BurpGPT

Download
File
H9_BurpGPT.pdf

Dear Readers,

AI is still an important and popular tool, therefore, we have decided to still talk about it, but also to mix it a bit with pentesting. Burp Suite is a pentesting tool used by many professionals and BurpGPT is an extension that allows it to use ChatGPT for pentesting. This is a great mixture of both Pentesting and ChatGPT. Thus, we decided to make that extension the main topic of the magazine. With that explained, we invite you to enjoy this edition’s content!

At the beginning, we decided to talk about Burp Suite and its use in Pentesting. An article from a returning author explains how useful Burp Suite can be in pentesting and how to use it in your work. The next article dives into ChatGPT, especially the threat it can create by being exploited or misused.

We also provided you with an interview! Alexandre Teyar, the creator of BurpGPT agreed to talk with us about his tool, his future plans and the importance of AI in Cybersecurity. After that, you can delve into the world of APIs inside of IoT devices in this two-part article.

This edition is also a premier of Hakin9 Crime Corner, articles about the Dark Web, and the many threats within it. Our author, who is an experienced investigator, explained his work with real life examples! One of a few articles we had to censor.

One of our authors will help you protect yourself from people like him, as he is a pentester who uses social engineering, OSINT and other tools to get information. We will also talk about REDOS, and Google’s new TLDs and their impact on cybersecurity, especially of internet sites. In the last article, you’ll read about Personal Network Security.

Without further ado, grab something cold to drink and enjoy this summer’s edition of the Hakin9 Magazine!


TABLE OF CONTENTS

Penetration Testing with Burp Suite: Enhancing Web Application Security

Opinder Singh

Get a quick introduction to Burp Suite, one of the most popular Pentesting Tools. The article talks about some of its key features including Proxy, Spider, Scanner, Intruder and more!


Cyber Threat with Chat GPT

Manish Mradul

Chat GPT and AI in general keep being interesting topics. The threat that AI can create in cybersecurity is great. One of our authors decided to talk about some cases that happend around the world.


Exclusive Interview with Alexandre Teyar - The creator of BurpGPT

Jacek Stankiewicz

Once you've learned about ChatGPT and Burp Suite let's introduce the main topic! This interview is a informative talk with the creator of a Burp Suite extension called BurpGPT. The extension allows Burp Suite to use AI to help pentesters! 


External Understanding: Dissecting APIs inside of IoT Devices (Part 1 & 2)

Tottaly_Not_A_Haxxer

As the world of IoT evolves, so does the security within this realm, like most fields. One of the more popular brands for being quite hidden from the public is Apple. Despite Apple having their systems compromised hundreds of times, protocols reversed, and source code leaked, they still seem to be much more frustrating to work with due to the limited knowledge of their custom implementations of specific protocols. In this two part article, we will discuss the internals of IoT devices, specifically looking at Apple TV.


Engagin Social Engineering: Extracting Information Through Strategic Interactions

D4KRKR4BB1T47

The Dark Web is an interesting place, our author is a frequent visitor to these parts of the internet. In this article he explains with real life examples how he manages to gather information from criminals through Social Engineering. This article is also part of the newly created Hakin9 Crime Corner.


Protecting Yourself From People Like Me

Chris Horner

As a pentester, part of the author's job is running social engineering exercises. To be successful, he looks for information that can be used to make communication appear more authentic, and can be used to create attack vectors. These are the same tactics a bad actor will use to gain personal information on targets and it’s important to be aware of these tactics to protect ourselves and our loved ones. It’s important to be aware so we can all make calculated choices about what we want to allow to be disclosed that ultimately can affect our lives. Think of it as creating our own personal risk model, if you will.


Regular Expression Denial of Service

Sourish Das

Service uptime and availability is a crucial factor that determines the success of online businesses. In a rapidly evolving world, it is important that transactions remain productive, and they help clients meet their business goals in a timely manner. A downtime in service availability is a form of attack known as Denial of Service. In this article, we will be learning about a specific form of Denial-of-Service attack that can be caused by regular expression malfunctioning. In a Snyk report published in 2019, ReDoS attack has spiked by 143% in Node applications.


Risks and Opportunities: Exploring the Impact of Google's New TLDs

Aarsh Jawa

In its expansion of top-level domains (TLDs), Google Registry has introduced eight new domains, including .dad, .phd, .prof, .esq, .foo, .nexus, .zip, and .mov. These additions aim to cater to various interests such as dads, graduates, tech enthusiasts, and professionals. However, the introduction of the .zip and .mov domains has triggered a lively debate among experts regarding their potential impact on the internet and web security as a whole.


The Issue of Overlooking Personal Network Security and Its Implications

Eric Michalczyk

Technology is an integrated part of society in nearly every aspect of life these days, and this leads to information processed and stored by technology being commonplace. This leads to the issue of how that information is secured. Oftentimes, people believe that their information on their home network is secure, however, they do not do much to protect their home network as they figure that no one would try to hack their home network since they are just one person. However, how much of a potential risk is having an insecure home network when there are so many companies out there with vulnerable networks as well?


Download
File
H9_BurpGPT.pdf

June 9, 2023
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.
What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4

Name(Required)

We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.