Helping developers, testers, and hackers improve their approach to appsec and find vulnerabilities in their apps and APIs before their adversaries do. Interested to know more? Subscribe to my newsletter below!
The API Hacker's Month in Review - Jan 2023 🐮 🍺
Hey friend 👋,
Holy cow, January moooooooved by us fast! 🐮
Hard to believe it's already February. Time for our month in review. I combined it with this week's newsletter so you didn't get too many emails from me.
Latest Articles
I started 2023 looking at how to improve your approach to API hacking in the new year:
- I gave you a list of online training courses and cyber ranges you can use to improve your API hacking tradecraft.
- I provided you with a list of five simple questions to make your API pentest more successful.
- I released a Step-by-Step Guide to Writing Extensions for API Pentesting in BurpSuite. I even gave you a sample plugin extension that can detect predictable GUIDs that you might be able to exploit.
- I wrote about why you should never trust PoC exploits on GitHub, and gave some advice on how to be safe when executing them.
- I showed you how to use a Flipper Zero to access API source code on IoT devices through its serial UART hardware interface.
This week's article
As 2022 was coming to a close, I saw several people in my circle of influence starting to burn out. I could see and hear the signs of imposter syndrome creeping in. Ya, it's a thing.
Then this month I started seeing it more in the general hacking community. So I decided to write an article to help you learn how to identify and embrace imposter syndrome. I hope it helps.
| READ THE ARTICLE |
If you are struggling and have no one to talk to, hit reply. I'll listen.
Are you at BlueHat this week?
This week I am participating in Microsoft's BlueHat security conference. If you are attending, come up and say hello. Let's grab a coffee or beer. 🍻
I hope to have a few early copies of Adam's latest threat modeling book "Threats: What Every Engineer Should Learn from Star Wars" available. The first person who comes up to me at BlueHat and mentions you read about it in this newsletter gets a copy. If you aren't coming to BlueHat, but are in the Seattle area, you can go to the book launch and signing party tonight (Feb 7th) at Ada's Technical Books.
May the source be with you, 💫
Dana
You're reading the API Hacker's Inner Circle Newsletter created by Dana Epp (he/him).
🧠 I help teach developers, testers, and hackers how to improve their API hacking tradecraft. Thanks for reading. 🙏
⏩ Enjoy the newsletter? Please forward this to a friend who would find these articles and insights useful!
👋 Did a pal share this with you? Sign up for your own copy here. I send out the newsletter every Tuesday.
😈 The API Hacker Inner Circle
Helping developers, testers, and hackers improve their approach to appsec and find vulnerabilities in their apps and APIs before their adversaries do. Interested to know more? Subscribe to my newsletter below!
Hey friend 👋, WTF, where did June go? I swear I blinked, and it was gone. Apologies for this newsletter not arriving yesterday. It was Canada Day, and I was out being loud and proud. (Sorry... couldn't resist. 🇨🇦) In all honesty, I was sitting quietly eating cookies and catching up on some reading. And not some funky flavour of Oreos (albeit they have some great Maple Cream Oreos out there), but some patriotic Maple Leaf Peek Freans. IYKYK. Canadians prefer Birthday cookies (or Nanaimo bars...
Hey friend 👋, Wow, did May go by fast. I think these months need to start getting rate-limited so I can actually keep up. I have to admit though, members of the inner circle have kept me going. First, Stephen sent me this... I got a chuckle from that. And then Viktor shared with me a new flavor he came across... WTF? Who would eat that? I'm all for hacking late at night with a plate of cookies, but damn. Silliness aside, the last thing we want is kids seeing that. You just never know these...
Hey friend 👋, April has been a bit intense. Ya, it started with jokers putting toothpaste in our Oreos. 🤢 It ended with some well-deserved R&R on the beaches of the West Coast of Vancouver Island. I can't complain too much; I mean, I was also introduced to Churro Oreos... I can't believe these are a thing... ... and it ended with long walks along the beach... Walking along Cox Bay for a week isn't a bad way to decompress... While I was away, I got to finish reading Pegasus: How a Spy in Your...