Offensive Hacking Education Landscape

Offensive Hacking Education Landscape

A few weeks ago there was a dust up on the bug bounty and pentesting corner of infosec twitter with certain content and tool creators in the space calling out others.

While there are some charlatans, or “grifters” as The Cyber Mentor calls them, there are many great providers of high quality hacker educational content available  - a lot of it for free. See nahamsec’s list of content creators, and Heath’s list. See the getting started list on Hacker101 if you’re new to the space and looking to learn.

I will say, most of the content produced in the space is complementary versus competitive. Watch youtube videos from LiveOverflow, while you’re reading bug reports on HackerOne’s hacktivity and taking a Udemy course preparing you to sit for an OSCP certification exam or an AWS cloud practitioner certification exam.

I’ve compiled a list of some platforms offering education in the market today. It is highly likely I have forgotten a key provider, this is not meant to be an exhaustive list, but rather a quick snapshot of what I’m aware of as of today.

Hacker Education Content Platforms

Here's a list of platforms as of January 2022. Refer to this google doc for easier viewing

The library of each platform is growing. Many have content on web, mobile, IoT, reverse engineering, network and application penetration testing, tools reviews and tutorials and more is being added each month. Perhaps someone should create a changelog of the various platform streams and when they add new stuff.

Much of the content is for free! Some more advanced learning modules are offered as paid access by a growing list of platforms.
Most of the content available is video focused, but seeing a lot more CTF labs and platforms popping up over the last few years. Also check out that bottom right quadrant 🤑

YouTube Content Creators

Heroes, every one of em!

Here's 22 YouTube channels with thousands of hours of collective content. Enjoy!

An open note to Google / YouTube

I regularly hear about YouTube banning content creators that are creating educational value for cybersecurity enthusiasts and learners.

I'll bet if you ask the YouTube creators listed above, they've all had at least 1 video removed, received multiple warnings, and perhaps even had their channel suspended. All of the above happened to us at HackerOne for some of our Hacker101 educational videos at least 3 or 4 times. Pretty much every time you get reinstated after complaining to YouTube but there should be a better mechanism to detect the educational veracity and rather than remove it, promote it! YouTube needs to either train the mods or train the algos. We will be safer as a digitally connected society the more people learn about this field.  

Happy learning!

Subscribe to Luke Tucker

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.