Useful Online Resources for New Hackers

March 8, 2016 HackerOne Team

Want to learn how to hack? Join thousands of others who have developed in-demand cybersecurity skills and who are earning cash from hacking. Santiago Lopez (his hacker handle is @try_to_hack) is a self-taught hacker who was the first to earn over $1,000,000 in bounties on HackerOne. He achieved this incredible milestone and he is only 19-years old.

You too can become a hacker. In fact, many people don't realize that they often have a hacker skillset already! Hackers are curious and find clever ways around obstacles in systems. The good news? There is a huge knowledge base out there to help you.

Here are a few quick free educational resources on hacking. By utilizing one (or all) of these sites you can help increase your hacking knowledge and start hunting bugs like @try_to_hack.

Hacker101: https://www.hacker101.com/ https://ctf.hacker101.com/ http://www.hacker101.com/discord

Hacker101 is our education platform that covers everything from the absolute basics of security, through to advanced topics like binary reverse-engineering and breaking cryptography in practical settings.  It does so through three methods:

  • Videos which cover the fundamentals, to turn unknown-unknowns into known-unknowns

  • CTF levels which let you take your newfound knowledge and put it into practice, expanding your skills at the same time

  • A Discord server where you can chat with other hackers, to help each other out with your respective journeys

Portswigger Web Security Academy: https://portswigger.net/web-security

This is a great resource that breaks down how a vulnerability comes to be, how it is exploited, and includes hands-on labs for each step.

Nahamsec’s Recon Guide: https://www.hackerone.com/blog/how-to-recon-and-content-discovery

This provides a great starting point to the world of reconnaissance and discovering content in the real world, pointing you in the right direction for a number of key tools and resources.

Stok’s How To Get Started In Bug Bounty: https://www.youtube.com/watch?v=CU9Iafc-Igs

If you’re intimidated by the world of bounty hunting, this video is for you. This resource really lays out a great 9-point plan to get you to where you want to be.

Bug Hunter University: https://sites.google.com/site/bughunteruniversity/

Google's Bug Hunter University is another great resource that was created by the Google Security Team. It is particularly good for use in creating great vulnerability reports.

Hacktivity: https://hackerone.com/hacktivity

There's no better resource than actually looking at closed reports. To that end HackerOne and our customers strive to make our best examples public. You can find a list of HackerOne publicly disclosed reports here.

Web Hacking 101https://leanpub.com/web-hacking-101 

Using publicly disclosed vulnerabilities, Web Hacking 101 explains common web vulnerabilities and will show you how to start finding vulnerabilities and collecting bounties. With over 30 examples, the book covers topics like:

  • HTML Injection
  • Cross site scripting (XSS)
  • Cross site request forgery (CSRF)
  • Open Redirects
  • Remote Code Execution (RCE)
  • Application Logic
  • and more...

Start hacking

Hackers are securing the products we use every single day. Utilize these resources to expand your knowledge about the fascinating field of cybersecurity and begin your hacker journey today.

If you're a hacker and recommend other resources, tweet at us, we’d love to share it out!

 


HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.

Previous Article
Fair and Transparent Hacker Invitations
Fair and Transparent Hacker Invitations

We're happy to share that, based on your feedback, we've improved the hacker invitation system for privat...

Next Article
The HackerOne Success Index - Response Efficiency
The HackerOne Success Index - Response Efficiency

Quickly acknowledging, validating, and resolving submitted issues while recognizing the researcher's effort...