First, in a large majority of the web pentests, clients want me to focus only on their app and it's features. So, there's no need for subdomain enumeration/bruteforcing or any other large recon tactic.
2. This doesn't mean that I don't use automation. I automate some of the boring and repetitive tasks via bash and python.
3. The majority of my testing is manual, mostly using Burp @PortSwigger, which is an ecosystem in of itself and it helped me find the great chunk of the hundreds of vulns I found in 2022 and 2023 alone.
4. Many of the pentests also involve code review, where most automation falls short. I found and keep finding a lot of gems by manually going through and reading code.
5. When I do network pentesting I use more automation, especially during the initial phase of the assessment, while mobile app pentesting is a combination of both.
6. The same applies to the few private bounties I participate in: some automation initially, more manual thereafter.
Yes, and that's a very solid foundation for all my current recon methods.
7. That said, automation can be very powerful, only when you're using it like no one else does.
If you're using the same tools with the same parameters (subfinder, nuclei, httpx) like everyone else, you should not expect much.
PRO tip: Code your own scripts and templates.
8. I'll probably write more about basic differentiated automation in recon in another thread here or on my blog at cristivlad.substack.com. Stay tuned!
In the past, I criticized Top 1% THM who know close to nothing about the real-world aspects of a pentest.
My point was not understood and I got a lot of hate for it.
1. Again, there's less value in being Top 1% if your experience is purely theoretical.
Yet, you will go way further if you complement your experience (from day-to-day work in cybersecurity) with continuous practice on THM and other platforms (focusing on non-CTFish materials).
2. If you're not working in cybersecurity yet, but you want to, no problem.
Get your daily real-world experience from VDPs (and not paid bounties).
1.ππ» Have you ever wanted to access a remote server as if it were running on your local machine? That's where local port forwarding comes in!
2.π£οΈπ¬ Think of it like a mail forwarding service: just as you'd tell the service to forward your mail to your new address, you can tell SSH to forward traffic from a remote server to your local machine.
Not a paid sponsorship, but I'd love to @HelloPaperspace :) π
For the last 3-4 years, I had a VPS with 16 GB of RAM and 8 CPUs for which I paid $0.16 per hour of usage.
1. A few days ago I said I'd upgrade to a VPS with 30 GB of RAM and 12 CPUs.
Definitely a dramatically huge increase in performance! Still quite cheap at $0.3/h.
My usual monthly usage so far has been 100 hours or less.
2. I use it for cybersecurity research and for machine learning. I'll probably get an A100 in the future, which is about $3 per hour, but it's the best GPU in town. Need to make more money first.
The following technique can be used to bypass AI text detection. Use it for ethical purposes only!π
1. Generate whatever text you want with ChatGPT. Then reply to ChatGPT with the following:
"When it comes to writing content, two factors are crucial, "perplexity" and "burstiness." Perplexity measures the complexity of text. Separately, burstiness compares the variationsπ
of sentences. Humans tend to write with greater burstiness, for example, with some longer or complex sentences alongside shorter ones. AI sentences tend to be more uniform. π
Use these resources (all links in the last tweet):
- Khan Academy - Multivariable Calculus
- Khan Academy - Differential Equations
- Khan Academy - Linear Algebra
- Khan Academy - Statistics Probability