector or community, but not via publicly accessible channels. Information in this category can be circulated widely within a particular community. TLP:GREEN information may not released outside of the community.
Limited disclosure, recipients can spread this within their community. Sources may use TLP:GREEN when information is useful to increase awareness within their wider community. Recipients may share TLP:GREEN information with peers and partner organizations within their community, but not via publicly accessible channels. TLP:GREEN information may not be shared outside of the community. Note: when “community” is not defined, assume the cybersecurity/defense community.
TLP:CLEARDisclosure is not limited.
Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.
Recipients can spread this to the world, there is no limit on disclosure. Sources may use TLP:CLEAR when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:CLEAR information may be shared without restriction.
Traffic Light Protocol (TLP) v1.0 and v2.0 definitions

References

1. https://www.first.org/tlp/
2. https://www.rfc-editor.org/rfc/rfc2119.html