Hacker101: Free class for web security. Let’s break some stuff

Jan 24, 2018 · 2 min read

I’ve been hacking for a long time. Ever since I can remember, I’ve enjoyed the thrill of sharing knowledge and collaborating with other hackers. In this world, there’s always something new to learn and something new to teach.

That’s why 5 years ago, I created a syllabus and launched the course: Breaker 101. It started with a syllabus and a single post on Hacker News. I didn’t know if anyone was going to sign up … and then it sold out that afternoon.

I never thought that it would take off the way it did. I was able to work with hundreds of students assisting them in their learning journey and helping them get placed in quality infosec jobs.

I was hooked and I knew I wanted to grow it into something more, bigger, better. That was a big reason why I joined HackerOne. I could not be more happy to be part of this team and be able to provide to you — for free — all my original content.

Hacker101 is a free class for web security. Whether you’re a programmer with an interest in bug bounties or a seasoned security professional, Hacker101 has something to teach you.

As of today, there are 14 sessions in Hacker101, covering:

  • Tools of the trade
  • Cross-site scripting
  • Cross-site request forgery
  • SQL injection
  • Fundamentals of the web and how they impact security
  • Directory traversal
  • Command injection
  • Session fixation
  • Clickjacking
  • File inclusion
  • File upload vulnerabilities
  • Crypto fundamentals and how to break commonly seen crypto
  • And much, much more

But it doesn’t stop there. I’m going to be adding a lot more content, with the help of some of my HackerOne colleagues and community members. As of now I plan to release content about once every two months and I’d love to get your feedback on what I should cover next.

To start, here’s a few ideas I have:

  • How to threat model without wasting time
  • How to write great bug reports
  • Mobile application testing
  • Bypassing certificate pinning
  • Identifying dangerous storage of data
  • Finding unintentionally exposed data
  • Bypassing geofencing
  • ROP, JOP, and other modern exploitation techniques
  • Using the GPU to break kernels

You can check out the Hacker101 page for the course syllabus and links to all the content.

The HackerOne community is strong. I’m here to make it stronger, and do my part to help build better hackers.

Got some cool content you’d like to see added? Let us know! And tweet at me with #hacker101 — I’d love to hear how you like it and how we can improve because we’re just getting started!

Happy breaking,

- Cody Brocious (Daeken)

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store