This is fantastic content, I really appreciate how concise your videos are. One thing that I think would be very helpful would be a suggestion on where in one's learning path each certification fits. For example. if I wanted to study toward OSEE, what order should I complete the OffSec training to make the process smooth and sequential. Where would things like CPTS, CBBH, and BSCP best fit on that path?
Nice video, learned the capabilities of burp suite👍 I would also suggest briefly explaining the tools, e.x. sqlmap with its parameters. It would be easier to follow the walkthrough ;)
You made so quick, How long your doing Pen tester brother? Anyway i didn't understand the 3rd part of the lab as you have managed the cookie go and back , but that's my unexperience in when understand what to do with the cookie's session. Good job !!
That was amazing! I've just started portswigger and feel like a fish out of water. How long has it taken to get to your level? That was so impressive to this noob.
Hi there, can you suggest please: what is the best way to make notes for preparation to Burp Suite exam or CPTS(htb academy)? I write down my notes in Obsidian app, the trouble is I can't define what should be there. 6 months ago when I was trying to prepare myself to Burp certification I was literally copying the whole explanation pages from burp academy.... and as a result quite =( Should notes look like commands and short explanations, or something more? In my previous notes was a ton of theory, and it was almost unusable in practice exam or any practical stuff. Thank in advance.
Hi, my notes are basically just the specific commands that I need to run to exploit/identify something. Occasionally I'll chuck in a very brief explanation. I don't think copy-pasting explanations will do much good, since it's not necessarily clear you understand the text then, so I'd suggest at least reading and then trying to write it down in your own words.
When i click view exploit the xss payload is working and i can get the session in my acces log but when it comes to deliver to victim i dont receive their session finally i have added the payload into location then it worked
I'm gonna copy-paste a message I wrote earlier today answering this same question: The real exam is pretty much just the practice exam but with 2 apps instead of 1. I believe each exam attempt is a randomly generated combination of slightly modified practice challenges. Therefore, I recommend having good notes of all the practice labs, specifically the payloads which worked. Aside from that, time management is crucial since you are only given 4 hours. In my opinion, the vulnerabilities were very obvious since the apps are quite small and similar to the practice challenges. Personally it took me 2 hours to finish everything. Portswigger academy has the 'random challenge' option which you could try out to practice identifying the vulnerability. My last tip for you, is that you should really familiarize yourself with the 'Exploit Server' so you already know how the exploits should be formatted and you don't waste time trying to learn that during the exam.
Hey, this answer helpt me a lot. So I appreciate it. Btw if anyone reads this comment before Jan 2023, you have a free retake until Feb. Check your emails ;)
Hey bro how can i connect with you i just started my role as a junior pentester in training and it feels so overwhelming sometimes the knowledge gap can be something