HackerOne expands Hacker101 web training platform with HackEDU partnership

New WAF attack timelines show the start and end of a threat.
No more logs. See how →

HackerOne has expanded its online hacker training program, Hacker101 through a partnership with cybersecurity training company HackEDU. Hacker101 is giving away the sandboxed training environments, modeled after five real-world vulnerability reports. HackerOne and HackEDU are committed to empowering the hacker community by providing access to training materials.

The new HackEDU-developed vulnerability sandboxes are the latest in their interactive coursework available to hackers and join existing Hacker101 interactive content, coursework and capture the flag (CTF) challenges.

The first five featured vulnerability sandboxes were inspired by some of the popular publicly disclosed reports on HackerOne’s Hacktivity. With over 6,000 vulnerability reports listed, Hacktivity is the public activity feed of vulnerabilities found, rewarded, resolved and disclosed. The five sandboxes available feature the following replicated vulnerabilities:

  • Clickjacking vulnerability that can be used to create a worm,
  • XXE vulnerability that can be exploited to steal files,
  • Remote code execution (RCE) vulnerability on a server,
  • SQL injection attack using sqlmap that steals data,
  • XSS attack that causes a user to send you data without their knowledge.

These Hacker101 training environments were designed and developed by HackEDU for hackers or developers interested in practicing real-world hacking techniques in a safe and legal environment. Since HackerOne’s Hacker101 launched in January 2018, thousands of individuals have become better hackers by participating in the challenges and coursework.

“Hacking is a highly sought after skill, but it is not always clear how to get started or advance to the next level. This is why we started Hacker101,” said Cody Brocious, HackerOne security researcher and Head of Hacker Education. “Now with HackEDU’s sandboxes and interactive lessons, hackers can test their skills like never before. With simulated real-world bugs — originally discovered by top bug hunters in the community — you will learn something new with these latest sandboxes, no matter your skill level.”

“HackEDU is proud to offer real-world applications with real-world vulnerabilities found on HackerOne’s platform,” said Jared Ablon, HackEDU’s CEO. “With this addition to HackEDU’s current offerings, users can explore how vulnerabilities manifest themselves in applications that people use everyday which enhances the learning process for both attackers and defenders.”

Hacktivity Sandboxes are now available along with HackEDU’s other current content offerings of both public vulnerabilities and Secure Development Training. All of these courses are now available for tailoring programs for software developers, security champions, and application security professionals.

New HackerOne private program invites from Hacker101 CTF flags

Hacker101 recently introduced the Hacker101 CTF as a new way for hackers to apply their skills to real-world challenges. Now finding flags in the CTF will allow hackers to earn invitations to ongoing private customer bug bounty programs on HackerOne. Since the launch, nearly 9,000 hackers have participated in the CTF and found over 22,000 flags.

With over 250,000 hackers registered, HackerOne hosts the world’s largest community of trusted hackers. These hackers have earned more than $40M in bounties for reporting over 100,000 security vulnerabilities to HackerOne’s more than 1,200 customer programs, including the U.S. Department of Defense, Github, Spotify, General Motors, Starbucks and Coinbase.

The world needs hackers now more than ever. Approximately 4.5 billion records were lost or stolen in the first six months of 2018 as a result of 945 breaches worldwide, according to recent research. By working with hackers to find unknown vulnerabilities, organizations are fixing security issues reported by the hacker community before they can be exploited.

Are you protecting your users and sensitive O365 data from being leaked? Learn how Specops Authentication for O365 can help.