ＨｉｄｅＺｅｒｏＯｎｅ

What is the use of Burp Suite? Burp Suite is an integrated platform/graphical tool for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. Burp Suite is installed by default in Kali Linux. The tool is written in Java and developed by PortSwigger Web Security. The tool has three editions: a Community Edition that can be downloaded free of charge, a Professional Edition and an Enterprise Edition that can be purchased after a trial period. The Community edition has significantly reduced functionality. It intends to provide a comprehensive solution for web application security checks. In addition to basic functionality, such as proxy server, scanner and intruder, the tool also contains more advanced options such as a spider, a repeater, a decoder, a comparer, an extender and a sequencer.

Syllabus

Web Application Penetration Testing with Burp Suite

Advanced Web Application Penetration Testing with Burp Suite

Writing Burp Suite Macros and Plugins

Pluralsight: Web Security Testing with Burp Suite

Do you want to level up your cloud penetration testing skills? The attack surface of many organizations has changed to include third-party hosted services such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform. In this training course, hacking concepts will be introduced for each of those services. This training walks through a complete penetration testing methodology of cloud-based infrastructure. Starting with no information other than the company name you will learn to discover what cloud-specific assets your target is using. Following the enumeration of cloud services, you will learn how to discover misconfigurations that commonly expose sensitive data as well as a thorough understanding of how to get an initial foothold into a cloud-based organization.

Antisyphon: Breaching the Cloud w/ Beau Bullock

One of the core disciplines of security is understanding how systems communicate over the Internet. This skill set is crucial to spotting abnormal behavior and attack patterns. In this class, we will go beyond the fundamentals of how IP communicates and dive into the subtle nuances. This will help the student identify anomalous patterns when they occur. Much of this class is spent focusing on the IP, ICMP, UDP, and TCP headers. We will step through each of the fields within each header to ensure that the student understands how the data within that field plays a role in communications. This knowledge is deepened by observing the behavior in packet decodes, some of which are normal traffic while some are common attacks.

Antisyphon: Getting Started in Packet Decoding w/ Chris Brenton

To conduct an advanced attack, you need more than just a collection of simple scripts. In addition to talent, you need a large amount of managed and unmanaged code. The more code and resources that are required to conduct an engagement, the more time we need. Time is something we don’t have a lot of on an engagement. Today, to be an advanced and effective attacker, you need to move fast, and that speed requires a move to a DevOps style of managing infrastructure and code. With cloud resources and APIs to manage these resources, the days of manual setup are long behind us.

Antisyphon: HackerOps w/ Ralph May

Modern Webapp Pentesting is unique in its approach to testing webapps. Too many courses are built around the assumption that a webapp pentester’s skills should grow along a straight line, starting with something like the OWASP Top Ten and culminating in something like Attacking Web Cryptography. Real webapps don’t follow that same path, and neither should real webapp pentesters. Attacking Web Sockets is not more difficult than attacking HTTP traffic, it’s just different. Web APIs are not something you’re qualified to test only after you’ve put your time in on traditional webapps … they’re just different. This course doesn’t worry about where a student falls on the imaginary scale of beginner to expert but instead focuses on finding and exploiting the kinds of issues found in real webapps today, based on the instructor’s many years of ongoing experience in testing … real webapps today.

Antisyphon: Modern WebApp Pentesting w/ BB King