❎
wiki.hackerlab.cz
  • About me
  • Vulnerability Assessment
  • CLOUD PENTESTING
    • AWS
    • Microsoft Azure
  • REST API - Bypasses and Privilege Escalations
  • Web Pentesting
    • LDAP Injection
    • Django ORM Exploitation
    • HTTP Request Smuggling
    • Server Side Template Injection (SSTI)
    • Insecure Deserialization
    • Brute force
    • Shell Fu - Oneliners
    • CORS
    • Special Chars & NULL Bytes
    • XSS
    • XXE
    • Nuclei
    • SQL Injection
    • Blind SQL Injection
    • SQLmap
    • NoSQL Injection
    • CRLF Injection
    • Input Validation - Fuzz1
    • HTTP Headers - X-Forwarded
    • Log4j
    • Enumeration with Wordlists
    • Bug Bounty - Web Recon
    • HTTP Proxy Override
    • CSV Injection
    • Windows Forbidden File Names
    • Path Traversal
    • OS Command Injection
    • Open Redirect
    • JWT Token
    • Burp Extensions - TokenJAR & ATOR
    • Upload RCE
    • GUID and UUIDs
  • Toolset
    • Git - Repo and Tools
    • Docker for Pentesters
  • Infrastructure Pentesting
    • Active Directory (AD)
      • Vulnerable Machines (labs)
      • Pass the hash
      • Azure Active Directory
      • Password Cracking
      • Domain Enumeration
      • LLMNR Poisoning with Responder
      • HTB Forest
      • LDAP
      • WinRM
      • SMB & RPC Enumeration
      • SMB Relay
      • Impacket
      • Bloodhound
      • OWA Exchange Server 2019
      • Active Directory Web Services (ADWS)
      • Active Directory Attacks
    • Mail Server Attacks
    • NFS Enumeration
    • Windows PostExploitation
      • Windows Enumeration
      • Powershell Payloads
      • Add RDP Account & Ride on Meterpreter
    • Dump File Analysis
  • Other Pentest Projects
    • Security Projects
  • WIFI Pentesting
    • Kali Linux - Alpha card AWUS 1900 (VirtualBox)
    • Active Card & Monitor Mode
    • Aircrack-ng Suite
  • Certs
    • Burp Suite Certified Practitioner
  • Linux
    • Network Manager
  • Books
    • The Hacker Playbook 3
Powered by GitBook
On this page
  • Pentest Arsenal
  • All labs
  • Username list
  • Password list
  • SQL Injection Cheat sheet
  • XSS Cheat sheet
  • Obfuscation techniques
  • Software
  • Exam Review - Tips & Tricks

Was this helpful?

  1. Certs

Burp Suite Certified Practitioner

Tips & tricks, a long journey

How to prepare https://portswigger.net/web-security/certification/how-to-prepare

Make sure you did not miss these labs https://portswigger.net/web-security/certification/how-to-prepare/practitioner-labs-prep-step-one

Take notes, from all labs, for example in cherrytree to quickly repeat learned attacks

Mystery Challenges - Sharp your pentest skills

Test your speed and improve your methodology

https://portswigger.net/web-security/certification/burp-challenge

Example Practice Exam https://portswigger.net/web-security/certification/practice-exam

Read Exam hints https://portswigger.net/web-security/certification/exam-hints-and-guidance

Pentest Arsenal

Labs cheet sheets, wordlists and tools. All you need in your pentest deck.

All labs

Remember you can seek out exploitation steps when you are lost

https://portswigger.net/web-security/all-labs

Username list

https://portswigger.net/web-security/authentication/auth-lab-usernames

Password list

https://portswigger.net/web-security/authentication/auth-lab-passwords

SQL Injection Cheat sheet

https://portswigger.net/web-security/sql-injection/cheat-sheet

XSS Cheat sheet

https://portswigger.net/web-security/cross-site-scripting/cheat-sheet

Obfuscation techniques

https://portswigger.net/web-security/essential-skills/obfuscating-attacks-using-encodings

Software

ysoserializer

wget 
https://github.com/frohoff/ysoserial/releases/latest/download/ysoserial-all.jar

HTTP Request smuggler extension

Exam Review - Tips & Tricks

Exam review from those who passed the exam

PreviousCertsNextNetwork Manager

Last updated 7 months ago

Was this helpful?

LogoBurp Suite Certified Practitioner Exam ReviewMicah Van Deusen’s Blog
LogoHow to get Burp Suite Certified Practitioner without die trying it.LinkedInEditors
LogoGitHub - DingyShark/BurpSuiteCertifiedPractitioner: Ultimate Burp Suite Exam and PortSwigger Labs Guide.GitHub
LogoGitHub - botesjuan/Burp-Suite-Certified-Practitioner-Exam-Study: Burp Suite Certified Practitioner Exam StudyGitHub
LogoBurp Suite Certified Practitioner Exam – Review | I'm Gaurav NarwaniI'm Gaurav Narwani | Security Researcher | Bug Bounty Hunter