July 2012 - July 2022

HackFlag.org

Todo List Mobile App Redesign

Summary

HackFlag, a Dutch ethical hackers forum that I created, became the largest hackers community within the Netherlands and Belgium. With nearly 8,000 members and over 100,000 posts, HackFlag stood as a testament to the collective passion and engagement of its dedicated participants. This page aims to shed light on the motivations that sparked this significant project, the challenges I faced and worked through, the persistent passion that fueled my efforts, and the invaluable lessons I obtained from this incredibly enriching experience.

HackFlag also appeared in the press multiple times.

Introduction

L33thackers.nl: HackFlag's predecessor

In 2009, I recognized a significant absence of notable Dutch hackers forums, despite the existence of several popular English counterparts. Curious about this disparity, I questioned fellow Dutch hackers about their thoughts on the matter. Many responded with the belief that previous attempts had been made but failed to gain traction in the Dutch market. However, I remained unconvinced and felt compelled to create a Dutch hackers forum of my own.

Taking matters into my own hands, I embarked on the journey of building a website from scratch. With a team of appointed moderators, we diligently curated and generated content to attract Dutch hackers to our community. Our proactive efforts quickly yielded results as the website gained visibility on search engines, and its popularity soared. In a relatively short span of time, the community grew to over 3,000 members within 1.5 years.

At the time of launching the forum, I was only 17 years old and underestimated the importance of guiding and keeping everyone on the right path. As the community expanded, it naturally attracted individuals with varying intentions, including those involved in criminal activities. Recognizing the potential risks and unwilling to associate the forum with any criminal organization, I made the difficult decision to discontinue the project after 1.5 years. It was crucial to ensure that the website did not deviate from its original purpose and principles.

Despite the forum's closure, its impact was significant. The initiative demonstrated the viability and demand for a Dutch hackers community, as well as the potential for knowledge sharing and collaboration among ethical hackers. It taught me invaluable lessons about the responsibility of managing an online platform and the need for proactive measures to maintain its integrity.

The start of HackFlag

After discontinuing L33thackers.nl, I came to the realization that there was a genuine need in society for an ethical hackers community. I envisioned an educational platform that not only taught hacking skills but also actively motivated individuals to stay on the right path.

With this vision in mind, I embarked on a new venture in 2012 and created HackFlag.org. News of the successor to L33thackers spread rapidly, igniting excitement within the community. The website became instantly active upon its launch and quickly gained visibility on search engines, including Google.

During its 10-year lifespan, HackFlag garnered an impressive membership of nearly 8,000 individuals and facilitated the creation of over 100,000 posts. This achievement solidifies its position as the biggest hackers community in the Netherlands and Belgium. The initial five years were particularly vibrant, with a high level of engagement and interaction. However, as time passed, there was a shift in societal interests, and online forums in general experienced a decline in popularity. Coupled with our evolving priorities, we made the decision to gradually scale back our investments in the project, allowing it to naturally wind down. Nevertheless, the website remains accessible, and occasional user-generated content continues to be posted.

HackFlag.org stands as a testament to the thriving community it once was, fostering ethical hacking education and providing a platform for knowledge exchange. Its impact during its active years was substantial, with countless individuals benefiting from the resources, discussions, and shared expertise. While its activity has diminished over time, the legacy of HackFlag.org remains an integral part of the ethical hacking landscape.

Content

In this image, you'll notice the diverse array of categories available on HackFlag. Users can simply click on any of these categories to access a subforum dedicated to specific topics within that subject.

For new users, navigating the subforums on HackFlag, which include both question-based and tutorial-based topics, can sometimes feel a bit disorganized. To address this, we have developed a dedicated page that provides a comprehensive list of all the tutorials for each category. The image below showcases a glimpse of this list, while the scrollbar on the top right corner indicates the extensive content available on HackFlag. This illustrates the substantial amount of valuable information and resources within the community. In total, we have over 1,100 tutorials written by our community.

One of the most common inquiries from new users on HackFlag is, "Where do I begin?". This question is completely understandable, since people are accustomed to teachers providing guidance on what to learn and the sequential order, similar to how it functions in a school setting. However, on the internet, there isn't a predefined path or someone instructing you on what you "must" learn and in what specific order. This lack of structure can be bewildering. To assist newcomers in navigating this seemingly chaotic realm and our community, we have established an extensive array of topics. These topics serve as a starting point and provide a framework for users to explore and learn within the world of ethical hacking.

