Offensive Hacking Education Landscape
A few weeks ago there was a dust up on the bug bounty and pentesting corner of infosec twitter with certain content and tool creators in the space calling out others.
While there are some charlatans, or “grifters” as The Cyber Mentor calls them, there are many great providers of high quality hacker educational content available - a lot of it for free. See nahamsec’s list of content creators, and Heath’s list. See the getting started list on Hacker101 if you’re new to the space and looking to learn.
I will say, most of the content produced in the space is complementary versus competitive. Watch youtube videos from LiveOverflow, while you’re reading bug reports on HackerOne’s hacktivity and taking a Udemy course preparing you to sit for an OSCP certification exam or an AWS cloud practitioner certification exam.
I’ve compiled a list of some platforms offering education in the market today. It is highly likely I have forgotten a key provider, this is not meant to be an exhaustive list, but rather a quick snapshot of what I’m aware of as of today.
Hacker Education Content Platforms
The library of each platform is growing. Many have content on web, mobile, IoT, reverse engineering, network and application penetration testing, tools reviews and tutorials and more is being added each month. Perhaps someone should create a changelog of the various platform streams and when they add new stuff.
https://www.hacker101.com/
https://www.hackthebox.com/
https://tryhackme.com/
https://portswigger.net/web-security
https://github.com/bugcrowd/bugcrowd_university
https://pentesterlab.com/
https://www.offensive-security.com/labs/individual/
https://academy.tcm-sec.com/
https://ctfchallenge.com/
https://owasp.org/www-project-juice-shop/
https://bughuntr.io/
https://www.bugbountyhunter.com/zseano
YouTube Content Creators
Here's 22 YouTube channels with thousands of hours of collective content. Enjoy!
https://www.youtube.com/c/hakluke
https://www.youtube.com/c/PinkDraconian
https://www.youtube.com/c/TheCyberMentor
https://www.youtube.com/c/JohnHammond010
https://www.youtube.com/c/HackerSploit
https://www.youtube.com/c/ippsec
https://www.youtube.com/c/STOKfredrik
https://www.youtube.com/c/PwnFunction
https://www.youtube.com/c/Nahamsec
https://www.youtube.com/c/InsiderPhD
https://www.youtube.com/c0nd4
https://www.youtube.com/c/StefanRows
https://www.youtube.com/c/RanaKhalil101
https://www.youtube.com/c/joehellethemayor
https://www.youtube.com/c/cwinfosec
https://www.youtube.com/c/FarahHawa
https://www.youtube.com/c/DCcybersec
https://www.youtube.com/c/InfiniteLogins
https://www.youtube.com/c/codingo
https://www.youtube.com/c/thehackerish
https://www.youtube.com/c/Hacksplained
https://www.youtube.com/c/LiveOverflow
An open note to Google / YouTube
I regularly hear about YouTube banning content creators that are creating educational value for cybersecurity enthusiasts and learners.
Why does this keep happening to cybersecurity content creators? Google is supposed to have one of the most elite security groups in the industry… can you all help us out and talk to the content moderation teams? https://t.co/2iibru9Mpl
— Jason Haddix (@Jhaddix) January 10, 2022
I'll bet if you ask the YouTube creators listed above, they've all had at least 1 video removed, received multiple warnings, and perhaps even had their channel suspended. All of the above happened to us at HackerOne for some of our Hacker101 educational videos at least 3 or 4 times. Pretty much every time you get reinstated after complaining to YouTube but there should be a better mechanism to detect the educational veracity and rather than remove it, promote it! YouTube needs to either train the mods or train the algos. We will be safer as a digitally connected society the more people learn about this field.
Happy learning!