on daily habits, been reading on Kindle for a while now.

My favorite Burp extensions and how I use them.

Bug Bounty Reports Explained #pentesting #appsec #cybersecurity

youtube.com/watch?v=P-8Qg5…

What type of bug bounty program is the one you like most? Tell me why you made that choice.

Me: I used to prefer * scopes and would do lots of recon. But it's been a year since I started focusing on single targets (apps).

Instead of going wide and shallow, I prefer going…

grok might be interesting...

Thanks InfoSec Community for the feature!

Have you heard?

Intigriti released a tool to check for misconfigurations! And it's open source!

#pentesting #appsec #bugbounty #cybersecurity

youtube.com/watch?v=YXxKTb…

This new Burp feature is really useful and interesting :)

#pentesting #appsec #cybersecurity #infosec

Let's test this out :) #chatgpt4

Also, did anyone find out the hard limit of replies per hour, is it unlimited since they've removed the 30 replies per 3 hours?

Common places to find SQLi:

- login forms, search bars, URL params, cookies, HTTP headers, and other inputs. These are just a few.

In what other places have you found SQLi?

#pentesting #appsec #cybersecurity #infosec

I can see this often in cybersec fellows. A good amount of privacy concerns is healthy, but some people take it to the next level.

Here are some of the most important flags I use with feroxbuster. You can probably do something similar with your favorite buster:

1. I filter out status codes: 301,302,404,500. Sometimes 300s and 500s can lead to something, but for me, most often than not, haven't.

2. I have…

Can you count the number of times I say 'burp' in this video?

#pentesting #appsec #cybersecurity

youtu.be/K78hNM6m3Jw

How I escalated to admin through an import feature. The writeup is up.

#pentesting #appsec #cybersecurity #infosec

cristivlad.medium.com/privilege-esca…

In a recent pentest, I found an unusual privilege escalation (from low user to admin) through an import feature. Write-up soon.

#pentesting #appsec #cybersecurity #infosec

Here's my Autorize configuration, as some of you asked for it. It's quite simple:

1. I uncheck 'Ignore 304/204' because these often leverage good results.

2. Alongside the default interception filters, I add 2 more to minimize noise:

- Scope items only
- Ignore…

What are your top tools for web app pentesting?

Mine are:
1. Burp Suite (couldn't imagine life without it).
2. Feroxbuster (my buster of choice).
3. Gau (I use it infrequently).

#pentesting #appsec #infosec #cybersecurity

The best ideas I ever had came into my mind while walking, brushing my teeth, taking a shower, or taking a dump.

I'm not sure why but there's probably a neuroscience explanation.

What's a Burp Suite feature you've never quite mastered and why?

Me: Turbo Intruder, mostly because I never spent too much time on it.

#pentesting #appsec #cybersecurity #bugbounty

What's your experience with Burp for helping you find SQLi?

I always found SQLi manually, but I think that some sort of automation/extension could help me cover more ground.

Please share so that others and myself can learn.

#pentesting #appsec #cybersecurity #bugbounty

If you were to switch careers from cybersecurity, what would you go for and why?

Me: I would dive deep into AI systems and alignment. I do this to a very small extent currently.

#cybersecurity #infosec #appsec #pentesting