Nostalgic survey of late-90s/early-2000s hacking tools – Back Orifice, Sub7, Netcat, IRC C2 – arguing their architectural ideas still define modern threat actor tradecraft.
Key Takeaways
Sub7, written in Delphi by Romanian teenager mobman (1999), used ICQ notifications and an IRC bot for C2 – a direct conceptual ancestor of cloud-service C2 frameworks.
Back Orifice (1998) and BO2K (1999) were functionally superior to legitimate remote admin tools of their era; BO2K shipped open source with plugin support and encrypted comms.
Netcat, Nmap, John the Ripper, Cain & Abel, and Aircrack all date to this period and remain on every pentester’s machine in 2026.
Italy’s Operation Hardware 1 (May 1994) raided 119 Fidonet nodes to reach two suspects, confiscating modems, floppies, and at least one power strip – the crackdown accelerated migration to IRC.
The lasting lesson is architectural: blend C2 traffic into existing legitimate infrastructure (IRC then, Slack/Telegram/Google Drive now), not technical sophistication.
Hacker News Comment Review
Commenters flagged notable omissions from the tool survey: SoftIce, IDA, W32Dasm, and OllyDbg – core reverse-engineering tools that defined the same era but received no coverage.
Ad experience complaints surfaced, with one commenter noting the site is unreadable without uBlock Origin and Reader View.
Notable Comments
@deweywsu: calls out missing reverse-engineering tools: “What, no mention of SoftIce or IDA? What about W32Dasm? OllyDBG?”
