Scribd
Upload
25 views

BSCP1

Uploaded by

jhsdnck
Copyright
© © All Rights Reserved
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
25 views

BSCP1

Uploaded by

jhsdnck
Copyright
© © All Rights Reserved
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Version Author

3 A3h1nt

2 A3h1nt

1 A3h1nt

Stage - 1 Stage - 2
Authentication Authentication
OAuth OAuth
Access Control Access Control

XSS XSS
CSRF CSRF
CORS CORS
Clickjacking Clickjacking
Web Sockets Web Sockets

Web Cache Poisioning Web Cache Poisioning


Host Header Attacks Host Header Attacks
JWT
HTTP Request Smuggling HTTP Request Smuggling
SQL Injection
Date Commits
11/04/24 Completed All

16/01/24 Updated Checklist with unfinished topics

19/11/23 Initial Draft

Stage - 3

Directory Traversal
SSRF
File Upload Vulnerabilities
OS Command Injection
XXE Injection

Insecure Deserialisation
SSTI
SSRF

SQL Injection
Ignore all the random comments and side notes, make a copy, make it your own.

TIPS
1. Make sure all your extensions are running before you start the exam
2.
3. Run param
If there's miner else,
nothing > guess headers
literally nothing else to find, try Host header injection SSRF to access admin panel :
192.168.0.x or localhost:TBF
4. Dont be in a hurry, read the error output completely.
5. In insecure deserialisation, use cyberchef, always use wget/curl to see if it hits the collaborator, and the
right payload might give `java.io.StreamCorruptedException`
6.There is only one active user per application
7.If SSRF try localhost:6566 ( try first in host or referer header and then move on )
8.
9.You
"SSRFcan use chatGPT to understand the code in case
: stockApi=http://127.1/%25%36%31dmin of DOM
: Here XSS.double encoded character `a` to bypass
we have
validation. "
10. XSS try encoding into HTML, hex or HTMLHex to bypass FW
Important Links
1. Keep it handy 1 https://github.com/botesjuan/Burp-Suite-Certified-Practitioner-Exam-Study?tab=readme-ov-file#reflected-stri
2.Keep it handy 2 https://github.com/DingyShark/BurpSuiteCertifiedPractitioner#insecure-deserialization
3. CyberChef https://gchq.github.io/CyberChef/#recipe=URL_Encode(true)&input=KCk
4. Ruby Compiler For Deserialisation Attack https://onecompiler.com/ruby/428epcnus
5. Hex To Decimal & Vice Versa : HTTP Request Smuggling https://coolconversion.com/math/binary-octal-hexa-decimal/How-t
6. XSS Cheatsheet https://portswigger.net/web-security/cross-site-scripting/cheat-sheet
7. SQL Injection Cheatsheet https://portswigger.net/web-security/sql-injection/cheat-sheet
8. Payload All The Thingshttps://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Template%20
9. Hacktricks XYZhttps://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection
otes, make a copy, make it your own.

t the exam
st header injection SSRF to access admin panel :

et/curl to see if it hits the collaborator, and the


`

der and then move on )


e have double encoded character `a` to bypass

inks
-Practitioner-Exam-Study?tab=readme-ov-file#reflected-string-xss
Practitioner#insecure-deserialization
e(true)&input=KCk
m/ruby/428epcnus
coolconversion.com/math/binary-octal-hexa-decimal/How-to-Convert_hex__5C_in_decimal_%3F
cripting/cheat-sheet
-injection/cheat-sheet
llTheThings/tree/master/Server%20Side%20Template%20Injection
ver-side-template-injection

You might also like