Categories
2022
[Cullinan #34] Add XS-Leaks, Update Git/OAST
![Featured image of post [Cullinan #34] Add XS-Leaks, Update Git/OAST](https://user-images.githubusercontent.com/13212227/138865144-7ecaf630-da1b-40f4-b507-b6c9863a3fe1.jpg)
ZAP Bookmarklet for Speed up
XS-Leaks
PyScript์ Security ๐๐ก
ZAP HTTP Sessions๋ฅผ ํตํด ๊ฐํธํ๊ฒ ์ธ์ ๊ธฐ๋ฐ ํ ์คํ ํ๊ธฐ
[Cullinan #33] Add PP/IDOR/Type Juggling and SAML Injection ๐ช
![Featured image of post [Cullinan #33] Add PP/IDOR/Type Juggling and SAML Injection ๐ช](https://user-images.githubusercontent.com/13212227/103483028-d211b900-4e27-11eb-8af2-0c2cbaed2fd8.jpg)
SAML Injection
Type Juggling (Loose Comparison Bug)
IDOR (Insecure Direct Object Reference)
Go์์ Stdin์ ๋ํ ํ ์คํธ ์ฝ๋ ์์ฑํ๊ธฐ
CSS Transition ๊ธฐ๋ฐ์ ontransitionend XSS
Metasploit ๋ฐ์ดํฐ๋ฅผ Httpx๋ก?
Prototype Pollution
[Cullinan #32] Add SSE and Kiterunner!
Kiterunner
SSE(Server Sent Event)
ZAP HUNT Remix
[Cullinan #31] Add Six, Update Two ๐ชด
Brute Force
Context Technology๋ก ZAP ์ค์บ ์๋ ์ฌ๋ฆฌ๊ธฐ
LaTex Injection
Permissions-Policy ํค๋๋ก ์กฐ๊ธ ๋ ์์ ํ๊ฒ Browser API ์ฌ์ฉํ๊ธฐ
XSHM (Cross Site History Manipulation)
Log Injection
Threat Modeling
Spring4Shell RCE ์ทจ์ฝ์ (CVE-2022-22965)
OAST (Out-of-band Application Security Testing)
ZAP Structural Modifier
Ajax Spidering ์ ๋ธ๋ผ์ฐ์ ์์ง ๋ณ ์ฑ๋ฅ ๋น๊ต ๐
Cullinan
[Cullinan #30] Add ReDOS and Regex Injection
Regex Injection
ReDOS (Regex DOS)
Security Crawl Maze์ ZAP
MyEnv := ZAP+Proxify+Burp
XSS Weakness(JSON XSS) to Valid XSS
[Cullinan #29] Update 3 Pages
Bye๐๐ผ XSS Auditor (X-XSS-Protection)
HAR(HTTP Archive format) ํฌ๋งท๊ณผ ์์ผ๋ก์ ๊ฐ๋ฐ ๊ณํ
System Hardening์ ํผํด RCE๋ฅผ ํ์งํ๊ธฐ ์ํ OOB ๋ฐฉ๋ฒ๋ค
[Cullinan #28] Add RPO and SSJI
Data URI(data:) XSS v2
URL: prefix๋ฅผ ์ด์ฉํ์ฌ Deny-list ๊ธฐ๋ฐ Protocol ๊ฒ์ฆ ์ฐํํ๊ธฐ
Sequential Import Chaining์ ์ด์ฉํ CSS ๊ธฐ๋ฐ ๋ฐ์ดํฐ ํ์ทจ
Server-Side Javascript Injection (SSJI)
Relative Path Overwrite (RPO)
Attack Surface Detector๋ฅผ ์ด์ฉํด ์์ค์ฝ๋์์ Endpoint ์ฐพ๊ธฐ
Golang Logrus์์ Channel hook ๋ง๋ค๊ธฐ
panic: send on closed channel - ์ฑ๋์ ์ ๋ซ์ ๐ต๐ผโโ๏ธ
[Cullinan #27] Improve cullinan and Added more..
