Dark web forums (DWF) allow members to discuss illegal activity freely. Meanwhile, dark web hacking forums are a place where hackers share malicious code, data dumps, and TTPs.
The discussion in forums is usually about small scams and cheap fraud techniques to make a quick buck. However, they can still provide an excellent intelligence source for cybersecurity enthusiasts.
Hacking forums are here to stay. Even if a forum gets taken down by law enforcement, a new one usually emerges soon after under a new name.
Here are the top five hacking forums on the dark web that cybersecurity enthusiasts should know about:
Breached is the successor of the now-defunct Raidforums. The forum has thousands of active users and is known for having the largest trading, sharing, and selling of compromised data. It contains a variety of threat actors, the vast majority of whom are script kiddies (unsophisticated threat actors).
In the “Databases” section of the forum, you can find 80 datasets containing over 1 billion records. If you want to avoid having your data end up on a dark web forum like Breached, use zero-knowledge-encrypted cloud storage to store and back up your data.
Being a forum member is free, making it easy to track the latest developments. However, there is a premium subscription that may contain valuable intelligence on possible attacks. This is typical for most hacking forums.
XSS is a Russian-speaking forum considered one of the most popular and highly professional hacking forums on the dark web. It was created to share exploits, vulnerabilities, and malware. Most of the topics on the forum cover hacking and financial fraud. It’s one of the oldest hacking sites dating back to at least 2013. It relaunched in 2018 after one of its administrators was arrested in 2017.
The forum is an excellent source for learning the latest techniques cyber criminals are using. Despite being in Russian, you can use Google Translate to see what’s happening in the threads. Many famous ransomware gangs, such as REvil and DarkSide, have used the forum to enlist new partners into their operations. This led XSS admins to ban all ransomware discussions from the forum in 2021.
The exploit is another almost exclusively Russian-speaking forum. It is more high-scale than most other forums as it includes discussions from sophisticated threat actors, some of which are nation-states. Although discussion threads may reveal some plans and techniques, due to the sensitivity of the information, most communication between hacker groups takes place in encrypted group chats.
The forum was established in 2005, making it one of the most long-running hacking forums. Unlike the previous two forums, Exploit.in isn’t free, as it costs $100 to join and access its contents. It’s important to remember not to get involved in any discussion on the forum, as it may get you into legal trouble. It’s best to stick to reading and learning.
Exploit.in also has a marketplace selling VPN, initial access, and other tools, making it a favorite for ransomware attacks.
If you’re familiar with Reddit, you’ll have no trouble navigating through Dread – the Reddit of the dark web hacking world. Like the mainstream website, Dread has topics on hacking, including how-to guides, data leaks, and everything in between. Consider investing in a password manager to avoid exposing your credentials to a site like Dread.
Another unique thing Dread has over other forums is the ability to create sub-communities. One community that may be useful to cyber enthusiasts is /d/onions, a great source of onion links, including other hacker forums.
Between everything you find on the site, you can get a pretty good idea of the latest techniques hackers are trying. To enter the site, you only need to complete a quick CAPTCHA.
Although mainly used for learning, Hackforums is a forum that has facilitated criminal activity in the past. One example is the case of Zachary Shames, selling a keylogger on the site used to steal personal information.
Despite a few exceptions, HF is mainly where a younger audience can learn new techniques and occasionally turn malicious. Since the site is in English, it attracts an international audience. Despite its popularity, it’s not the best source of threat intel since most of its users are non-malicious script kiddies.
Finding other hacking forums
The dark web forums in this article are some of the most popular, but there are still plenty of others. With the rate at which the forums keep getting shut down, you need a reliable way to find the latest and most active hacker forums.
Apart from Dread, some other reliable sources include:
Another great way to discover new forums is to look for links to other websites in discussion threads and comments from the forums mentioned in this article. Users usually cross-link posts from different forums to further their discussion.
The internet is only 0.03% of all internet activity. The other 99.7% belongs to the dark web. The dark web is particularly interesting if you’re a cybersecurity enthusiast. Hackers are very active there, exchanging intel and selling tools. Dark web hacking forums are a great source of threat intelligence, giving insights into hackers’ latest techniques to attack organizations.
Freelancer Michael Franco writes about the serious and silly sides of science and technology for CNET and other pixel and paper pubs. He’s kept his fingers on the keyboard while owning a B&B in Amish country, managing an eco-resort in the Caribbean, sweating in Singapore, and rehydrating (with beer, of course) in Prague. E-mail Michael.