Тёмный

Burp Suite Certified Professional (BSCP) Review + Tips/Tricks [Portswigger] 

CryptoCat
Подписаться 34 тыс.
Просмотров 4,4 тыс.
50% 1
ВидеоПоделитьсяСкачатьДобавить в

Burp Suite Certified Professional (BSCP) review, tips/tricks etc. Hopefully this videos will be useful for aspiring bug bounty hunters, security researchers, pentesters, CTF players etc who might be interested in taking the BSCP exam from Portswigger 🙂 #BSCP #BugBounty #EthicalHacking #PenTesting #AppSec #WebSec #InfoSec #OffSec
Considering taking the HackTheBox CPTS course? You can find my full review for it here: • HackTheBox Certified P...
Looking for Portswigger lab walkthroughs? I produce videos for the ‪@intigriti‬ channel: • intigriti Hackademy
↢Social Media↣
Twitter: / _cryptocat
GitHub: github.com/Crypto-Cat/CTF
HackTheBox: app.hackthebox.eu/profile/11897
LinkedIn: / cryptocat
Reddit: / _cryptocat23
RU-vid: / cryptocat23
Twitch: / cryptocat23
↢Portswigger: Burp Suite Certified Professional↣
portswigger.net/web-security/...
portswigger.net/web-security/...
portswigger.net/web-security/...
portswigger.net/web-security/...
↢BSCP Resources↣
How to prepare: portswigger.net/web-security/...
Hints and guidance: portswigger.net/web-security/...
Essential skills (scanner): portswigger.net/web-security/...
Essential skills (obfuscation): portswigger.net/web-security/...
XSS cheatsheet: portswigger.net/web-security/...
SQLi cheatsheet: portswigger.net/web-security/...
Lab cheatsheet 1: github.com/botesjuan/Burp-Sui...
Lab cheatsheet 2: github.com/DingyShark/BurpSui...
BSCP cheatsheet: bscpcheatsheet.gitbook.io/exam
Payloads: github.com/swisskyrepo/Payloa...
HackTricks: book.hacktricks.xyz
↢Chapters↣
0:00 Intro
0:58 BSCP key info
3:03 The exam
5:20 How to prepare
6:39 How to prepare (even more)
8:47 Tips/tricks
11:30 FAQs
15:52 Thoughts/feedback
18:24 Conclusion

Наука

Опубликовано:

 

29 июн 2024

Поделиться:

