Knowledge base · h4ckers.info
h4ckers.info — Learn to break things, so you can build them stronger.
A free, no-nonsense reference for security learners and capture-the-flag players. Curated tactics, a searchable glossary, and structured guides across five disciplines — written by practitioners, for the field.
Recon, in practice
Every engagement starts the same way: enumerate, then narrow. Here's a two-command opener — map the services, then fuzz for what shouldn't be there.
analyst@h4ckers:~/ctf$ nmap -sV --top-ports 100 target.lab
Starting scan...
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.9
80/tcp open http nginx 1.24.0
443/tcp open ssl/http nginx 1.24.0
analyst@h4ckers:~/ctf$ ffuf -u https://target.lab/FUZZ -w words.txt
/admin [Status: 302]
/.git [Status: 200] # jackpot
analyst@h4ckers:~/ctf$ _▋What this is
No fluff, no autoplay video, no paywall — just the working knowledge you reach for mid-challenge, organized the way you actually think.
- 33+
- Glossary terms
- 5
- Skill tracks
- 100%
- Free & offline
- 0
- Trackers
- Structured by discipline. Five clean tracks, each with a mental model, curated tactics, and the tools pros run.
- Instant glossary search. A live client-side filter over every term — type a few letters, zero round trips.
- Ethics built in. Every technique is framed for authorized testing and defense.
- Offline by design. No CDNs, no third-party fonts, no telemetry — loads cold on a flight or in an air-gapped lab.
Five disciplines, one model
Pick a lane or rotate through all of them. Each track answers the same question: where does trust break, and how do you prove it?
- Web ExploitationwebThe browser is the largest attack surface on earth.4 curated tactics
- CryptographycryptoDon't roll your own. Learn to break those who did.4 curated tactics
- Binary ExploitationpwnMemory is a promise the program can't always keep.4 curated tactics
- Digital ForensicsforensicsEvery action leaves a trace. Learn to read them.4 curated tactics
- Recon & OSINTreconThe quiet phase that wins the loud ones.4 curated tactics
Forget what %n does at 2am?
The searchable glossary defines the acronyms and attacks you meet in every challenge — with a concrete example for each. Filter the entire list live, right in your browser.
One rule above all
Everything here is for systems you own or are explicitly authorized to test. Security knowledge is a tool — point it at the right targets. Practice on the legal labs we link, report what you find responsibly, and leave every system better than you found it.
Read the ethics primer