Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Learning how to hack

Steve Weis steveweis at gmail.com
Mon Aug 29 08:43:36 PDT 2016


What is the background of the students? Do they know how to program? Do
they have experience with web apps or operating systems?

If they have some basic coding and web app background, here are some
suggestions:

   - Google has a good "Web Application Exploits and Defenses" tutorial
   named Gruyere: https://google-gruyere.appspot.com/part1
   - There are dozens of Capture the Flag (CTF) competitions of varying
   difficulty.
      - Here's a list of CTFs: https://ctftime.org/ctfs
      - Here's an archive of UCSB's past CTFs:
      https://ictf.cs.ucsb.edu/pages/archive.html
      - Stripe also has good CTFs that they post the source to:
      https://github.com/stripe-ctf/stripe-ctf-2.0/tree/master/levels
      - This Square/Matasano CTF is assembly-oriented, but I liked it a
      lot: https://microcorruption.com/login
   - This is an (outdated) list of vulnerable web apps for learning
   purposes:
   http://blog.taddong.com/2011/10/hacking-vulnerable-web-applications.html
   - OWASP has educational and training materials, though they seem to be
   spread across several projects that you have to dig through:
   https://www.owasp.org/index.php/Main_Page
   - If the students literally want to go after bug bounties, I'd suggest
   reading through bug bounty reports by researchers. They will go into detail
   and show you the areas that are fruitful to focus on.
      - Here's a bounty hunter's guide:
      https://www.facebook.com/notes/facebook-bug-bounty/a-bounty-hunters-guide-to-facebook/946955115318715/
      - Here's an good bug bounty post:
      https://whitton.io/articles/uber-turning-self-xss-into-good-xss/
      - Here's a more typical bug bounty post:
      https://josipfranjkovic.blogspot.com/2014/12/reading-local-files-from-facebooks.html



On Sun, Aug 28, 2016 at 8:33 PM Yosem Companys <companys at stanford.edu>
wrote:

> Hi all,
>
> Some of our students are interested in learning how to hack and go
> after bug bounties.
>
> Has anyone compiled good resources for getting started? Also, has
> anyone created course syllabi to teach the subject?
>
> I don't want to reinvent the wheel, if the resources are already out there.
>
> Thanks,
> Yosem
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at stanford.edu.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20160829/9b918b1a/attachment.html>


More information about the liberationtech mailing list