For December we have asked that Logan Diomedi return and give us an in-depth dive into Burp Suite. As you may remember Logan gave us a quick overview of Burp Suite back in February and many of you requested more so here it is.
Logan Diomedi and Burp Suite, Part 2, Pro Edition
Burp Suite is one of the many free tools available in Kali Linux. Burp Suite allows anyone to test and verify their web applications using various techniques from initial mapping and analysis of an application’s attack surface, to finding and exploiting security vulnerabilities. In this meeting Logan will show us how he uses Burp Suite in his “Red Teaming” pen tests and how you can use the tool to test your own websites.
December 10th @ 5:30pm; This will be a virtual meeting
Logan Diomedi is a 24-year-old Roanoke native and has been in the Information Security world since his early teens. He currently works as a penetration tester for an offensive information-security firm known as Depth Security, where he performs network, application-based, social engineering, and physical penetration testing. Logan is a Capture-the-Flag & HackTheBox regular, and regularly performs infosec-related research in his spare time. Logan has been a RISE attendee for almost 2 years now and has a passion to bring knowledge and resources to the greater Roanoke information security community.
If you missed our February meeting, catch the replay here! Logan Diomedi’s Introduction to Burp Suite is now on the RISE YouTube channel. Special thanks to ABS Technology / ePlus for hosting this event!
We ran into a few issues with flight delays and technology – unfortunately our streaming and recording failed to save audio for this event so we do not have a video available. But RISE attendees pulled together to make this a great interactive meeting covering Hack the Box. If you weren’t able to make the event, keep reading for notes from the demonstrations. Special thanks to R&K Solutions for hosting this event.
One of the most asked about topics at RISE meetings is “How do I become a Red Teamer?” or “What skills do I need for penetration testing?” As the “opposition force” of IT security, Red Teams have long held the most visible and alluring jobs in the realm of InfoSec. Shrouded in mystery they are known for their advanced skills that can penetrate even the most diligent of defenses. The role requires a breadth of IT system and application knowledge but also depth in several areas to understand fundamentals of operation and how to thwart them. This sometimes poses a barrier to entry to the new InfoSec professional uncertain about how to approach the myriad skills needed for success in the role.