Solved my first challenge on Portswigger #infosec #owasp #portswigger #appsec #hacking https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data

#Portswigger just updated its #WebSecAcademy with a Spring auth bypass of @PTSwarm

https://bird.makeup/users/ptswarm/statuses/1631287479604060161

#InfoSec #CyberSecurity #Pentesting #BugBounty

#CVSS system criticized for failure to address real-world impact
#cybersecurity #it #portswigger
https://portswigger.net/daily-swig/cvss-system-criticized-for-failure-to-address-real-world-impact

#portswigger academy is fucking awesome and I recommend that to everybody who want to learn about #cybersecurity

#PortSwigger provides a practice exam. Instead of two, there is just one application to solve.
In my preparation, I failed the practice exam several times. Don‘t get discouraged when you fail, but learn from your mistakes.

https://portswigger.net/web-security/certification/practice-exam

Solved: Username enumeration via response timing

#burpsuite #portswigger #owasp #appsec #studying

Solved: Username enumeration via subtly different responses

#portswigger #burpsuite #appsec

How your scanner app can be tested?
Do you want to test your brand new scanner app? How to know if the app detects the vulnerabilities it should?

Thanks to Portswigger now we have Gin and Juice Shop. This is a vulnerable web shop where your scanner app can be tested.

The application can be found here: https://ginandjuice.shop

Happy scan! 😈
https://www.rffuste.com/2023/01/23/how-your-scanner-app-can-be-tested/
#Pills #portswigger #webscan

Next, is adding in #portswigger #burp into the api to make the processes even easier. XD

SQL injection with filter bypass via XML encoding solved!!

#portswigger #burpsuite #appsec

Blind SQL injection with out-of-band data exfiltration solved!!

#portswigger #appsec #burpsuite

Completed ✅
#burpsuite #portswigger #owasp #hacking

Back to studying daily on portswigger labs. Prepare to be sick of me. #burpsuite #portswigger #appsec

For all my Burp Suite users on MacOS:

For all the Burp extensions that will run something "in terminal" and you want that terminal to be iTerm2, create a shell script with the following content, link it to /usr/local/bin/iterm or something, and set it as the terminal command in your Burp extensions.

Here I'm using it with the (awesome) Custom Send To extension for sending requests directly. from Burp to a number of different tools like SQLMap, Wfuzz, Gobuster etc. The script will open a new tab in iTerm and run the command specified.

You're welcome!

Script: https://gist.github.com/n0kovo/0e893c7b36f0209ffe971883064bee6f

Custom Send To:
https://github.com/bytebutcher/burp-send-to

#iterm2 #burpsuite #appsec #burp #portswigger #bugbounty #infosec #pentesting #websecurity #techtips

Pretty excited that I made it to level 8! I’ve been grinding through all of the easy rooms and it’s been so rewarding. I feel like I’m learning so much! Aside from THM I’m not sure what else to do. Maybe #portswigger or @Hacker0x01 ? So many options to choose from

PortSwigger wants your feedback in the new Burp Suite API is codenamed "Montoya"
https://portswigger.net/blog/new-burp-suite-api-we-want-your-feedback
#api #burpsuite #portswigger #proxy #security

Hmmm, best way to start from nothing to doing BB. Two years of study need to study for but may not need to pass or take exam Network plus. Doing lots of ctfs that are progressively harder, till you are comfortable. Do #portswigger academy labs all of them, you may skip secc5ions for sqli but you should be confident In technique. Xss depending, but more the better.

You may do BB and portswigger at same time, do one vuln a week then hunt for the vuln for a week. You should Learn it pretty well through repition

@Colin_Mac I just signed up for LetsDefend.io and so far I'm digging that. SOC analyst/Blue Team focused. I did a handful of lessons and then subscribed since they had a 50% off

Other resources I've signed up for but haven't fully explored yet:

PortSwigger, Hack the Box, TryHackMe

#PortSwigger
#HackTheBox
#LetsDefend
#TryHackMe

Finally solved this lab! 🥳
#burpsuite #portswigger #appsec #hacking
https://portswigger.net/web-security/sql-injection/examining-the-database/lab-listing-database-contents-non-oracle

Via, #Malwarebytes: Rubare le #password di #Mastodon (avevo già segnalato un post di #PortSwigger, qualche giorno fa).
Quindi, anche su #Mastodon, attivate #2FA.

https://www.malwarebytes.com/blog/news/2022/11/stealing-mastodon-passwords-from-the-infosec-community-no-less