Link and Dutch titleEnglish translation
Welkom op HackFlag!Welcome on HackFlag!
De regels & richtlijnenThe rules and guidlines
Veelgestelde vragen (FAQ)Frequently Asked Questions (FAQ)
Waar moet ik beginnen?Where do I start?

In these guiding topics, we seize the opportunity to educate users about the boundaries of ethical hacking and clarify what is considered permissible and impermissible within this realm. We consider it our responsibility to guide them and ensure they stay on the right path.

We also observed that new users are often eager to engage in hands-on activities rather than solely reading extensive content and waiting to be able to ethically apply that knowledge. To address this, we have introduced an immediate starting point to keep them motivated and ignite their thirst for further learning. We developed a fictional school system within our platform, allowing users to practice basic SQL injections by attempting to modify their grades. This topic can be accessed here.
Within this topic, we have incorporated videos for those who prefer an audiovisual experience over reading. These videos are available in Dutch, and here they are:

Community

Due to the vibrant activity of the forum in the past, users spent a significant amount of time engaging with each other on the website on a daily basis. We became an integral part of each other's lives, which naturally sparked a desire to communicate through channels beyond the website. To facilitate this, we introduced a shoutbox where members could chat and created @hackflag.org email addresses that could be used to log in to MSN Messenger. Additionally, we established our own IRC server, which was later replaced by a Discord server. Members also found alternative means of communication, such as Signal, Telegram, or WhatsApp. Some of these groups remain active to this day, even though the website itself is no longer actively visited. As this desire for deeper connections and increased engagement within the community grew, we quickly realized the potential of organizing real-life meetings. Following the success of our initial gathering, it became evident that regular meetups were essential. Here are some pictures from these memorable occasions:


This picture from 2012 captures a moment where, as the administrator at the age of 20, I was being lifted up in celebration of my role within the community.

Our community consisted of members spanning various age groups. In this particular picture, you can see members as young as 11 years old, for whom we ensured parental permission before their participation. I am positioned as the person on the far left in this image.

At the museum.

In this picture, the cartoon ghost was cleverly edited in by one of our members as a joke. It symbolizes the presence of another member named "Ghost", who joined the group after the photo was taken.

Although our community predominantly comprised boys and men, our community was more diverse than that. Promoting a more diverse and inclusive audience, particularly encouraging the participation of women in the field of cybersecurity, was a significant focus for us. Therefore, we actively made efforts to ensure their inclusion and involvement within our community.

Examples of activities I organized are:

  • Bowling
  • Lasergaming
  • Eating together
  • Drinking together
  • BBQing
  • Game night
  • Going to event together, such as Campus Party NL and Queensday
  • A weekend in Belgium, full of fun activities
  • Educational meetings featuring members who prepared Powerpoint presentations. The presentations were live streamed through our website to ensure widespread accessibility for everyone to benefit from the knowledge shared

During our meetings and activities, we recognized our responsibility to create a safe and inclusive environment for all participants. This included measures to prevent underage drinking, as we wanted to avoid any toxic situations influenced by peer pressure. If we observed any underage individual attempting to consume alcohol or any member offering alcohol to a minor, we took immediate action by confiscating the drink and issuing a final warning. Furthermore, we made conscious efforts to ensure that all members, including those who were more introverted, felt included and valued. We actively engaged them in conversations and activities, ensuring that their voices were heard and respected. Fortunately, these concerns were rarely an issue due to the naturally positive and welcoming atmosphere that permeated our meetings.

Ethics

As mentioned repeatedly, HackFlag was an ethical hackers forum, and to maintain its ethical nature, we implemented various measures and remained vigilant against content that could violate our community standards. The greatest challenge we faced was not only keeping the website clean and protecting it from malicious individuals but also determining where to draw the line.

Hacking has always existed in a gray area, but over the years, public opinion has shifted from "all hacking is bad!" to recognizing the need for ethical hackers to counteract malicious ones. This acknowledgment led to the identification of white hat hacking, which involves ethical hacking to identify vulnerabilities and address them before black hat hackers can exploit them. Black hat hacking, on the other hand, refers to unauthorized and malicious activities aimed at exploiting vulnerabilities.

In summary, white hat hacking is considered good, while black hat hacking is seen as bad. The challenge lies in the fact that both forms require similar knowledge. Even if members post topics about white hat hacking, the content can still be misused for black hat purposes, potentially portraying the forum as a criminal organization providing manuals for criminals.

To prevent this misconception, it is crucial for authors to clarify their intention with every post, emphasize that the information is solely for educational purposes, outline how the knowledge should be used responsibly, and provide clear solutions and security measures. This approach not only clarifies the author's intention but also discourages any misuse of the knowledge, motivating readers to utilize it for positive purposes.

To ensure clarity, we enforced the inclusion of clear warnings in every post and compliance with other specified requirements. Although this provided substantial clarity regarding the author's intention, it wasn't foolproof. We encountered instances where members attempted to deceive by creating posts clearly intended for malicious purposes but including a warning to feign educational intent. Consequently, we disallowed content that was highly likely to be relevant only for malicious purposes, such as DDoS attacks, fraud, and the sale of personal details.

Determining what content was highly likely to be intended for malicious purposes was an ongoing topic of debate on HackFlag. We recognized that while rules can be convenient, they are not infallible. These discussions and striking a careful balance between the value of knowledge, the likelihood of abuse, and the potential impact of such abuse became crucial.

Our struggle mirrored that of other prominent websites like Facebook in deciding which content to allow or prohibit. Simultaneously, it served as a valuable learning experience that has provided me with the opportunity to share my insights and expertise by being invited to give talks on how we navigated and addressed these challenges.

My presentation on this topic at Leiden University during the "Avond van Cleveringa 2016" event

In addition to this challenge, we placed great emphasis on ensuring that our members were well-informed about the purpose of our website, the rules in place, and the potential consequences of violating them. With a dedicated team of moderators, we were able to promptly address any instances of abusive content or behavior, enabling us to maintain our focus as an educational platform.

Press

Due to its prominent position in the hackers scene, HackFlag has garnered attention from various media outlets. Below is a non-exhaustive list of publications and platforms where HackFlag has been featured:

Newspapers and magazins


Online news websites


Television

Netherlands

Belgium

What I have learned

The HackFlag journey has been a significant part of my life, spanning a remarkable 10 years that began at a young age. It has been a truly transformative experience, shaping my leadership abilities, honing my management skills, fostering community-building, and fueling my passion for educational platforms, ethical hacking, and positive impact in the cybersecurity field. As I reflect on this meaningful chapter, it evokes a mix of emotions, leaving behind a lasting impact and a profound sense of gratitude.

Below is a non-exhaustive list of skills and insights that have been enhanced through my experience with HackFlag. These skills highlight the diverse range of learnings and growth opportunities that this journey has provided.

  • Leadership:
    Nurturing and leading a thriving online community, managing conflicts, and fostering collaboration among diverse individuals.
  • Problem-solving:
    Tackling intricate cybersecurity challenges, analyzing vulnerabilities, and devising innovative solutions.
  • Ethics and Responsibility:
    Upholding ethical standards, educating members on responsible hacking practices, and advocating for positive impact within the cybersecurity field.
  • Community-building:
    Creating a welcoming and inclusive environment, promoting active participation, and fostering meaningful connections among members.
  • Event Organization:
    Planning and executing successful meetings, workshops, and educational events to engage and inspire the community.
  • Communication:
    Effectively conveying complex technical concepts to diverse audiences, both in writing and in person.
  • Adaptability:
    Navigating evolving technological landscapes, staying updated with emerging trends, and embracing continuous learning.
  • Critical Thinking:
    Evaluating information, identifying potential risks, and making informed decisions to protect systems and users.
  • Collaboration:
    Working closely with a diverse range of individuals, fostering teamwork, and leveraging collective knowledge for shared goals.
  • Education:
    How people learn, process information and the various forms in which knowledge can be presented to motivate different types of persons
  • Presentations:
    Developing effective presentation skills through delivering engaging talks during HackFlag meetings and external events, effectively conveying the mission and accomplishments of HackFlag, and inspiring others with the journey and insights gained from this remarkable experience.
  • Feedback Management:
    Cultivating the ability to handle feedback constructively, actively listening to various viewpoints, and developing the discernment to effectively incorporate valuable insights while filtering out feedback that may not align with the intended goals or provide constructive contributions.
  • Technical Proficiency:
    Acquiring a range of technical skills, including the ability to set up and configure a forum according to specific requirements, adapt and customize its functionality, and modify the appearance to align with evolving needs and desired user experience.

Conclusion

As this chapter draws to a close, I am filled with profound gratitude, nostalgia, and a sense of anticipation for the road ahead. HackFlag has been more than just a forum; it has been a life-changing experience that has shaped my character, skills, and aspirations. The valuable lessons I've learned, both professionally and personally, will serve as guiding principles as I carry the spirit of HackFlag within me. I am truly grateful for the connections forged, the cherished memories created, and the immeasurable learning that this extraordinary community has gifted me.

Made in Webflow