π·π΄ cristi
@CristiVlad25
ID:2188880010
11-11-2013 19:12:27
10,9K Tweets
38,2K Followers
151 Following
My favorite Burp extensions and how I use them.
Bug Bounty Reports Explained #pentesting #appsec #cybersecurity
youtube.com/watch?v=P-8Qg5β¦
Have you heard?
Intigriti released a tool to check for misconfigurations! And it's open source!
#pentesting #appsec #bugbounty #cybersecurity
youtube.com/watch?v=YXxKTbβ¦
This new Burp feature is really useful and interesting :)
#pentesting #appsec #cybersecurity #infosec
Common places to find SQLi:
- login forms, search bars, URL params, cookies, HTTP headers, and other inputs. These are just a few.
In what other places have you found SQLi?
#pentesting #appsec #cybersecurity #infosec
Can you count the number of times I say 'burp' in this video?
#pentesting #appsec #cybersecurity
youtu.be/K78hNM6m3Jw
How I escalated to admin through an import feature. The writeup is up.
#pentesting #appsec #cybersecurity #infosec
cristivlad.medium.com/privilege-escaβ¦
In a recent pentest, I found an unusual privilege escalation (from low user to admin) through an import feature. Write-up soon.
#pentesting #appsec #cybersecurity #infosec
What are your top tools for web app pentesting?
Mine are:
1. Burp Suite (couldn't imagine life without it).
2. Feroxbuster (my buster of choice).
3. Gau (I use it infrequently).
#pentesting #appsec #infosec #cybersecurity
What's a Burp Suite feature you've never quite mastered and why?
Me: Turbo Intruder, mostly because I never spent too much time on it.
#pentesting #appsec #cybersecurity #bugbounty
What's your experience with Burp for helping you find SQLi?
I always found SQLi manually, but I think that some sort of automation/extension could help me cover more ground.
Please share so that others and myself can learn.
#pentesting #appsec #cybersecurity #bugbounty
If you were to switch careers from cybersecurity, what would you go for and why?
Me: I would dive deep into AI systems and alignment. I do this to a very small extent currently.
#cybersecurity #infosec #appsec #pentesting