

The new Breaker 101 course has launched - daeken
https://breaker101.daeken.com/?hn

======
daeken
First things first: I cannot thank HN enough for the support that I've had
with Breaker 101. The vast majority of students in the first run came from HN;
I would not have had a sold out beta were it not for this community.

Now, since this is HN, I feel like I should give a little bit of 'inside' info
on how things really went. As I mention on the site, feedback was uniformly
positive, but that doesn't mean there weren't missteps aplenty. From Paypal
freezing my funds (man, that was a bad idea) to emails being lost in the mix
over and over, to infrastructure problems with video streaming.

But the key problem was always disorganization and communication. There were
65 students in the first run, and communication happened over email, IRC, and
the forums. Having all those options for communication seemed like a good idea
-- flexibility is never wrong, right? -- it backfired. It meant that
scheduling changes, homework information, etc was always being lost in the
mix. That was the biggest problem in the course, as identified by pretty much
every student in the class.

But I've spent the last month and a half working my ass off on a brand new
platform for communication. While the IRC channel will still exist, this new
site is where all homework, exams, lecture videos, scheduling info, etc will
be distributed. I believe this will solve the core problem of the first run
and make this the best course ever.

As a first-time teacher, I was nervous as hell going into this. But I could
never have imagined it going this well. Every single student that finished the
course (there were quite a lot of dropouts due to a lack of time -- natural
consequence of a class for people who are typically quite busy) passed
successfully. One student passed with an incredible 99.8% overall score,
despite no background in security going in. If the next batch of students is
even half as awesome as the previous one, I have no doubt that they will
succeed just as impressively.

I can't thank my students enough for making this a success; I wouldn't be here
writing this right now if not for them.

So as a huge thank you to HN and everyone who has supported me in this, I'm
offering a 20% discount to everyone here:
[https://breaker101.daeken.com/?code=hn](https://breaker101.daeken.com/?code=hn)

Seriously, I can't thank you all enough. Breaker 101 is going to make the
world a more secure place and none of this would be happening if not for all
of you.

------
jgs1
Disclosure: I was a student in the first round of this course and prior to
enrolling, only vaguely knew of Cody as 'that guy who hacked hotel locks'.

For anyone considering this course, it's well worth the price of admission.
Especially if your company pays :) Cody challenges each student to think like
a breaker. The course is _very_ hands on. I'd plan to spend at least 5 hours a
week on the coursework.

As a result of what I've learned, I've found numerous bugs within internal
apps at my company, bugs within random email survey links, bugs within vendor
code. Bugs, bugs everywhere!

My only nitpick with the course was that there were some unforeseen scheduling
issues that affected the pace and caused it to extend out to > 12 weeks in
length. But I attribute most of those to being part of the first/beta run. I
have confidence that Cody will get everything worked out in future iterations.

It doesn't take long to see that Cody really does have a genuine interest in
teaching others about security. His willingness to share his knowledge is a
benefit to anyone willing to learn.

------
beaker52
Using a basic bootstrap template and not putting a price on the homepage makes
it look free.

Try to register and you're surprised by a $2,200 fee. Now you have my email
address and had I known upfront, I'd not to have given it to you.

~~~
daeken
My apologies on the confusion -- the price is on the About page, but it could
well be missed. That said, your email is only stored if you complete a
purchase, so no worries there.

------
waylandsmithers
Awesome!

...

What is the price? The first 10 seats are priced at $2000 or 2.2BTC. Each
subsequent seat is $2500 or 2.7BTC.

...oh.

I'm not saying that I don't think it's worth it. Maybe I'm just surprised
since I've become used to free MOOCs and other educational sites that cost
less than $100/month. Still, this looks really cool. Best of luck to you.

------
runjake

      > The only way to go from developer to security professional in 12 weeks.
    

Pretty bold claim.

The Offensive Security "Pentesting with Kali Linux" course and its
accompanying OSCP certification is _very_ well-regarded in the industry and
only half the cost of Breaker 101 at $1,150 for the course materials, 90 days
of lab time, and certification.

Everyone in the industry knows about the OSCP course. It's _very_ hands-on.
There's a wide breadth of areas it covers. You're doing everything from OSINT
to breaking into lab machines to crafting your own web/win32/linux32 exploits.
You will become comfortable with a debugger and x86 CPU registers by the end
of it.

[http://www.offensive-security.com/information-security-
train...](http://www.offensive-security.com/information-security-
training/penetration-testing-with-kali-linux/)

 _Disclaimer: Satisfied customer of OffSec who went through the course._

