Listen to this Post
Ivy Owusu’s cybersecurity internship at AmaliTech provided hands-on experience in web app vulnerability testing, API security, OSINT, Linux CLI, CTF challenges, and JWT decoding. Key tools included Burp Suite, SpiderFoot, and TryHackMe.
You Should Know:
1. Web App Vulnerability Testing with Burp Suite
- Intercepting Requests:
Start Burp Suite proxy (default port 8080) java -jar burpsuite_pro.jar
- Scanning for SQLi/XSS:
Use Burp Scanner or manual payloads like:
' OR 1=1-- - <script>alert(1)</script>
2. OSINT with SpiderFoot
- Install & Run:
git clone https://github.com/smicallef/spiderfoot.git cd spiderfoot python3 sf.py -l 127.0.0.1:5001
- Scan a Domain:
python3 sf.py -s example.com -t dns,whois,email
3. Linux CLI for Pentesting
- Network Recon:
nmap -sV -A target.com
- File Analysis:
strings suspicious_file | grep "password"
4. Decoding JWTs
- Manual Decoding (Base64):
echo "JWT_TOKEN_HERE" | awk -F '.' '{print $2}' | base64 -d - Using
jq:jwt decode "JWT_TOKEN_HERE" | jq
5. TryHackMe CTF Commands
- SSH into Machines:
ssh tryhackme@<IP> -p 2222
- Privilege Escalation:
sudo -l Check sudo rights find / -perm -4000 2>/dev/null Find SUID binaries
What Undercode Say:
Cybersecurity internships bridge theory and practice. Mastering tools like Burp Suite and SpiderFoot, combined with Linux commands (nmap, strings, jq), prepares you for real-world threats. Key takeaways:
– Automate scans but verify manually.
– Always document findings (use `tee` to log output).
– Practice CTFs on platforms like TryHackMe or Hack The Box.
Prediction:
As API and web app attacks rise, internships focusing on Burp Suite and OSINT tools will become critical for entry-level roles. Expect more AI-driven penetration testing tools by 2026.
Expected Output:
Example: Logging nmap results nmap -sV -oN scan_results.txt target.com
(No URLs extracted from the original post.)
IT/Security Reporter URL:
Reported By: Ivy Owusu – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