Insecure Deserialization
OWASP ZAP
๊ณง Chrome์์ document.domain์ ์ค์ ํ ์ ์์ต๋๋ค โ ๏ธ
ZAP์ ์๋ก์ด Networking Stack
Custom Payloads๋ก ZAP ์ค์บ๋ ๊ฐํ ๐
Paragraph Separator(U+2029) XSS
๊ฐ๋ฐ์๋ง? ์๋ ์ฐ๋ฆฌ๋ ์คํฌ๋์น ํจ๋ ํ์ํด! Boop!
[Cullinan #26] Add XXE (XML External Entity)
ZAP vs Burpsuite in my mind at 2022
XXE (XML External Entity)
Authz0 v1.1 Released ๐
Chrome์์ ์ด์ open ์์ฑ์์ด <details> XSS๊ฐ ๊ฐ๋ฅํฉ๋๋ค.
์๋ Authz0, Authorization ํ ์คํธ๋ฅผ ์ํ ์๋ก์ด ๋๊ตฌ ๐
Zest์ ZAP! ๊ฐ๋ ฅํ ๋ณด์ ํ ์คํธ ๋ฃจํด์ ๋ง๋ค์ด๋ด์ โก๏ธ
[Cullinan #25] ์์ผ๋ก์ ๊ณํ
Vscode์ ์ ์ฉํ Extensions
2021
๋์ ๋ฉ์ธ Weapon ์ด์ผ๊ธฐ โ๏ธ (ZAP and Proxify)
๊ฐ์์ค๋ฝ๊ฒ kubectl not found๊ฐ ๋ฐ์ํ๋ค๋ฉด ๐ซ
Log4 2.17 JDBCAppender RCE(CVE-2021-44832)
ZAP์ ์๋ก์ด Import/Export Addon, ๊ทธ๋ฆฌ๊ณ ๋ฏธ๋์ ๋ํ ๋ํผ์
Web Cache ์ทจ์ฝ์ ๋ค์ ์ค์บ๋ํ์ ๐ญ
Dalfox 2.7 Released ๐
ZAP๊ณผ Burpsuite์์ feedback ์ ๋ณด๋ฅผ ์์งํ์ง ๋ชปํ๋๋ก ์ ํํ๊ธฐ
[Cullinan #24] Add ESI Injection and Update Others
ESI(Edge Side Include) Injection
Private OOB ํ ์คํ ์ ์ํ Self Hosted Interactsh
Log4shell ์ ์ธ๊ณ์ ์ธํฐ๋ท์ด ๋ถํ๊ณ ์์ต๋๋ค ๐ฅ (CVE-2021-44228/CVE-2021-45046/CVE-2021-45105)
์น ํด์ปค๋ฅผ ์ํ Browser Addons
ZAP RootCA๋ฅผ API์ Cli-Arguments๋ก ์ ์ดํ๊ธฐ
DOM XSS? ๊ทธ๋ ๋ค๋ฉด Eval Villain
Go์์ HTTP gzip response ์ฒ๋ฆฌํ๊ธฐ
ZAP Browser์์ Extension ์๊ตฌ ์ ์ฉํ๊ธฐ
ZAP ์คํฌ๋ฆฝํ ์ผ๋ก ๋น ๋ฅด๊ฒ Fake response ๋ง๋ค๊ธฐ
[Cullinan #23] Add SSTI, CSTI and update XSS
Client-Side Template Injection (CSTI)
Server-Side Template Injection (SSTI)
[Cullinan #22] Add Cache Deception and Dependency Confusion
Dependency Confusion
Web Cache Deception
Dalfox 2.6 Released ๐
Hugo aliases์์ noindex๋ก ์ธํ SEO ๋ฌธ์ ํด๊ฒฐํ๊ธฐ
pkg.go.dev์ go ํจํค์ง ์ฆ์ ์ ๋ฐ์ดํธํ๊ธฐ
Kubernetes ingress์์์ 413 ์๋ฌ ํด๊ฒฐ ๋ฐฉ๋ฒ
Solving issue the POST scan in zap-cli not work
Github repo ๋ด Languages ๋ณ๊ฒฝํ๊ธฐ (.gitattributes)
Go์์ ์์ฃผ ํฐ JSON ํ์ผ์ ํธ๋ค๋งํ๊ธฐ
Go์์ http.Request/http.Response๋ฅผ Raw String์ผ๋ก ๋ง๋ค๊ธฐ
[Cullinan #21] Add RFD(Remote File Download)
RFD (Remote File Download)
[Cullinan #20] LDAP Injection, ClickJacking, Cache Poisoning ๊ทธ๋ฆฌ๊ณ ๊ฐ์ ์ฌํญ
Web Cache Poisoning
Click Jacking
History of OWASP TOP 10
LDAP Injection
New technic of HTTP Request Smuggling (chunked extension)
[Cullinan #19] Add SQLi and Cookie Bomb
