HackerOne Courses

Haptyc - A Library for Building Microfuzzers in Turbo Intruders

Explore Haptyc, a Python library enhancing Turbo Intruder with advanced fuzzing capabilities. Learn to create modular, reusable transforms for powerful and efficient HTTP request testing in web security assessments.

• YouTube
• 26 minutes
• On-Demand
• Conference Talk

Hacking on Bug Bounties for Five Years

Discover the evolution of bug bounty hunting over five years, exploring successful techniques, favorite vulnerabilities, and lessons learned to help you replicate success in ethical hacking.

• YouTube
• 46 minutes
• On-Demand
• Conference Talk

Breaking Down Offsec Certifications

Explore the value of infosec certifications with industry experts, discussing preparation strategies, career impact, and essential skills for success in the cybersecurity field.

• YouTube
• 33 minutes
• On-Demand
• Conference Talk

Launching an InfoSec Career

Explore diverse paths to cybersecurity careers, from CTFs to bug bounties. Learn key strategies for success, including self-teaching, building a unique skill set, and leveraging your online presence as a resume.

• YouTube
• 41 minutes
• On-Demand
• Conference Talk

Introduction to Docker Hacking

Explore Docker container security, including namespaces, cgroups, and vulnerabilities. Learn hacking techniques and best practices for securing containerized environments.

• YouTube
• 30 minutes
• On-Demand
• Free Video

Discover Vulnerabilities with CodeQL

Explore CodeQL's static and taint analysis capabilities to uncover vulnerabilities, including potential RCE flaws. Learn key concepts for effective code analysis and security testing.

• YouTube
• 27 minutes
• On-Demand
• Conference Talk

The Bug Hunter's Methodology v4 - Recon Edition

Explore cutting-edge techniques for bug hunters and red teamers to discover and expand attack surfaces, focusing on domain reconnaissance, subdomain enumeration, and IP space analysis.

• YouTube
• 1 hour 13 minutes
• On-Demand
• Conference Talk

Pentest Story Time - My Favorite Hacks From the Past Year

Engaging tales of successful penetration testing, showcasing diverse attack vectors and vulnerabilities. Highlights include exploiting lack of MFA, IPv6 abuse, and overcoming robust security measures.

• YouTube
• 32 minutes
• On-Demand
• Conference Talk

How I Got from 0 to MVH - Without Knowing How to Write a Single Line of Python

Discover one hacker's journey from novice to Most Valuable Hacker, exploring tools, resources, challenges, and strategies for success in bug bounty hunting without coding skills.

• YouTube
• 20 minutes
• On-Demand
• Conference Talk

H@cktivitycon 2020 - Graphing Out Internal Networks with CVE-2020-13379 - Unauthed Grafana SSRF

Discover and exploit a critical SSRF vulnerability in Grafana, impacting thousands of companies. Learn methodology, see a live demo, and explore reporting and mass-exploitation experiences.

• YouTube
• 30 minutes
• On-Demand
• Free Video

Burnout

Strategies to recognize, overcome, and prevent burnout in the tech industry. Learn to balance work and personal life, manage stress, and maintain well-being for long-term success.

• YouTube
• 21 minutes
• On-Demand
• Conference Talk

The Pentester Blueprint - A Guide to Becoming a Pentester

Comprehensive guide to becoming a pentester, covering essential skills, knowledge, and steps for pursuing a career in ethical hacking, based on expert experience and mentorship.

• YouTube
• 40 minutes
• On-Demand
• Conference Talk

Cached and Confused - Web Cache Deception in the Wild

Explore Web Cache Deception attacks, including new "Path Confusion" techniques. Learn about vulnerabilities, exploitation methods, and the challenges of remediation in this cybersecurity deep dive.

• YouTube
• 31 minutes
• On-Demand
• Conference Talk

WAF Bypass In Depth

Explore advanced techniques for bypassing Web Application Firewalls (WAFs) and demonstrating the impact of cross-site scripting vulnerabilities, even in the presence of sophisticated security measures.

• YouTube
• 26 minutes
• On-Demand
• Conference Talk

You've Got Pwned - Exploiting E-Mail Systems

Explore common technical attacks on email systems and real-world examples from bug bounty programs, enhancing your understanding of email security beyond spam and phishing.

• YouTube
• 47 minutes
• On-Demand
• Conference Talk