New Hacker101 Content: Threat modeling, Burp basics, and more

May 25, 2018 Cody Brocious

Since January, thousands of hackers have expressed their enthusiasm for the first Hacker101 content drop (almost 80,000 total video views and more than 8,800 stars on GitHub in just five months!). Now it's time to take things to the next level. We've prepared amazing content through the end of the year and will be releasing one lesson a month, starting this month. Our early content demonstrates how to identify and exploit some of the most common bugs.

Now we're expanding with two big goals: teaching you how to explore an application to find deeper and more interesting bugs and showing you how to get paid the highest possible bounty by writing the best possible reports. Proper application of these techniques will help you find better bugs, make more money, and make the internet safer.

Planned Content for the remainder of 2018 (download the syllabus):

  • May                           Lightweight Threat Modeling
  • June                         Writing Good Reports
  • July                            Introduction to Burp Suite
  • August                     Intermediate Burp Suite Techniques
  • August                     Advanced Burp Hacks for Bounty Hunters
  • September           Secure Architecture Review
  • October                  SSRF
  • November             Source Review Techniques
  • December             Cookie Tampering Techniques & XML External Entity Attack

I hope you're as excited as I am about the lessons to come! You can view all the lessons on GitHub.

Happy breaking,

- Cody Brocious (Daeken)


HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.

Previous Article
Hacker-Powered pen tests at the U.S. Federal Customer Stories: Government
Hacker-Powered pen tests at the U.S. Federal Customer Stories: Government

When looking for a model to inform your own security posture, the Department of Defense would be a good pla...

Next Article
Hacker Q&A with Rachel Tobac: Hacking Companies Through Their People
Hacker Q&A with Rachel Tobac: Hacking Companies Through Their People

CEO and Co-founder of SocialProof Security, Rachel Tobac hacks people. Using a phone, email, and an approac...