Edu Garcia
673 posts
@egarme
Founder @bountysecurity. CTO at Divisual Project
👉 New on the blog: Programmatic Scanners in the Age of AI Agents Where AI actually fits in vulnerability scanning and where it doesn't. Cost, speed, reproducibility, hallucinations, and why the hybrid model makes sense today. bountysecurity.ai/blogs/news/pro…
Burp Bounty Pro v3.1.0 is out. New: AI Scanner. Sends each request to an LLM with structured context extracted from the response. The AI decides which profiles to launch automatically. A new option alongside Active Scan and Smart Scan, not a replacement.
Monday: the biggest update to Burp Bounty Pro since v3.0.0 → A new scanning option that picks its own targets → Everything else stays exactly the same → Full blog post explaining the thinking behind it bountysecurity.ai/pages/burp-bou…
A single quote returning 500 doesn't prove SQL injection. Could be anything. But single quote → 500, double quote → 200, triple quote → 500? That's a pattern. Multi-step profiles in Burp Bounty Pro let you chain these checks into one scan. Each step: own payload, own match.
🏆 Burp Bounty Lab is now officially listed in the @owasp Vulnerable Web Applications Directory. One week after launch. 🙌 100+ vulnerable endpoints. Free. Open source. 👉 burpbountylab.com 📋 #burp-bounty-lab" target="_blank" rel="nofollow noopener">vwad.owasp.org/app/#burp-boun…
#BugBounty #OWASP #Pentesting🐛 We asked Burp Bounty Pro users: what's your best find? 🔴 Path traversal → server takeover 💀 🔴 SQLi → RCE chain 💉 🔴 Chained SSRF 🌐 🔴 HTTP Request Smuggling 📡 🔴 CVE-2021-41773 in prod 🐛 🔴 £5,000 bounty 💰 Real bugs. Real users. 🔥 Yours? 👇 #BurpBounty
🧠 Smart Scan in Burp Bounty Pro: 👁 Passive profile detects a technology 📋 Rule condition matches 🎯 Active profiles fire automatically WordPress detected? → WP CVE profiles 🔥 SQLi params found? → SQLi payloads only 💉 Spring Boot spotted? → Spring checks ⚡
Burp Bounty Pro 3.0 is here 🚀 The biggest update since launch — built from user feedback. Multi-step scanning, time-based detection, global variables, per-scan performance control, and a rebuilt engine. Here's what's new 🧵👇
🚀 Something big is coming! Introducing Burp Bounty Go, our new web security scanner built in Golang: ✅ Multi-step detection ✅ 10k+ req/sec distributed scans ✅ Minimal resource usage ✅ Integrated blind host Teaser ➡️ youtube.com/watch?v=KxKFMa… Launch: July 21st!
Presentamos a Eduardo Garcia como nuevo ponente confirmado de EuskalHack Security Congress VIII con la charla "GBounty: Advancing Multi-Step Web Vulnerability Scanner" @egarme #ESCVIII #ponentes" target="_blank" rel="nofollow noopener">securitycongress.euskalhack.org/index_es.html#…
🚀 New release of GBounty Profiles v1.4.0!🚀 Multiple improvements across 30+ profiles including enhanced GraphQL, optimized SQLi/XSS/RCE detection, refined Blind vulnerabilities & updated Log4j/SSRF modules. Update now: $ gbounty --update-profiles github.com/BountySecurity…
🚀✨ Proud to sponsor WolvCTF 2025 from @WolvSec ! At @BountySecurity, we believe CTFs & cybersecurity events are key for learning, pushing boundaries & excelling in security. 🔹 Empowering the community 🔹 Fostering practical skills x.com/WolvSec/status…
🚀✨ Proud to sponsor ApoorvCTF 3.0 from @CsyClub_IIITK ! At @BountySecurity, we believe CTFs are key for learning, pushing boundaries & excelling in cybersecurity. 🔹 Empowering the community 🔹 Fostering practical skills
✨ New 𝐁𝐨𝐮𝐧𝐭𝐲 𝐏𝐫𝐨𝐦𝐩𝐭 v1.1.0: AI-powered open source Burp Suite extension now supports 𝐆𝐫𝐨𝐪 𝐂𝐥𝐨𝐮𝐝 AI! It leverages 𝐁𝐮𝐫𝐩 𝐀𝐈 & 𝐆𝐫𝐨𝐪 𝐂𝐥𝐨𝐮𝐝 to speed up security testing with custom prompts, HTTP tags & auto-generated issues. github.com/BountySecurity…
✨ Bounty Prompt: AI-Powered Open Source Burp Suite extension ✨ New blog post is out! Leveraging advanced AI tech via Burp AI, it supercharges your security testing by intelligently analyzing HTTP requests/responses. Read more 👉 bountysecurity.ai/blogs/news/bou…
