Hacker News new | comments | show | ask | jobs | submit login
[dupe] The new Breaker 101 course has launched (daeken.com)
35 points by daeken 1348 days ago | hide | past | web | 15 comments | favorite

Disclosure: I was a student in the first round of this course and prior to enrolling, only vaguely knew of Cody as 'that guy who hacked hotel locks'.

For anyone considering this course, it's well worth the price of admission. Especially if your company pays :) Cody challenges each student to think like a breaker. The course is very hands on. I'd plan to spend at least 5 hours a week on the coursework.

As a result of what I've learned, I've found numerous bugs within internal apps at my company, bugs within random email survey links, bugs within vendor code. Bugs, bugs everywhere!

My only nitpick with the course was that there were some unforeseen scheduling issues that affected the pace and caused it to extend out to > 12 weeks in length. But I attribute most of those to being part of the first/beta run. I have confidence that Cody will get everything worked out in future iterations.

It doesn't take long to see that Cody really does have a genuine interest in teaching others about security. His willingness to share his knowledge is a benefit to anyone willing to learn.

First things first: I cannot thank HN enough for the support that I've had with Breaker 101. The vast majority of students in the first run came from HN; I would not have had a sold out beta were it not for this community.

Now, since this is HN, I feel like I should give a little bit of 'inside' info on how things really went. As I mention on the site, feedback was uniformly positive, but that doesn't mean there weren't missteps aplenty. From Paypal freezing my funds (man, that was a bad idea) to emails being lost in the mix over and over, to infrastructure problems with video streaming.

But the key problem was always disorganization and communication. There were 65 students in the first run, and communication happened over email, IRC, and the forums. Having all those options for communication seemed like a good idea -- flexibility is never wrong, right? -- it backfired. It meant that scheduling changes, homework information, etc was always being lost in the mix. That was the biggest problem in the course, as identified by pretty much every student in the class.

But I've spent the last month and a half working my ass off on a brand new platform for communication. While the IRC channel will still exist, this new site is where all homework, exams, lecture videos, scheduling info, etc will be distributed. I believe this will solve the core problem of the first run and make this the best course ever.

As a first-time teacher, I was nervous as hell going into this. But I could never have imagined it going this well. Every single student that finished the course (there were quite a lot of dropouts due to a lack of time -- natural consequence of a class for people who are typically quite busy) passed successfully. One student passed with an incredible 99.8% overall score, despite no background in security going in. If the next batch of students is even half as awesome as the previous one, I have no doubt that they will succeed just as impressively.

I can't thank my students enough for making this a success; I wouldn't be here writing this right now if not for them.

So as a huge thank you to HN and everyone who has supported me in this, I'm offering a 20% discount to everyone here: https://breaker101.daeken.com/?code=hn

Seriously, I can't thank you all enough. Breaker 101 is going to make the world a more secure place and none of this would be happening if not for all of you.

Using a basic bootstrap template and not putting a price on the homepage makes it look free.

Try to register and you're surprised by a $2,200 fee. Now you have my email address and had I known upfront, I'd not to have given it to you.

My apologies on the confusion -- the price is on the About page, but it could well be missed. That said, your email is only stored if you complete a purchase, so no worries there.

  > The only way to go from developer to security professional in 12 weeks.
Pretty bold claim.

The Offensive Security "Pentesting with Kali Linux" course and its accompanying OSCP certification is very well-regarded in the industry and only half the cost of Breaker 101 at $1,150 for the course materials, 90 days of lab time, and certification.

Everyone in the industry knows about the OSCP course. It's very hands-on. There's a wide breadth of areas it covers. You're doing everything from OSINT to breaking into lab machines to crafting your own web/win32/linux32 exploits. You will become comfortable with a debugger and x86 CPU registers by the end of it.


Disclaimer: Satisfied customer of OffSec who went through the course.

That statement should've read "web security professional"; just fixed and pushed. You're right, there are courses out there to teach you a broad spectrum of security topics, including some web content. That said, Breaker 101 covers a pretty crazy breadth and depth. The web topics covered in OffSec's course are covered in the first few weeks of Breaker 101, with significantly deeper excursions and more advanced topics after that.

OffSec's course is good for a very broad-strokes overview of security, but it doesn't dive deep, which is -- I believe -- Breaker 101's strength. The goal is that you come out of the course fully able to perform well in a web security environment, and I believe it does that.

  > That statement should've read "web security professional"
Right, so I can buy the PWK course and their Advanced Web Exploitation course and still come out paying less.

  > OffSec's course is good for a very broad-strokes overview of security, but it doesn't dive deep,
Are you kidding? It dives pretty deep. Your website says "Each week will require between 2-3 hours of work by the students". That's how many hours are required per day in the PWK course if you want to complete the materials within 90 days.

Your course claims to require a time commitment of 2-3 hours a week, but let's up it to 5 hours required. That's still only 60 hours of (expected) course time.

Contrast that with the OSCP course (35 days 12) of 180 hours. 60 hours to cover and do hands-on for a broad range of web attacks and also deal with "in-depth" crypto breaking? And this course is targeted at a beginner?

You make a lot of claims and charge a lot of money but they don't seem to stand up and that's going to arouse a lot of perceptions like mine from the security world. Everyone is very suspicious of snake oil claims.

Sorry, I don't mean to rain on your parade. I hope you are successful and push the security industry forward. It's just rather annoying to see you show up to the party and make rather bold claims that don't seem to hold up to scrutiny.



What is the price? The first 10 seats are priced at $2000 or 2.2BTC. Each subsequent seat is $2500 or 2.7BTC.


I'm not saying that I don't think it's worth it. Maybe I'm just surprised since I've become used to free MOOCs and other educational sites that cost less than $100/month. Still, this looks really cool. Best of luck to you.

Would you say this is only for entry level pentesters? In my case I work as a professional application pentester but I'm looking for training to help me "get to the next level".

Currently I'm looking at Offensive Security's OSWE or SANS Advanced Web Pentesting, but I like the idea of an extended course with 1 on 1 interaction.

While most of the material is aimed at those with little-to-no security experience, the second half of the class is above the level of most pentesters. If topics like advanced exploitation, WAF attacks, cryptography failings (ECB block reordering, padding oracle attacks, hash length extensions, etc) are of interest to you, I think you'd enjoy the class. But it all depends on where you're at and what you're looking to learn.

Thanks, yeah it sounds like the second half of the course would definitely be interesting. I won't be able to do the course this time around but I'll keep an eye out for future offerings. Might you consider an advanced course in the future? :)

Does anyone know of free resources to get a taste of this sort of thing?

natas is probably a good start. The first several levels are pretty simplistic, but it starts to ramp up eventually.


$2000? Thanks, but no thanks

Let me explain my position a bit. This thing looks cheap. I'm not talking about visual appeal, i'm talking about content. Website does not explain at all, why I should pay you $2k, as well as at the first look you cannot say at all, is this course free or not. So basically it looks like you are collecting emails.

Applications are open for YC Winter 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact