Security News HackerOne Offers Free Sandboxes To Replicate Real-World Security Bugs

CyberTech

Level 44
Thread author
Verified
Top Poster
Well-known
Nov 10, 2017
3,247
HackerOne has announced that it makes available to hackers that want to test and hone their skills a set of five sandbox environments modeled after popular security bugs reported through its platform.

The sandboxes are the result of a partnership with the cybersecurity training company HackEDU (Interactive Cybersecurity Training | HackEDU) and expand the Hacker101 online hacker training program offered for free by the vulnerability coordination and bug bounty platform.

Hackboxes to test your hacking skills

The five hackboxes have been developed by HackEDU and are part of the platform's interactive coursework.

All of them include a mockup of the vulnerable application and a proxy tool for intercepting and manipulating web requests.

HackerOne-Hackbox_proxy_tool.png


One of the test environments from HackerOne and HackEDU replicate a wormable clickjacking attack via player cards, reported to Twitter in May 2018. You can access it here.

HackerOne-Hackbox_Clickjacking.png


Another one, available here, challenges hackers to reproduce XML External Entity (XXE) glitch that could be exploited to at least read arbitrary files from a server. The bug was reported to SEMrush in March 2018.

HackerOne-Hackbox_BlindXXE.png


The third hackbox is for trying to get control of a server by using a command injection attack. The real vulnerability was discovered in Imgur and reported in April 2017.

HackerOne-Hackbox_RCE_XXS.png


A flaw in a website operated by Grabtaxi was used to create a testing ground for an SQL injection attack. The company received a report in November 2017.

HackerOne-Hackbox_SQLi.png


Last on the list is a sandbox that replicates a cross-site scripting (XSS) issue in a third-party component used by HackerOne to manage contact forms. The bug was disclosed in August 2017.

HackerOne-Hackbox_XSS.png


The obvious purpose of these demos is educational, and to provide a safe and legal way to practice real-world hacking techniques. They come with explanations on how each bug works and they guide the user through finding and exploiting the vulnerability.

"Hacking is a highly sought-after skill, but it is not always clear how to get started or advance to the next level. This is why we started Hacker101,” said Cody Brocious, HackerOne security researcher and Head of Hacker Education.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top