AI is still an important and popular tool, therefore, we have decided to still talk about it, but also to mix it a bit with pentesting. Burp Suite is a pentesting tool used by many professionals and BurpGPT is an extension that allows it to use ChatGPT for pentesting. This is a great mixture of both Pentesting and ChatGPT. Thus, we decided to make that extension the main topic of the magazine. With that explained, we invite you to enjoy this edition’s content!
At the beginning, we decided to talk about Burp Suite and its use in Pentesting. An article from a returning author explains how useful Burp Suite can be in pentesting and how to use it in your work. The next article dives into ChatGPT, especially the threat it can create by being exploited or misused.
We also provided you with an interview! Alexandre Teyar, the creator of BurpGPT agreed to talk with us about his tool, his future plans and the importance of AI in Cybersecurity. After that, you can delve into the world of APIs inside of IoT devices in this two-part article.
This edition is also a premier of Hakin9 Crime Corner, articles about the Dark Web, and the many threats within it. Our author, who is an experienced investigator, explained his work with real life examples! One of a few articles we had to censor.
One of our authors will help you protect yourself from people like him, as he is a pentester who uses social engineering, OSINT and other tools to get information. We will also talk about REDOS, and Google’s new TLDs and their impact on cybersecurity, especially of internet sites. In the last article, you’ll read about Personal Network Security.
Without further ado, grab something cold to drink and enjoy this summer’s edition of the Hakin9 Magazine!
TABLE OF CONTENTS
Penetration Testing with Burp Suite: Enhancing Web Application Security
Get a quick introduction to Burp Suite, one of the most popular Pentesting Tools. The article talks about some of its key features including Proxy, Spider, Scanner, Intruder and more!
Cyber Threat with Chat GPT
Chat GPT and AI in general keep being interesting topics. The threat that AI can create in cybersecurity is great. One of our authors decided to talk about some cases that happend around the world.
Exclusive Interview with Alexandre Teyar - The creator of BurpGPT
Once you've learned about ChatGPT and Burp Suite let's introduce the main topic! This interview is a informative talk with the creator of a Burp Suite extension called BurpGPT. The extension allows Burp Suite to use AI to help pentesters!
External Understanding: Dissecting APIs inside of IoT Devices (Part 1 & 2)
As the world of IoT evolves, so does the security within this realm, like most fields. One of the more popular brands for being quite hidden from the public is Apple. Despite Apple having their systems compromised hundreds of times, protocols reversed, and source code leaked, they still seem to be much more frustrating to work with due to the limited knowledge of their custom implementations of specific protocols. In this two part article, we will discuss the internals of IoT devices, specifically looking at Apple TV.
Engagin Social Engineering: Extracting Information Through Strategic Interactions
The Dark Web is an interesting place, our author is a frequent visitor to these parts of the internet. In this article he explains with real life examples how he manages to gather information from criminals through Social Engineering. This article is also part of the newly created Hakin9 Crime Corner.
Protecting Yourself From People Like Me
As a pentester, part of the author's job is running social engineering exercises. To be successful, he looks for information that can be used to make communication appear more authentic, and can be used to create attack vectors. These are the same tactics a bad actor will use to gain personal information on targets and it’s important to be aware of these tactics to protect ourselves and our loved ones. It’s important to be aware so we can all make calculated choices about what we want to allow to be disclosed that ultimately can affect our lives. Think of it as creating our own personal risk model, if you will.
Regular Expression Denial of Service
Service uptime and availability is a crucial factor that determines the success of online businesses. In a rapidly evolving world, it is important that transactions remain productive, and they help clients meet their business goals in a timely manner. A downtime in service availability is a form of attack known as Denial of Service. In this article, we will be learning about a specific form of Denial-of-Service attack that can be caused by regular expression malfunctioning. In a Snyk report published in 2019, ReDoS attack has spiked by 143% in Node applications.
Risks and Opportunities: Exploring the Impact of Google's New TLDs
In its expansion of top-level domains (TLDs), Google Registry has introduced eight new domains, including .dad, .phd, .prof, .esq, .foo, .nexus, .zip, and .mov. These additions aim to cater to various interests such as dads, graduates, tech enthusiasts, and professionals. However, the introduction of the .zip and .mov domains has triggered a lively debate among experts regarding their potential impact on the internet and web security as a whole.
The Issue of Overlooking Personal Network Security and Its Implications
Technology is an integrated part of society in nearly every aspect of life these days, and this leads to information processed and stored by technology being commonplace. This leads to the issue of how that information is secured. Oftentimes, people believe that their information on their home network is secure, however, they do not do much to protect their home network as they figure that no one would try to hack their home network since they are just one person. However, how much of a potential risk is having an insecure home network when there are so many companies out there with vulnerable networks as well?