~~~
daeken
That statement should've read "web security professional"; just fixed and
pushed. You're right, there are courses out there to teach you a broad
spectrum of security topics, including some web content. That said, Breaker
101 covers a pretty crazy breadth and depth. The web topics covered in
OffSec's course are covered in the first few weeks of Breaker 101, with
significantly deeper excursions and more advanced topics after that.

OffSec's course is good for a very broad-strokes overview of security, but it
doesn't dive deep, which is -- I believe -- Breaker 101's strength. The goal
is that you come out of the course fully able to perform well in a web
security environment, and I believe it does that.

~~~
runjake

      > That statement should've read "web security professional"
    

Right, so I can buy the PWK course and their Advanced Web Exploitation course
and still come out paying less.

    
    
      > OffSec's course is good for a very broad-strokes overview of security, but it doesn't dive deep,
    

Are you kidding? It dives pretty deep. Your website says "Each week will
require between 2-3 hours of work by the students". That's _how many hours are
required per day_ in the PWK course if you want to complete the materials
within 90 days.

Your course claims to require a time commitment of 2-3 hours a week, but let's
up it to 5 hours required. That's still only 60 hours of (expected) course
time.

Contrast that with the OSCP course (3 _5 days_ 12) of 180 hours. 60 hours to
cover and do hands-on for a broad range of web attacks and also deal with "in-
depth" crypto breaking? And this course is targeted at a beginner?

You make a lot of claims and charge a lot of money but they don't seem to
stand up and that's going to arouse a lot of perceptions like mine from the
security world. Everyone is very suspicious of snake oil claims.

Sorry, I don't mean to rain on your parade. I hope you are successful and push
the security industry forward. It's just rather annoying to see you show up to
the party and make rather bold claims that don't seem to hold up to scrutiny.

------
tehskylark
Would you say this is only for entry level pentesters? In my case I work as a
professional application pentester but I'm looking for training to help me
"get to the next level".

Currently I'm looking at Offensive Security's OSWE or SANS Advanced Web
Pentesting, but I like the idea of an extended course with 1 on 1 interaction.

~~~
daeken
While most of the material is aimed at those with little-to-no security
experience, the second half of the class is above the level of most
pentesters. If topics like advanced exploitation, WAF attacks, cryptography
failings (ECB block reordering, padding oracle attacks, hash length
extensions, etc) are of interest to you, I think you'd enjoy the class. But it
all depends on where you're at and what you're looking to learn.

~~~
tehskylark
Thanks, yeah it sounds like the second half of the course would definitely be
interesting. I won't be able to do the course this time around but I'll keep
an eye out for future offerings. Might you consider an advanced course in the
future? :)

------
dale386
Does anyone know of free resources to get a taste of this sort of thing?

~~~
jgs1
natas is probably a good start. The first several levels are pretty
simplistic, but it starts to ramp up eventually.

[http://www.overthewire.org/wargames/natas/](http://www.overthewire.org/wargames/natas/)

------
m0s
$2000? Thanks, but no thanks

~~~
m0s
Let me explain my position a bit. This thing looks cheap. I'm not talking
about visual appeal, i'm talking about content. Website does not explain at
all, why I should pay you $2k, as well as at the first look you cannot say at
all, is this course free or not. So basically it looks like you are collecting
emails.

