Read on Twitter
Here's a long thread complementing my interview with @NahamSec. Feel free to skip it...
First, of course, a link to the interview
Books I cherised in the early days: "Building Internet Firewalls" and "The Web Application Hacker's Handbook"
What I consider a very good talk: Unicode research by @h3xstream at @northsec_io 2020 https://gosecure.github.io/presentations/2020-05-unicode-northsec/unicode_v3_northsec.pdf
English-speaking video of my 2015 talk on SSRF (the one which changed Naffy's view on hacking):
And a French version of the same talk (with more jokes!!), given at @hackfest_ca
How to select a subject: try dozens of them (for example on @WebSecAcademy labs) and keep the ones that really got you intellectually excited
How to reach the (public) "state of the art": select a subject, read/watch all the good stuff on it, replicate at home, then battle-test your skills on real targets
How to find innovative stuff: reach the state of the art and continue exploring (possibly because known techniques don't work on your targets), either in depth or in width
Cf @NahamSec and @daeken research on PDF generators https://docs.google.com/presentation/d/1JdIjHHPsFSgLbaJcHmMkE904jmwPM4xdhEuwhy2ebvo/edit
Another example with @orange_8361 research on abusing URL parsers https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf
One of my first workshop on Burp Suite (2013 - in French - image quality is awful)
My lastest blog post on Burp Suite: how to deal with CSRF tokens in Intruder, without macros https://www.agarri.fr/blog/archives/2020/01/13/intruder_and_csrf-protected_form_without_macros/index.html
An older blog entry, where I exploit a blind XSS with only Burp Suite https://www.agarri.fr/blog/archives/2017/04/04/exploiting_a_blind_xss_using_burp_suite/index.html
Last one: exploiting WPAD with Burp Suite and a custom extension, for example during internal pentests https://www.agarri.fr/blog/archives/2013/10/22/exploiting_wpad_with_burp_suite_and_the_http_injector_extension/index.html
Burp Suite extensions I recommend (in no specific order): AutoRepeater, Content Type Converter, Param Miner, Request Minimizer, Backslash Powered Scanner, ActiveScan++, Taborator, Paramalyzer, Upload Scanner, Hackvertor, Piper, Request Timer, Logger++, Add Custom Header
One way to optimize your Burp Suite workflow: learn keyboard shortcuts and combine them (any idea what Ctrl-R + Ctrl-Shift-R + Control-Space will do?)
A second way, shortening feedback loops: use macros and session handling rules to automate common scenarios, like injecting in page A and looking at the response of page B
Knowing how to program is super useful. Here's a basic Bash script, used to download videos from Twitter https://gist.github.com/ngregoire/43891d80fde3c6cbb1a52a5a6468fe41
My favorite French expression is "La putain de sa mère !"
One single advice for newcomers and future hackers: you have only one reputation. Take care of it, that will maximize your opportunities.
Recent example: long-read on @MalwareTechBlog at Wired https://www.wired.com/story/confessions-marcus-hutchins-hacker-who-saved-the-internet/
I'll give an online Burp Suite Pro training in early August, with my great assistant @AbyXss https://ringzer0.training/mastering-burp-suite-pro.html
My "HTTP Traceroute" tool and research from 2011 (apparently still useful, according to the stream's chat) https://www.agarri.fr/blog/archives/2011/11/12/traceroute-like_http_scanner/index.html
Quoting myself: "In order to do new research, you don't need a new subject!"
That's all folks! #TheEnd
