THINK of “hackers” and people usually mean the bad guys who wreak havoc on the internet to steal information and data for money, or for intelligence gathering.
Using computers, a “hacker” is a person who attempts to gain access to data.
But not all hackers are bad. The bad are called “Black Hat Hackers” and the good are “White Hat Hackers.”
Black Hat Hackers are also called other names, cybercriminal, pirate, computer criminal, keylogger, keystroke logger, etc. They can either be non-state actors or state actors.
In the case of White Hat Hackers, they are tapped by organizations to hack their security systems to expose vulnerabilities or weaknesses in their systems or networks and solve them before hackers can exploit them.
And then there are organizations or groups or individuals who take initiatives to help out in developing White Hat Hackers!
For example, HackerOne, in an email to SDN — Scitech and Digital News., which is offering web hacking courses to educate the next generation of hackers.
SINGAPORE — HackerOne, the leading hacker-powered security platform, has recently announced the expansion of its free online hacker training program, Hacker101, through a partnership with interactive cybersecurity training company HackEDU.
Hacker101 is giving away the first of its kind sandboxed training environments, modeled after five real-world vulnerability reports. HackerOne and HackEDU are committed to empowering the hacker community by providing access to world-class training materials.
Vulnerability sandboxes for training
HackEDU developed new vulnerability sandboxes, the latest in their interactive coursework available to hackers and join existing Hacker101 interactive content, coursework and capture the flag (CTF) challenges.
The first five featured vulnerability sandboxes were inspired by some of the most popular publicly disclosed reports on HackerOne’s Hacktivity. With over 6,000 vulnerability reports listed, Hacktivity is the world’s largest public activity feed of vulnerabilities found, rewarded, resolved and disclosed. The five sandboxes available feature the following replicated vulnerabilities:
- Clickjacking vulnerability that can be used to create a word
- XXE vulnerability that can be exploited to steal files
- Remote code execution (RCE) vulnerability on a server
- SQL injection attack using sqlmap that steals data
- XSS attack that causes a user to send you data without their knowledge.
These latest Hacker101 training environments were designed and developed by HackEDU for hackers or developers interested in practicing real-world hacking techniques in a safe and legal environment. Since HackerOne’s Hacker101 launched in January 2018, thousands of individuals have become better hackers by participating in the free challenges and coursework.
“Hacking is a highly sought after skill, but it is not always clear how to get started or advance to the next level. This is why we started Hacker101,” said Cody Brocious, HackerOne security researcher and head of Hacker Education.
“Now with HackEDU’s sandboxes and interactive lessons, hackers can test their skills like never before. With simulated real-world bugs — originally discovered by top bug hunters in the community — you will learn something new with these latest sandboxes, no matter your skill level,” he added.
“HackEDU is proud to offer real-world applications with real-world vulnerabilities found on HackerOne’s platform,” said Jared Ablon, HackEDU’s CEO.”With this addition to HackEDU’s current offerings, users can explore how vulnerabilities manifest themselves in applications that people use everyday which enhances the learning process for both attackers and defenders.”
Hacktivity Sandboxes are now available along with HackEDU’s other current content offerings of both public vulnerabilities and Secure Development Training. All of these courses are now available for tailoring programs for software developers, security champions, and application security professionals.
New HackerOne Private Program Invites From Hacker101 CTF Flags
Hacker101 recently introduced the Hacker101 CTF as a new way for hackers to apply their skills to real-world challenges. Now finding flags in the CTF will now allow hackers to directly earn invitations to ongoing private customer bug bounty programs on HackerOne. Since the launch, nearly 9,000 hackers have participated in the CTF and found over 22,000 flags.
With over 250,000 hackers registered, HackerOne hosts the world’s largest community of trusted hackers. These hackers have earned more than $40M USD in bounties for reporting over 100,000 security vulnerabilities to HackerOne’s more than 1,200 customer programs, including the United States Department of Defense, Github, Spotify, General Motors, Starbucks and Coinbase.
The world needs hackers now more than ever. Approximately 4.5 billion records were lost or stolen in the first six months of 2018 as a result of 945 breaches worldwide, according to recent research. By working with hackers to find unknown vulnerabilities, organizations are safely fixing security issues reported by the hacker community before they can be exploited. (HackerOne)