[liberationtech] Learning how to hack
Cecilia Tanaka
cecilia.tanaka at gmail.com
Mon Aug 29 09:30:30 PDT 2016
Wow!!! Really awesome compilation, Steve! Thank you with all my heart and
soul! <3 <3 <3
I promise I will study more and explode less things! But I will always
play with lights to enlighten hearts in the dark and make children
smile... Happiness is a LED blinking! :D
Love, books, music, soldering and LEDs!
Ceci
On Aug 29, 2016 12:44 PM, "Steve Weis" <steveweis at gmail.com> wrote:
>
> What is the background of the students? Do they know how to program? Do
they have experience with web apps or operating systems?
>
> If they have some basic coding and web app background, here are some
suggestions:
> Google has a good "Web Application Exploits and Defenses" tutorial
named Gruyere: https://google-gruyere.appspot.com/part1
> There are dozens of Capture the Flag (CTF) competitions of varying
difficulty.
> Here's a list of CTFs: https://ctftime.org/ctfs
> Here's an archive of UCSB's past CTFs:
https://ictf.cs.ucsb.edu/pages/archive.html
> Stripe also has good CTFs that they post the source to:
https://github.com/stripe-ctf/stripe-ctf-2.0/tree/master/levels
> This Square/Matasano CTF is assembly-oriented, but I liked it a lot:
https://microcorruption.com/login
> This is an (outdated) list of vulnerable web apps for learning purposes:
http://blog.taddong.com/2011/10/hacking-vulnerable-web-applications.html
> OWASP has educational and training materials, though they seem to be
spread across several projects that you have to dig through:
https://www.owasp.org/index.php/Main_Page
> If the students literally want to go after bug bounties, I'd suggest
reading through bug bounty reports by researchers. They will go into detail
and show you the areas that are fruitful to focus on.
> Here's a bounty hunter's guide:
https://www.facebook.com/notes/facebook-bug-bounty/a-bounty-hunters-guide-to-facebook/946955115318715/
> Here's an good bug bounty post:
https://whitton.io/articles/uber-turning-self-xss-into-good-xss/
> Here's a more typical bug bounty post:
https://josipfranjkovic.blogspot.com/2014/12/reading-local-files-from-facebooks.html
>
>
> On Sun, Aug 28, 2016 at 8:33 PM Yosem Companys <companys at stanford.edu>
wrote:
>>
>> Hi all,
>>
>> Some of our students are interested in learning how to hack and go
>> after bug bounties.
>>
>> Has anyone compiled good resources for getting started? Also, has
>> anyone created course syllabi to teach the subject?
>>
>> I don't want to reinvent the wheel, if the resources are already out
there.
>>
>> Thanks,
>> Yosem
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20160829/1dd64480/attachment.html>
More information about the liberationtech
mailing list