| layout |
|---|
landing |
Hacker101 is structured as a set of video lessons -- some covering multiple topics, some covering a single one -- and can be consumed in two different ways. You can either watch them in the order produced as in a normal class (§ Sessions), or you can watch individual videos (§ Vulnerabilities). If you're new to security, we recommend the former; this provides a guided path through the content and covers more than just individual bugs.
Additionally, we have a CTF (Capture The Flag) where you can hunt for bugs and experiment with exploitation in practice. You can access that here.
- Introduction
- The Web In Depth
- XSS and Authorization
- SQL Injection and Friends
- Session Fixation
- Clickjacking
- File Inclusion Bugs
- File Upload Bugs
- Null Termination Bugs
- Unchecked Redirects
- Password Storage
- Crypto series
- Threat Modeling
- Writing Good Reports
- Burp Suite series
- Secure Architecture Review
- Clickjacking
- Command Injection
- Cross-Site Request Forgery (CSRF)
- Directory Traversal
- Local/Remote File Inclusion
- Improper Authorization
- Insecure Password Storage
- Improper Handling of Null Termination
- Padding Oracle
- Reflected Cross-Site Scripting (XSS)
- Session Fixation
- SQL Injection
- Stored Cross-Site Scripting (XSS)
- Stream Cipher Key Reuse
- Subdomain Takeover
- Unchecked Redirect
Note: The coursework is deprecated in favor of the Hacker101 CTF and will be removed on October 1, 2018.
- Level 0: Breakerbank
- Level 1: Breakbook
- Level 2: Breaker Profile
- Level 3: Breaker CMS
- Level 4: Breaker News
- Level 5: Document Repository
- Level 6: Student Center
- Level 7: Guardian
- Level 8: Document Exchange
See our FAQ list at https://www.hackerone.com/hacker101 or email [email protected] with questions or suggestions. Thanks!