lanmaster53.com

I recently compared the stats from LinkedIn and X (formerly Twitter) for one of my more popular posts. In the first 24 hours of that post, X accumulated 304 impressions from 8,426 followers, and LinkedIn accumulated 3,117 impressions from 1,861 followers. These are absurdly lopsided numbers that speak to the death of Twitter as a primary source of InfoSec knowledge sharing. I say "Twitter" here because X is clearly not the same platform. I shared these stats with an online community and it triggered a conversation about InfoSec knowledge sharing from both the content creation and consumption perspectives given the current state of social media. I am primarily a content creator, and currently focus exclusively on LinkedIn, but I still do some consuming. Apparently, my consumption approach is unconventional and intrigued some of those involved in the conversation. I thought I would share it here in case anyone else could benefit from it. ... more

With the introduction of PortSwigger Burp BChecks, I immediately became curious to see if the feature would be powerful enough to replace the existing Burp integrated Python interface I use to achieve similar results. The Python solution is a topic I cover in great detail in #PBAT (https://www.practisec.com/training/pbat/). ... more

Not too long ago I shared an interesting article on Twitter titled Prototype Pollution in Python. Not only are the memes great, but it's a fun and engaging read that does a good job of breaking down a complex topic into easy to understand concepts with practical examples. I highly recommend it if you enjoy tinkering with Python. At the bottom of the article the author mentions a couple practical examples for the reader to explore further. One of the examples was "Overwriting Flask web app secret key that's used for session signing." Anything with the word "Flask" in it catches my attention immediately, so I spent a couple of hours exploring this idea. ... more

Failure is hard to swallow. After failing my first attempt at the Burp Suite Certified Practitioner exam, I decided to try the certification exam again... and again... and again. ... more

With Portswigger slashing the price of their Burp Suite Certified Practitioner exam to $9, I couldn't resist buying an attempt and giving it a try. I spent a couple more days preparing and took the certification exam. I didn't get very far in the three hours, completing only a single challenge (step 1 of application 1), but I did learn a little about the environment and wanted to share some of that information with others that may be considering an attempt at becoming a Burp Suite Certified Practitioner. ... more

Portswigger recently announced their Burp Suite Certified Practitioner certification. As a Burp Suite enthusiast and self-proclaimed subject matter expert, I decided to exercise the certification preparation process as a way to sharpen my skills, provide insight to others on the preparation process, and ultimately decide whether or not I would give the certification exam an attempt myself. Below are my takeaways from the process and thoughts I want to share with others that are considering an attempt at becoming a Burp Suite Certified Practitioner. ... more

I recently received an email from a previous student asking a question about API discovery during a no-knowledge test. The question was, "How can one discover API's across an organization's external IP range when the API's are not linked like URLs and can't be crawled using traditional means?" I thought my answer might be useful for others, so I'm documenting it here. ... more