Who we are and what we do
We are a group of international hackers.
We do IT security work. We are not for hire. All of our work is for the public.
We research and publish tools and academic papers to expose fishy IT security that just isn’t secure. We also develop and publish tools to help the IT Security movement.
Active Projects (2020)
- IPv6 attack tool kit
- Cloud based Encrypted File System
- THC’s favourite Tips, Tricks & Hacks / Cheat Sheet
- IT Security and Privacy for the rebellions of the world
Our Greatest Hit’s:
2020 - THC's Cheat Sheet 2019 - Security advise for non-hackers and rebellions of the world 2015 - AFLplusplus, a free and fast software fuzzer 2011 - SSL-DoS, a resource exhaustion attack to take down HTTPS servers 2008 - Tools to copy and forge an ePassport (RFID passport) 2007 - Tools to receive GSM signals and to break and decode A5/1 encryption 2005 - IPv6 attack tools 2004 - Various Microsoft ISS remote exploits 2003 - Amap, world’s first application protocol scanner 2002 - Linux Kernel-level key logger 2000 - Hydra, world’s first parallelised network logon cracker 1999 - First Solaris Kernel Module Root Kit 1998 - Reverse WWW shell as seen on Mr. Robot/TV 1995 - Various phreaking tools and a credit card generator for DOS and Win95 1994 - <redacted>
Beside our public work we engage with some leading IT Security companies to push security into the right and meaningful direction. We have been editor in chief of the phrack magazine and occasionally speakers at conferences. We have contributed to various Internet Standards through our engagement with the Internet Engineering Task Force and other organisations.
The best way to meet us is at one of the IETF meetings or a hacker convention such as HITB or the CCC Congress.
Since 1995 we have had 3 of our members arrested (0 convicted), we have had visits by the BKA (Germany’s FBI) and BND (Germany’s NSA), we were blackmailed by the British GCHQ and harassed and intimidated by many others. We do not see ourselves as criminals. We believe that those who write unsecure software that put citizens at risk should be held liable.