- Sep 12, 2019 Burp Suite Pro real-life tips & tricks: Looking for hidden attack surface and leaked secrets
Burp has some nice export features which (combined with some 3rd party tools) can greatly aid in the process of looking for additional/hidden endpoints and/or hardcoded secrets.
- Sep 9, 2019 Burp Suite Pro real-life tips & tricks: Persistent Access to Collaborator
It was already discussed here. Putting here for quick reference.
- Jul 21, 2019 Burp Suite Pro real-life tips & tricks: Authorization testing
In the past, I found (already quite old - presented in 2013) slide deck Burp Suite Pro real-life tips & tricks authored by Nicolas Grégoire very useful which gave me motivation to constantly look for effciencies in my day to day Burp Suite Pro usage. Since that time Burp has significantly evolved (major milestone - version 2.x was released) and lots of interesting 3rd party extensions were developed.
- May 10, 2019 LES: Linux privilege escalation auditing tool
LES security tool, developed and maintained by Z-Labs is the next generation version of the tool designed to assist the security tester/analyst in looking for critically vulnerable (i.e. locally exploitable) Linux machines during manual red tem/pentest engagement. In this post I will describe how the tool works and how to use it effectively.