0xEdward

Hacker101 - Introduction Notes

Disclaimer

These notes are not comprehensive. I only jotted down what was useful for me and I may include other research I’ve done while going through the video.

Attacker Mindset

The unbalanced game

Prioritization

Reporting

Key components of a report

  1. Title
  2. Severity
    • Informative - issue has no impact currently, but might in the future
    • Low
    • Medium - Potential to cause harm to users, but no data leak
    • High - Potential to reveal user data or can be chained with more severe exploits
    • Critical - System compromise, risk of confidential/user data exposure
  3. Description - What is the vulnerability?
  4. Steps to reproduce - ideally with a POC
  5. Impact - What can an attacker do with this vulnerability?
  6. Mitigation - How it be fixed?
  7. List of assets affected

Takeaway Exercise

Browse the web with proxy set up and Burp. Watch the flow of data. Where does input get reflected?

Sources

Course

website visit counter