Hey friend 👋,
Holy cow, January moooooooved by us fast! 🐮
Hard to believe it's already February. Time for our month in review. I combined it with this week's newsletter so you didn't get too many emails from me.
I started 2023 looking at how to improve your approach to API hacking in the new year:
- I gave you a list of online training courses and cyber ranges you can use to improve your API hacking tradecraft.
- I provided you with a list of five simple questions to make your API pentest more successful.
- I released a Step-by-Step Guide to Writing Extensions for API Pentesting in BurpSuite. I even gave you a sample plugin extension that can detect predictable GUIDs that you might be able to exploit.
- I wrote about why you should never trust PoC exploits on GitHub, and gave some advice on how to be safe when executing them.
- I showed you how to use a Flipper Zero to access API source code on IoT devices through its serial UART hardware interface.
This week's article
As 2022 was coming to a close, I saw several people in my circle of influence starting to burn out. I could see and hear the signs of imposter syndrome creeping in. Ya, it's a thing.
Then this month I started seeing it more in the general hacking community. So I decided to write an article to help you learn how to identify and embrace imposter syndrome. I hope it helps.
|READ THE ARTICLE|
If you are struggling and have no one to talk to, hit reply. I'll listen.
Are you at BlueHat this week?
This week I am participating in Microsoft's BlueHat security conference. If you are attending, come up and say hello. Let's grab a coffee or beer. 🍻
I hope to have a few early copies of Adam's latest threat modeling book "Threats: What Every Engineer Should Learn from Star Wars" available. The first person who comes up to me at BlueHat and mentions you read about it in this newsletter gets a copy. If you aren't coming to BlueHat, but are in the Seattle area, you can go to the book launch and signing party tonight (Feb 7th) at Ada's Technical Books.
May the source be with you, 💫
You're reading the API Hacker's Inner Circle Newsletter created by Dana Epp (he/him).
🧠 I help teach developers, testers, and hackers how to improve their API hacking tradecraft. Thanks for reading. 🙏
⏩ Enjoy the newsletter? Please forward this to a friend who would find these articles and insights useful!
👋 Did a pal share this with you? Sign up for your own copy here. I send out the newsletter every Tuesday.