7MS #288: I'm BURPing a Lot
1 min read Podcast

7MS #288: I'm BURPing a Lot

Mac High Sierra root bug

Did you hear about this? Basically anybody could log in as user root on your system without a password because...there isn't a password! Read the Twitter thread where I originally read the news here, read about the root account madness here, and then read how the fix broke file sharing here.

BPATTY ROCKS!

I tried to wiki-fy my BPATTY project to make it a bit easier to read, so head to bpatty.rocks and let me know what you think!

I'm BURPing a lot

I can't tell you how fun it has been to get back in the pentesting saddle and hack some Web sites these past few weeks. Here are a few tips/tricks others taught me that have helped me get back in the swing of things:

  • In Burp, state files are being depreciated in favor of project files. Read more here.

  • For BApp extensions, here are a few that help you get the job done:

  • retire.js looks for old/outdated/vulnerable Javascript libraries

  • Software vulnerability scanner helps you find vulnerable software, such as old versions of IIS

  • CO2 has a bunch of tricks up its sleeve - my favorite of which is helping you craft sqlmap commands with the right flags

More on today's show!

You might also like...

Jan
19

7MS #607: How to Succeed in Business Without Really Crying - Part 15

1 min read
Jan
12

7MS #606: Hacking OWASP Juice Shop (2024 edition)

1 min read
Jan
05

7MS #605: Navigating the Demands of Tech Leadership with Amanda Berlin of Blumira

1 min read
Jan
01

7MS #604: A Two Tool Teaser

1 min read
Dec
24

7MS #603: Monitoring Your Tailscale Network with Uptime Kuma

1 min read

Popular tags

Podcast Pentesting interviews blue team diy