❎
wiki.hackerlab.cz
  • About me
  • Vulnerability Assessment
  • CLOUD PENTESTING
    • AWS
    • Microsoft Azure
  • REST API - Bypasses and Privilege Escalations
  • Web Pentesting
    • LDAP Injection
    • Django ORM Exploitation
    • HTTP Request Smuggling
    • Server Side Template Injection (SSTI)
    • Insecure Deserialization
    • Brute force
    • Shell Fu - Oneliners
    • CORS
    • Special Chars & NULL Bytes
    • XSS
    • XXE
    • Nuclei
    • SQL Injection
    • Blind SQL Injection
    • SQLmap
    • NoSQL Injection
    • CRLF Injection
    • Input Validation - Fuzz1
    • HTTP Headers - X-Forwarded
    • Log4j
    • Enumeration with Wordlists
    • Bug Bounty - Web Recon
    • HTTP Proxy Override
    • CSV Injection
    • Windows Forbidden File Names
    • Path Traversal
    • OS Command Injection
    • Open Redirect
    • JWT Token
    • Burp Extensions - TokenJAR & ATOR
    • Upload RCE
    • GUID and UUIDs
  • Toolset
    • Git - Repo and Tools
    • Docker for Pentesters
  • Infrastructure Pentesting
    • Active Directory (AD)
      • Vulnerable Machines (labs)
      • Pass the hash
      • Azure Active Directory
      • Password Cracking
      • Domain Enumeration
      • LLMNR Poisoning with Responder
      • HTB Forest
      • LDAP
      • WinRM
      • SMB & RPC Enumeration
      • SMB Relay
      • Impacket
      • Bloodhound
      • OWA Exchange Server 2019
      • Active Directory Web Services (ADWS)
      • Active Directory Attacks
    • Mail Server Attacks
    • NFS Enumeration
    • Windows PostExploitation
      • Windows Enumeration
      • Powershell Payloads
      • Add RDP Account & Ride on Meterpreter
    • Dump File Analysis
  • Other Pentest Projects
    • Security Projects
  • WIFI Pentesting
    • Kali Linux - Alpha card AWUS 1900 (VirtualBox)
    • Active Card & Monitor Mode
    • Aircrack-ng Suite
  • Certs
    • Burp Suite Certified Practitioner
  • Linux
    • Network Manager
  • Books
    • The Hacker Playbook 3
Powered by GitBook
On this page
  • Pentest Arsenal
  • All labs
  • Username list
  • Password list
  • SQL Injection Cheat sheet
  • XSS Cheat sheet
  • Obfuscation techniques
  • Software
  • Exam Review - Tips & Tricks

Was this helpful?

  1. Certs

Burp Suite Certified Practitioner

Tips & tricks, a long journey

PreviousCertsNextNetwork Manager

Last updated 8 months ago

Was this helpful?

How to prepare

Make sure you did not miss these labs

Take notes, from all labs, for example in cherrytree to quickly repeat learned attacks

Mystery Challenges - Sharp your pentest skills

Test your speed and improve your methodology

Example Practice Exam

Read Exam hints

Pentest Arsenal

Labs cheet sheets, wordlists and tools. All you need in your pentest deck.

All labs

Remember you can seek out exploitation steps when you are lost

Username list

Password list

SQL Injection Cheat sheet

XSS Cheat sheet

Obfuscation techniques

Software

ysoserializer

wget 
https://github.com/frohoff/ysoserial/releases/latest/download/ysoserial-all.jar

HTTP Request smuggler extension

Exam Review - Tips & Tricks

Exam review from those who passed the exam

https://portswigger.net/web-security/certification/how-to-prepare
https://portswigger.net/web-security/certification/how-to-prepare/practitioner-labs-prep-step-one
https://portswigger.net/web-security/certification/burp-challenge
https://portswigger.net/web-security/certification/practice-exam
https://portswigger.net/web-security/certification/exam-hints-and-guidance
https://portswigger.net/web-security/all-labs
https://portswigger.net/web-security/authentication/auth-lab-usernames
https://portswigger.net/web-security/authentication/auth-lab-passwords
https://portswigger.net/web-security/sql-injection/cheat-sheet
https://portswigger.net/web-security/cross-site-scripting/cheat-sheet
https://portswigger.net/web-security/essential-skills/obfuscating-attacks-using-encodings
LogoBurp Suite Certified Practitioner Exam ReviewMicah Van Deusen’s Blog
LogoHow to get Burp Suite Certified Practitioner without die trying it.LinkedInEditors
LogoGitHub - DingyShark/BurpSuiteCertifiedPractitioner: Ultimate Burp Suite Exam and PortSwigger Labs Guide.GitHub
LogoGitHub - botesjuan/Burp-Suite-Certified-Practitioner-Exam-Study: Burp Suite Certified Practitioner Exam StudyGitHub
LogoBurp Suite Certified Practitioner Exam – Review | I'm Gaurav NarwaniI'm Gaurav Narwani | Security Researcher | Bug Bounty Hunter