Hacker101 - Introduction Notes


These notes are not comprehensive. I only jotted down what was useful for me and I may include other research I’ve done while going through the video.

Attacker Mindset

The unbalanced game



Key components of a report

  1. Title
  2. Severity
    • Informative - issue has no impact currently, but might in the future
    • Low
    • Medium - Potential to cause harm to users, but no data leak
    • High - Potential to reveal user data or can be chained with more severe exploits
    • Critical - System compromise, risk of confidential/user data exposure
  3. Description - What is the vulnerability?
  4. Steps to reproduce - ideally with a POC
  5. Impact - What can an attacker do with this vulnerability?
  6. Mitigation - How it be fixed?
  7. List of assets affected

Takeaway Exercise

Browse the web with proxy set up and Burp. Watch the flow of data. Where does input get reflected?