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист
Посмотреть позже
Комментарии : 27   
@JuanBotes
@JuanBotes 2 месяца назад
congrats \o/ I see my BSCP github Lab cheatsheet 1: noted in your video description, thanks, glad it came up in your research and glad if it helped breaking down the stages
@_CryptoCat
@_CryptoCat 2 месяца назад
It was awesome, thanks! I came across some of my own videos/writeups on a cheatsheet while I was revising, might of been yours. Full learning circle, love to see it 😅
@user-rn9lq8ut1s
@user-rn9lq8ut1s 2 месяца назад
Good timing, bought my Exam Voucher yesterday :D Thanks for the insides.
@_CryptoCat
@_CryptoCat 2 месяца назад
Perfect, good luck! 🤞
@dimsumbots
@dimsumbots 2 месяца назад
Glad to see you’re uploading fairly regularly, I found you binex playlist and man it’s been immensely helpful keep it up man! You do a great job breaking things down and explaining things.
@_CryptoCat
@_CryptoCat 2 месяца назад
Thanks mate! Appreciated 🥰
@AmanuelHaileGiyorgis
@AmanuelHaileGiyorgis 2 месяца назад
That's one valuable piece of info, mate. Thx
@_CryptoCat
@_CryptoCat 2 месяца назад
🙏🥰
@jozsefszabados1183
@jozsefszabados1183 2 месяца назад
Very useful video. Thank you, CryptoCat! 🙏🚩
@_CryptoCat
@_CryptoCat 2 месяца назад
Thank you! Glad you liked it 🥰
@meowpirates
@meowpirates 2 месяца назад
you're my favourite
@_CryptoCat
@_CryptoCat 2 месяца назад
💜
@ismailmatrix1
@ismailmatrix1 2 месяца назад
Thanks for the review. These labs used to load so fast, but now it takes forever to load /my-account, and even times out. Must be the traffic due to this video 😅
@_CryptoCat
@_CryptoCat 2 месяца назад
Hahaha sometimes they are slow for me as well! The worst is when they crash and you can't restart xD
@ismailmatrix1
@ismailmatrix1 2 месяца назад
@@_CryptoCat The exam is fast though right? They give you a private network for the exam, through a VPN or otherwise?
@_CryptoCat
@_CryptoCat 2 месяца назад
@@ismailmatrix1 There's no VPN, it's a similar setup to the practice exams. I didn't notice any performance issues though, they probably take resource allocation more seriously for the exam.
@notknown2117
@notknown2117 Месяц назад
Congrats! I will attempt my first exam soon, but I still struggle with some obfuscation in the practice exams (XSS). I generally feel confident with XSS and XXE, but since I'm really new to the field and don't have much (if any) web development experience, I feel like I'm missing out on some JavaScript and XML built-in functions and syntax that can be used to obfuscate. To my question: Was that a big part of your exams? Do you have some resources that might help with that?
@_CryptoCat
@_CryptoCat Месяц назад
Thank you! Best of luck with the exam 🤞On the obfuscation, portswigger recommend this article for the exam: portswigger.net/web-security/essential-skills/obfuscating-attacks-using-encodings, I'd also recommend reviewing the labs that require obfuscation. I can't say much about the final exam (and both my attempts were different vulns anyway) but the practice exams are a good idea of what to expect - IIRC in those you don't have to deal with obfuscation blindly, e.g. there is some feedback to say something like "attack detected" or you can see some characters/keywords being stripped out, so you know where to focus your obfuscation techniques on, e.g. if there's an indication that some chars are blocked, you could fuzz through the possible chars and make a list of which ones trigger an error and which don't, then try different encodings until you no longer see errors.
@Alex-vi6iz
@Alex-vi6iz Месяц назад
Thanks for the detailed breakdown as usual. If I may one question. Currently working as a network admin and I am looking to get into pentesting. Most people say that it's easier to get into web app pentesting as there is more demand, however should I still pursue network pentesting as it's closer to my background ?
@_CryptoCat
@_CryptoCat 23 дня назад
Thanks mate! Good question, but one only you can answer. I don't think you'll have problem finding work in either field, if you are good at what you do. The most skilled people are generally those who are passionate about the subject, so if you feel more interested in web then don't worry if you won't put your networking experience to best use (I say "best", because even if you move to web, the network pentesting experience will be helpful). On the other hand, if you feel more passionate about networking, don't switch to web just because there might be more work/money. TLDR; work hard on what you enjoy and the work/money will follow. Besides, many pentesting jobs involve a mix of these topics. One client might request a website pentest, another a network, another a mobile app.. or maybe a combination of all 🙂
@Alex-vi6iz
@Alex-vi6iz 23 дня назад
​@@_CryptoCatthanks, really appreciate the input
@xm4nd0
@xm4nd0 4 часа назад
Hello! Thanks for the detailed review. However, I am still not sure whether to go for CBBH or BSCP first. I know BSCP is much cheaper, but since I need Burp Pro to finish all the Academy labs and for the exam, I think it would be necessary to get a 1-year subscription. Would it still be worth it to go first with BSCP instead of CBBH considering that the prices could be similar for both with the Burp Pro subscription + exam voucher cost?
