Search Mailing List Archives
[liberationtech] Learning how to hack
steveweis at gmail.com
Mon Aug 29 08:43:36 PDT 2016
What is the background of the students? Do they know how to program? Do
they have experience with web apps or operating systems?
If they have some basic coding and web app background, here are some
- Google has a good "Web Application Exploits and Defenses" tutorial
named Gruyere: https://google-gruyere.appspot.com/part1
- There are dozens of Capture the Flag (CTF) competitions of varying
- Here's a list of CTFs: https://ctftime.org/ctfs
- Here's an archive of UCSB's past CTFs:
- Stripe also has good CTFs that they post the source to:
- This Square/Matasano CTF is assembly-oriented, but I liked it a
- This is an (outdated) list of vulnerable web apps for learning
- OWASP has educational and training materials, though they seem to be
spread across several projects that you have to dig through:
- If the students literally want to go after bug bounties, I'd suggest
reading through bug bounty reports by researchers. They will go into detail
and show you the areas that are fruitful to focus on.
- Here's a bounty hunter's guide:
- Here's an good bug bounty post:
- Here's a more typical bug bounty post:
On Sun, Aug 28, 2016 at 8:33 PM Yosem Companys <companys at stanford.edu>
> Hi all,
> Some of our students are interested in learning how to hack and go
> after bug bounties.
> Has anyone compiled good resources for getting started? Also, has
> anyone created course syllabi to teach the subject?
> I don't want to reinvent the wheel, if the resources are already out there.
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at stanford.edu.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the liberationtech