Cookie Bomb Attack
SQL Injection
Amass + Scripting = ์ต๊ณ ์ ์๋ธ๋๋ฉ์ธ ํ์
ZAP 2.11์ด ๋ฆด๋ฆฌ์ฆ๋์์ต๋๋ค! ๋น ๋ฅด๊ฒ ๋ฆฌ๋ทฐํ์ฃ โก๏ธ
403 forbidden์ ์ฐํํ๋ 4๊ฐ์ง ๋ฐฉ๋ฒ๋ค
Cullinan 18 XST and DOM Clobbering
DOM Clobbering
XST (Cross-Site Tracing)
์ด์ Interact.sh ๊ฐ ZAP OAST์์ ์ง์๋ฉ๋๋ค
ZAP update domains (core and addon)
[Cullinan #17] JWT ์ถ๊ฐ ๋ฐ CSRF ๋ด Bypass Method ์ถ๊ฐ
go executable app, ์ด์ go install๋ก ์ค์นํ์ธ์!
Goreleaser์์ M1, Windows ARM64 ์ง์ํ๊ธฐ
ZAP 2.11 ๋ฏธ๋ฆฌ๋ณด๊ธฐ
JWT (JSON Web Token)
Dalfox 2.5 Released ๐
Asciinema Shortcode in Hugo
Hugo์์ Sitemap-index ์ฌ์ฉํ๊ธฐ(split sitemap)
[Cullinan #16] ZIP-Slip and HPP
HTTP Parameter Pollution (HPP)
Zip Slip
ZAP Script-base Authentication
ZAP์ fuzz-script๋ฅผ ์ด์ฉํด Fuzzing ์คํฌ ์ฌ๋ฆฌ๊ธฐ
[Cullinan #15] Add Open Redirect and Command Injection
![Featured image of post [Cullinan #15] Add Open Redirect and Command Injection](https://user-images.githubusercontent.com/13212227/115985973-29ab7e80-a5e9-11eb-8766-5c0d96997250.jpg)
Command Injection
Open Redirect
OWASP TOP 10 2021 ๋ฆฌ๋ทฐ
[Cullinan #14] Path Traversal and OWASP TOP 10 2021
Path Traversal (Directory traversal)
Authentication Spidering in ZAP
[Cullinan #13] Add CSV Injection and CRLF Injection
CSV Injection
CRLF Injection
Testing Access-Control with ZAP
[Cullinan #12] Add JSON/JSONP Hijacking
JSONP Hijacking
JSON Hijacking
Github action ์ฑ๊ณต ์ ๋ค๋ฅธ action ์คํํ๊ธฐ
ZAP์ ๊ณง ์ถ๊ฐ๋ FileUpload AddOn ์ดํด๋ณด๊ธฐ
Cache Busting๊ณผ ๋ณด์ ํ ์คํ
git subtree๋ฅผ ์ด์ฉํด github pages์ ๋ฐฐํฌํ๊ธฐ
Macos์์ LISTEN ์ค์ธ ํฌํธ์ ํ๋ก์ธ์ค ์ฝ๊ฒ ํ์ธํ๊ธฐ
[Cullinan #11] Add CSRF and SSRF
CSWSH (Cross-Site WebSocket Hijacking)
Hugo Shortcodes
Regular Expression (Regex)
Amass
SQLMap
Hugo Archetypes์ ์ด์ฉํ ๊ธ Template ์ฌ์ฉํ๊ธฐ
Goroutine๊ณผ Sync
ZAP Automation GUI
Html to Markdown in Cli
Utterances์์ ๋๊ธ ์ด๋ํ๊ธฐ
Jekyll์์ Hugo๋ก ์ด์ฌ๊ฐ๊ธฐ (Migration log)
Websocket Connection Smuggling (WCS)
SSRF (Server-Side Request Forgery)
COOP (Cross-Origin-Opener-Policy)
Reverse Tabnabbing
Parallel
Nmap
H2C Smuggling
Git command
XSS (Cross-Site Scripting)
CSRF (Cross-Site Request Forgery)
Axiom
Golang์ nil๊ณผ interface nil์ ์ฌ๋ฏธ์๋ ํน์ง
If you need test Out-of-band on ZAP? Use OAST!
