BSCP Review - Burp Suite Certified Practitioner 2023
Complete review of the BSCP (Burp Suite Certified Practitioner) certification from PortSwigger: exam experience, preparation with Web Security Academy, tips and resources to pass.
All Posts
119 articles
JWT Authentication Bypass via Weak Signing Key – PortSwigger Write-Up
Learn to exploit JWT vulnerabilities with weak signing keys in this PortSwigger lab write-up on JWT authentication.
Jun 12, 2023 Juan Antonio González Mena
Kali Linux on Docker
Complete guide to install and manage Kali Linux on Docker. Learn to configure the environment, tunnel traffic through Burp Suite, and manage containers.
Jun 5, 2023 Juan Antonio González Mena
How the DNS Protocol Works
Learn how the DNS protocol works, the types of servers involved in domain resolution, and the most common DNS records used on the internet.
May 29, 2023 Juan Antonio González Mena
JWT authentication bypass via flawed signature verification – PortSwigger Write Up
Walkthrough of the PortSwigger lab on JWT authentication bypass through flawed signature verification, exploring how to exploit servers that accept unsigned tokens with the 'none' algorithm.
May 15, 2023 Juan Antonio González Mena
JWT authentication bypass via unverified signature – PortSwigger Write Up
Walkthrough of the PortSwigger lab on JWT authentication bypass through unverified signatures, explaining how to exploit this vulnerability when the server doesn't properly validate token signatures.
May 1, 2023 Juan Antonio González Mena
How to Patch AmsiScanBuffer to Evade AMSI
Learn how to evade AMSI on Windows by patching the AmsiScanBuffer function, including the use of pinvoke to call native APIs and obfuscation techniques.
Mar 27, 2023 Miguel Ángel Cortés
How to Tunnel and Intercept Android Device Traffic
Learn how to configure Burp Suite to intercept network traffic from an Android device by installing system certificates and configuring the HTTP proxy.
Feb 27, 2023 Pablo Castillo
Unconstrained Delegation - Kerberos
Complete guide on Unconstrained Delegation in Kerberos and Active Directory, including how it works, enumeration, and exploitation techniques to compromise the domain.
Feb 13, 2023 Juan Antonio González Mena