Getting Started with Burp Suite & Webapp Pentesting | BB King | 1-Hour
Join us in the Black Hills InfoSec Discord server here: / discord to keep the security conversation going!
Learn modern webapp pentesting with __INSTRUCTOR__ from Antisyphon Training: www.antisyphontraining.com/mo...
0:00:00 - PreShow Banter™
0:29:12 - FEATURE PRESENTATION: Getting Started With Burp Suite
0:32:33 - Initial Setup After install
0:45:25 - A Quick Run-Through Burp Suite
1:22:08 - We Has Questions?
Description: Are you responsible for the security of webapps? Are you curious about how penetration testers are able to find vulnerabilities in them?
Burp Suite is the preferred tool for many webapp pentesters and bug bounty hunters. It's easy to get started in Burp, but not all of its features are easy to find or simple to configure. If you've ever watched someone else use Burp, you've no doubt picked up something useful from them: everyone seems to have their own tricks for getting more out of it.
In this live one-hour Black Hills Information Security (BHIS) webcast, BB King will walk through how he sets up Burp for his own webapp and Web API pentests. Then he'll show the settings, tools, and BApp Store Extensions that help him perform better tests.
If you have any responsibility related to webapps - even if it's not pentesting them - you may find that Burp Suite can help you. If you already use Burp Suite, come see how one of our testers does it and we bet you'll find a thing or two you can take back and use on your next security assessment.
github.com/snoopysecurity/awe...
addons.mozilla.org/en-US/fire...
bitbucket.org/mrbbking/quiete...
portswigger.net/
Burp-Speedrun-Outline
gist.github.com/BBhacKing/59f...
Black Hills Infosec Socials
Twitter: / bhinfosecurity
Mastodon: infosec.exchange/@blackhillsi...
LinkedIn: / antisyphon-training
Discord: / discord
Black Hills Infosec Shirts & Hoodies
spearphish-general-store.mysh...
Black Hills Infosec Services
Active SOC: www.blackhillsinfosec.com/ser...
Penetration Testing: www.blackhillsinfosec.com/ser...
Incident Response: www.blackhillsinfosec.com/ser...
Backdoors & Breaches - Incident Response Card Game
Backdoors & Breaches: www.backdoorsandbreaches.com/
Play B&B Online: play.backdoorsandbreaches.com/
Antisyphon Training
Pay What You Can: www.antisyphontraining.com/pa...
Live Training: www.antisyphontraining.com/co...
On Demand Training: www.antisyphontraining.com/on...
Educational Infosec Content
Black Hills Infosec Blogs: www.blackhillsinfosec.com/blog/
Wild West Hackin' Fest KZread: / wildwesthackinfest
Active Countermeasures KZread: / activecountermeasures
Antisyphon Training KZread: / antisyphontraining
Join us at the annual information security conference in Deadwood, SD (in-person and virtually) - Wild West Hackin' Fest: wildwesthackinfest.com/
#bhis #infosec
Пікірлер: 14
Awesome content
You all came for 31:08. Thank me later.
Fantastic content! I am using Burp for months and I haven't used it the right way :D Please share more videos like this one
amazing work team, keep it up
Love it
Nooooo waaaaaay, even the introduction picture is presented so nicely 👌 😍 with the red trim. Im loving ❤ 💗 💕 everything you guys are putting out. I make my living off of bug bounties at the moment, but its a dream of mine to one day work for Black Hills.
@_DeProgrammer
3 жыл бұрын
Wanna team up and work on some targets together? You can claim the bounty. I just want to do it for a challenge and experience. I like working with others and learning their methodologies and sharing some of mine.
(35:20) - Jython standalone extension allows you to write extension in python. (36:54, 39:12) - Certificate, export Burp cert to your browser you're using for testing (51:28) - Test server configuration, HTTP
Right click or left click?
Hello guys
Where can I sign up , im guessing you do background checks as well. Do you read these comments at all?
@BlackHillsInformationSecurity
3 жыл бұрын
Check the show notes for links. (no, we never read the comments. ;~)
Hi all, where we can find that file from him?
@BlackHillsInformationSecurity
3 жыл бұрын
We have been given a link from the King himself, and will add it to the description > gist.github.com/BBhacKing/59f7db311e528a162b27fca1c7d270fd