Des participants à une campagne de Bug Bounty ont remporté une prime avec le soutien de ChatGPT. Ils ont ainsi montré que l’IA générative peut être utile aux hackers éthiques.

Hi, my name is Alex, I’ve been an IT security professional since 2007 and I’ve recently entered the start-up world with my project bughuntr.io. In putting together this project, security has been a primary concern for me. This is both due to my background…

Atlassian ran a project on Bugcrowd looking for bugs in their proposed implementation of Kata Containers within the BitBucket Pipelines CI/CD environment. Whilst participating in this project, I identified a vulnerability in Kata Containers which could allow…

If you're reading this, it's a blog post that's not my regular write-up but more of an investigation and a hypothesis on the anatomy of a scam. I also put it together to raise awareness for those who read my blog and who might not be overtly technical-focused.

Hello Everyone,

This a short blog post to announce I have finally published my second book after several years of work. I have spent nearly five writing it; like my first one, it follows the path of getting into and progressing in the industry, while LTR101…

BYODC or bring your own domain controller is a post-exploitation technique and another option for performing a DCSync in a more opsec safe manner.

Attack paths and compromising systems are something we, as attackers, thrive in. Many areas of system weakness can be attacked and leveraged to gain a foothold or an upper hand within an environment.

tl;dr We have released BSEEPT - Burp Suite Enterprise Edition Power Tools which: Is a command line tool to drive all aspects of the BSEE GraphQL API. Is a Python client library to allow you to easily

We recently published some research on server-side prototype pollution where we went into detail on techniques for detecting this vulnerability black-box. To make your life easier, we've integrated th

The roadmap shown here is out of date. Please see our July 2023 roadmap update. Believe it or not, it's January once again. And this can mean only one thing - it's time to update you on the changes we

We launched the Burp Suite Certified Practitioner (BSCP) certification at the end of 2021 due to growing demand from Burp Suite Professional customers. Spanning everything from classic vulnerability c

It's been two years since we unleashed browser powered scanning on the world, and we decided what better way to celebrate than to start again from scratch! It started out as a task, how did it end up

If you follow the Burp Suite roadmap, then you'll know that we're working on a complete rewrite of the "Wiener" API used in Burp Suite Professional and Burp Suite Community Edition. The new API is cod

We recently launched the Burp challenge, to give our customers a unique opportunity to demonstrate their skills with Burp Suite Professional. Not only that, but the challenges involved put your web vu