ZAP OAST ๋ฆด๋ฆฌ์ฆ! ์ด์ ZAP์์ Out-Of-Band๊ฐ ๋ ์ฌ์์ง๋๋ค ๐
COOP์ Site Isolation, ์๊ณ ์์ด์ผ ํ ๊ตฌ๊ธ ๋ณด์ ์ ์ฑ ์ ๋ณํ
25 Keywords in Go
go-jwt์ golang-jwt/jwt
Ruby์ Google Indexing API๋ฅผ ์ด์ฉํ์ฌ ์๋์ผ๋ก ์ ๊ทURL ๋ฑ๋กํ๊ธฐ
[Faraday#2] Dispatcher๋ฅผ ์ด์ฉํ Scanning CI
![Featured image of post [Faraday#2] Dispatcher๋ฅผ ์ด์ฉํ Scanning CI](https://user-images.githubusercontent.com/13212227/126073247-e4bdd48e-d34f-47ec-b07f-706eab93ec06.jpg)
[Faraday#1] Penetration testing IDE!
![Featured image of post [Faraday#1] Penetration testing IDE!](https://user-images.githubusercontent.com/13212227/126057694-45ffca37-09db-4ee5-92f3-38944b54818b.jpg)
Github default branch ๋ณ๊ฒฝํ๊ธฐ (master to main)
k8s livenessProbe๋ฅผ ์ด์ฉํ self-healing
ffmpeg๋ฅผ ์ด์ฉํ์ฌ macos์์ ๋์์์ gif๋ก ๋ณํํ๊ธฐ (transcoding)
ZAP OAST ๋ฏธ๋ฆฌ ๊ตฌ๊ฒฝํ๊ธฐ (for OOB)
[Cullinan #10] Update contents and Added Cut Image
![Featured image of post [Cullinan #10] Update contents and Added Cut Image](https://user-images.githubusercontent.com/13212227/125482539-804b126d-0fcd-4450-85ed-48c38269c78d.jpg)
Go์์ ์๋์ผ๋ก ํ ์คํธ ์ฝ๋ ์์ฑํ๊ธฐ(with gotests)
rvm is not a function ์๋ฌ ํด๊ฒฐํ๊ธฐ
[Cullinan #9] Added history of owasp top 10
![Featured image of post [Cullinan #9] Added history of owasp top 10](https://user-images.githubusercontent.com/13212227/124631998-e1e58500-debe-11eb-8d2c-756f538c0c47.jpg)
ZAP Plug-n-Hack์ ์ด์ฉํ DOM/PostMessage ๋ถ์
Cross-origin iframe์์ alert๊ณผ confirm, prompt ์ฌ์ฉ ๋ถ๊ฐ
ZAP Scanning to Swagger Documents
MacOS, Linux์์ ํ์ฌ ์ ํ์ธํ๊ธฐ
Chrome lighthouse๋ฅผ ํตํ ์น ํ์ด์ง ์ฑ๋ฅ ์ธก์
Customize request/response panel in ZAP
DOM Invader, BurpSuite์ DOM-XSS Testing ๋๊ตฌ
ZAP Passive Scan Tags์ Neonmarker ๊ทธ๋ฆฌ๊ณ Highlighter
ZAP์ ์๋ก์ด Report Add-on, 'Report Generation'
PDF ์ํธํ์ User-password ๊ทธ๋ฆฌ๊ณ Owner-password
PDF ํ์ผ Password Crack
ZAP Automation
ZAP Token Generation and Analysis ์ดํด๋ณด๊ธฐ
Bypass host validation with Parameter Pollution
Options rule configuration in ZAP
Dalfox 2.4 release! review with me!
