Mastering Burp Suite Pro, 100% hands-on

"This is not a book about astronomy; rather, this is a book about telescopes" - PoC||GTFO Volume II

Cloud workstations

Students are provided, for the duration of the training, with their own dedicated Cloud-hosted workstation. These workstations are configured for remote access (SSH + VNC) and run the latest version of Burp Suite Pro (using a temporary license) along additional tools (like AutoChrome and sqlmap).


Every trainee goes through the main set, composed of nearly 100 challenges. Plenty of additional ones are available, depending on your speed, taste, skills and professional needs. No way to get bored!

Among the challenges available on our CTF platform: complex brute-force, data extraction, support of custom formats, automatic management of anti-CSRF tokens, WebSockets, weak cryptography, webhooks, NoSQL injections, authorizations bugs, aggressive disconnection, JWT-authenticated APIs, arbitrary Java deserialization, blind stored XSS, instrumented Java applications, strict workflows, etc.

Run your own instance

The challenges are hosted in a Docker infrastructure which is made available to all trainees right after the training session.

It’s super easy to use: install Docker Compose, clone a private Git repository, run a few commands and enjoy your local copy of the challenges (one year of updates included).

Video and text interactions

Live sessions are streamed over Zoom, with a private Discord server acting as a companion tool. We recommend using the Discord and Zoom clients, as they provide more features than the corresponding Web apps.

Questions may be asked during the stream (as specific time intervals) and over Discord (at any time). Debugging is usually done over Discord (text and screenshots), with direct VNC access to students’ workstations also being an option.