@_CryptoCat
@_CryptoCat 16 минут назад
Hmmmm good question! I haven't done the CBBH exam but I did finish the course. First thing I'll say is they both good, but very different. Portswigger will teach you everything you need to know about web vulns and exploits, but not much about the methodology of hunting. CBBH will go more into things like scope, recon, reporting etc. Personally, I would recommend BSCP first - the labs and material on portswigger are the gold standard IMO, everyone interested in web hacking should complete them. The exam is very fairly priced, but will probably continue to rise as it becomes more established. I know you mention the price of burp but consider you could: a) Use burp pro 1 month trial b) At least get the benefits of having a year of burp pro, e.g. for bug bounty hunting Up to you though, CBBH is also very good!
@antoniorossi9995
@antoniorossi9995 Месяц назад
hi ty for ur tutorial, i see that u shared the completion of the challenge cubebreaker on htb, can u help me with some hint? Iescaped the box and bypassed the check for coordiantes, so now i can move free outside the box, but it seems like that the cube outside don’t have collisions, any help?
@_CryptoCat
@_CryptoCat 23 дня назад
Did you get it solved? You can DM me on discord if needed
@nombreapellido3363
@nombreapellido3363 2 месяца назад
How many times can you take the exam once you have bought the voucher?
@_CryptoCat
@_CryptoCat 2 месяца назад
You get one attempt per exam voucher but I don't think there are any limits on how many times you can take the exam. I read some reports on reddit of people taking the exam ~10 times (it used to be a lot cheaper lol).
Далее
HackTheBox Certified Penetration Testing Specialist (CPTS) - Review + Tips
58:28
HackTheBox Certified Penetration Testing Specialist (CPTS) - Review + Tips
Просмотров 45 тыс.
1: SQL Injection (Union + Blind) - Gin and Juice Shop (Portswigger)
34:06
1: SQL Injection (Union + Blind) - Gin and Juice Shop (Portswigger)
Просмотров 1,9 тыс.
как видит мама vs что происходит на самом деле ( я тебя не буду ругать )
01:00
как видит мама vs что происходит на самом деле ( я тебя не буду ругать )
Просмотров 1,9 млн
TapSwap News: Highlights from the AMA session on TON’s Spaces
03:17
TapSwap News: Highlights from the AMA session on TON’s Spaces
Просмотров 5 млн
Руслан Левиев о мобилизации, наступлении, снарядах для Украины и что случилось на пляже Севастополя
21:42
Руслан Левиев о мобилизации, наступлении, снарядах для Украины и что случилось на пляже Севастополя
Просмотров 164 тыс.
Ummmm We "HAIR" You!
00:59
Ummmm We "HAIR" You!
Просмотров 9 млн
NahamCon CTF 2023: Web Challenge Walkthroughs
26:09
NahamCon CTF 2023: Web Challenge Walkthroughs
Просмотров 11 тыс.
Master Burp Suite Like A Pro In Just 1 Hour
51:29
Master Burp Suite Like A Pro In Just 1 Hour
Просмотров 51 тыс.
EasterBunny - HackTheBox Web Challenge (Easy) Walkthrough
47:00
EasterBunny - HackTheBox Web Challenge (Easy) Walkthrough
Просмотров 124
Teleporting Through Walls with Cheat Engine - "No Way Out" [PicoCTF 2023]
14:54
Teleporting Through Walls with Cheat Engine - "No Way Out" [PicoCTF 2023]
Просмотров 3,3 тыс.
Cross-Site Scripting (XSS) Explained! // How to Bug Bounty
14:43
Cross-Site Scripting (XSS) Explained! // How to Bug Bounty
Просмотров 35 тыс.
Format String Vulnerability - "Floor Mat Store" [INTIGRITI 1337UP LIVE CTF 2023]
18:54
Format String Vulnerability - "Floor Mat Store" [INTIGRITI 1337UP LIVE CTF 2023]
Просмотров 1,5 тыс.
Web Challenges [Space Heroes CTF 2023]
30:17
Web Challenges [Space Heroes CTF 2023]
Просмотров 7 тыс.
Underrated Cyber Security Certs that WILL get you HIRED
12:19
Underrated Cyber Security Certs that WILL get you HIRED
Просмотров 73 тыс.
How to Approach an OSINT Challenge - "Photographs" [INTIGRITI 1337UP LIVE CTF 2023]
8:50
How to Approach an OSINT Challenge - "Photographs" [INTIGRITI 1337UP LIVE CTF 2023]
Просмотров 2,8 тыс.
OSCP Exam Tips: What I Learned From My Experience
28:36
OSCP Exam Tips: What I Learned From My Experience
Просмотров 518
INFINIX GT 20 PRO - ГЕЙМЕРСКИЙ ТЕЛЕФОН С 144ГЦ ЭКРАНОМ!
25:52
INFINIX GT 20 PRO - ГЕЙМЕРСКИЙ ТЕЛЕФОН С 144ГЦ ЭКРАНОМ!
Просмотров 55 тыс.
Gizli Apple Watch Özelliği😱
0:14
Gizli Apple Watch Özelliği😱
Просмотров 4,4 млн
Чем ОТЛИЧАЕТСЯ Lixiang L6 от L7 и L9: Покажу наглядно!
0:44
Чем ОТЛИЧАЕТСЯ Lixiang L6 от L7 и L9: Покажу наглядно!
Просмотров 18 тыс.
Как сфотографировать Закат? #Shorts
0:25
Как сфотографировать Закат? #Shorts
Просмотров 36 тыс.
Simple maintenance. #leddisplay #ledscreen #ledwall #ledmodule #ledinstallation
0:19
Simple maintenance. #leddisplay #ledscreen #ledwall #ledmodule #ledinstallation
Просмотров 4,6 млн
В России ускорили интернет в 1000 раз
0:18
В России ускорили интернет в 1000 раз
Просмотров 415 тыс.
iOS 18 Beta 2 - КРУПНЕЙШЕЕ ОБНОВЛЕНИЕ со времен iOS 17
14:14
iOS 18 Beta 2 - КРУПНЕЙШЕЕ ОБНОВЛЕНИЕ со времен iOS 17
Просмотров 77 тыс.