Building a Hacker Community
The importance of building a hacker community
Being back in-person for DEFCON 2022 this August was a meaningful reminder of the importance of the hacker community for knowledge sharing and collaboration.
Everything about DEFCON has a built-in sense of community: from people getting in line for lobbycon to pick up their badges, to the excitement of all the different CTFs organized by villages. It’s also an amazing feeling to see everyone back again, hanging out in their favorite villages and going to talks. The experience reminded me of how much I value hacking culture and the connections I’ve built with other hackers throughout my career.
Growing up, online forums for hackers always acted as an important source of learning for me. Yet, it took me longer to realize the power online hacking communities had for collaboration. As a kid, I read through the forums and bulletin boards like SecurityFocus, Milw0rm, and more, and tried to absorb as much as possible. I didn’t understand these forums as collaborative environments until my late teenage years when I started contributing myself, and building my own community.
My professional life has been dedicated to connecting hackers to each other or enabling virtual networking events that connect hackers with career opportunities. One of the first white hat community hacking events I organized was a Skype group which connected 8-15 of my hacker friends.
The group was the foundation for what would eventually become Bug Bounty forum, a Slack channel I created with Olivier Beg that now has over 1000 members. These earlier projects were a result of my personal drive to be better connected with the hacker community. As I started these initiatives I realized others found the connection beneficial to their own growth and knowledge as well.
The power of community hacking
Like any community, the hacker community helps you to connect with people who are passionate about the same content you are, so you can collaborate on new ideas. There are hackers who have gotten together to create or contribute to already built tools/datasets like nuclei and amass. You can even see hackers collaborating to find vulnerabilities in SaaS products or bug bounty programs. I’ve personally collaborated with brilliant people like ziot and daeken to hack a number of large companies through PDF generators, including Lyf, Snapchat, and more!
The power of hackers working together produces results that affect a broader demographic of internet and end-device users than most people realize. One of my favorite collaborations of all time was with Sam Curry, Brett Buerhaus, Samuel Erb and Tanner Barnes. We spent 3 months working together and hacking on the Apple bug bounty program, and found vulnerabilities that would have allowed attackers to compromise customer and employee applications and control warehouse software, among others. You can read Sam Curry’s in depth blog about the experience, ‘We Hacked Apple for 3 Months!: Here’s What We Found.
The point of joining and contributing to a community of hackers is not only to learn and teach each other, but also to help the industry move forward. Collaborating on techniques that have already been discovered or developing new industry standards is critical to keep up with the ever changing landscape of cybersecurity.
The hacker community at DEFCON
While online hacking communities are powerful spaces for knowledge exchange, the physicality of DEFCON is special because it brings people across the world together. DEFCON appeals to a broad audience, because you get to simply ‘hangout’ with people who have the same niche interests you do.
DEFCON goes a step further by creating sub communities within its own community where individuals with different skills and interests can demonstrate the research they’ve been working on. Personal favorites this year for me included Recon, Red Team, IoT , and AppSec villages. Hacking can be a solitary activity, and DEFCON reminds you that you are part of something larger.
At Hadrian, I’ve been lucky enough to introduce other younger hackers to in-person events like DEFCON. It’s a great feeling to be able to introduce new people to the community, and to help them make a difference in an industry they are passionate about.
A highlight of the week was watching one of our younger hackers, Jasper Insinger, give a talk, ‘Sonic scanning: when fast is not fast enough’, about building high speed DNS brute-forcers. Seeing the research being done by young people in the field truly hits home the constant innovation that is the keystone to hacking.
How to join the hacker community
There are many different hacking communities online, that hackers, both new to the industry or more experienced, can join. Almost every state or country has its own local BSides conference which brings local hackers together.
If you don’t live in a major city you can always try joining a discord or Slack group. Many hackers and content creators, including myself, have a Discord channel, and so do most niche security communities and conferences. Personal favorites include Hacker101, Red Team Village, HackTheBox, and TryHackMe discords.
Overall, the return to in-person DEFCON reminded me just how powerful a tool hackers can be when they collaborate with each other!
Ben Sadeghipour is VP of Community and Research at Hadrian. Ben is known online as @NahamSec as a hacker and content creator. Ben has been working in the industry for over 8 years and is passionate about offensive security, reconnaissance, and helping others get started with ethical hacking. Previous to joining Hadrian, Ben was the Head of Hacker Education at HackerOne, providing educational content and hands-on labs for hackers and bug bounty hunters on Hacker101.
Want to join the Hadrian community and work with hackers like Ben? Hadrian is always looking for new hacking talent. Apply here!