GOPRIVATE์ ํตํด ๊ฐ์ธ/์ฌ์ค ๋๋ฉ์ธ์์ go get ํ๊ธฐ(Gitlab, Github enterprise)
CSS Injection Bypassing Trick (with dashdash and var)
Obsidian, Cool markdown editor
[Phoenix #5] Fixed bug in CSRF Payload Generator
![Featured image of post [Phoenix #5] Fixed bug in CSRF Payload Generator](https://user-images.githubusercontent.com/13212227/119525192-42aa7980-bdb9-11eb-8200-c18349ec2121.jpg)
DCO and Github Sign-off Commit
[Cullinan #8] Update reverse tabnabbing (browser's patched)
![Featured image of post [Cullinan #8] Update reverse tabnabbing (browser's patched)](https://user-images.githubusercontent.com/13212227/93096089-ebf38880-f6de-11ea-8d7f-2f50e34c407a.jpg)
The reverse tabnabbing has weakened more
Rails mimemagic 0.3.5 could not be found ์๋ฌ ํด๊ฒฐ, ๊ทธ ์ด๋ฉด
Import remote JS in IMG tag. for bypass XSS
Secure JWT and Slinding Sessions
OOB Testing with interactsh!
[Cullinan #7] Add terms of security page
Get webpage screenshot with gowitness for CICD
[Learn ML #1] ์ด์ ๋ถํฐ ๋จธ์ ๋ฌ๋(Machine Learning)๋ ๊ณต๋ถํฉ๋๋ค ๐
![Featured image of post [Learn ML #1] ์ด์ ๋ถํฐ ๋จธ์ ๋ฌ๋(Machine Learning)๋ ๊ณต๋ถํฉ๋๋ค ๐](https://user-images.githubusercontent.com/13212227/115988274-ce32be00-a5f3-11eb-810c-ff3fcc92193c.jpg)
RCE with exposed k8s api
[Cullinan #6] Add reverse tabnabbing
![Featured image of post [Cullinan #6] Add reverse tabnabbing](https://user-images.githubusercontent.com/13212227/114058017-0f299380-98ce-11eb-9507-f0717979f200.jpg)
OpenData for bug-bounty
ZAP context based scanning
[Phoenix #4] Fixed bug in session entropy page
![Featured image of post [Phoenix #4] Fixed bug in session entropy page](https://user-images.githubusercontent.com/13212227/112178190-eef6a500-8c3c-11eb-9da2-820de2542126.jpg)
well-known ๋๋ ํ ๋ฆฌ์ securty.txt ๊ทธ๋ฆฌ๊ณ humans.txt
How to set ZAP active scan input vector in daemon mode
[Phoenix #3] Update session entropy page
![Featured image of post [Phoenix #3] Update session entropy page](https://user-images.githubusercontent.com/13212227/104891645-9264d880-59b4-11eb-9c93-81fdf978fd25.jpg)
Make and change default scan policy in ZAP cli interface
ZAP Forced browse ์ Fuzz์์ Sync wordlist ์ฌ์ฉํ๊ธฐ
Openssl๋ง ์ฌ์ฉํ์ฌ ์น ์ฌ์ดํธ์์ ์ง์ํ๋ SSL cipher suite ํ์ ํ๊ธฐ
Bump a go package version
Go flag์์ custom usage ๋ง๋ค๊ธฐ
gee released! tool of stdin to each files and stdout with more
Rails generate ์ ๋ฉ์ถ๋ ๊ฒฝ์ฐ ํด๊ฒฐ ๋ฐฉ๋ฒ
MacOS Atom์์ ์ด๋ชจ์ง ์ฌ์ฉ ๋ถ๊ฐ ๋ฒ๊ทธ ํด๊ฒฐํ๊ธฐ
Semi-automated security testing using Zest script of ZAP
dpkg-deb error paste subprocess was killed by signal ์๋ฌ ํด๊ฒฐํ๊ธฐ
Cli ํ๊ฒฝ์์ ์์ ์ ์ฝ๊ฒ ๊ด๋ฆฌํ์, Pueue!
How to share other device settings in Axiom
[Cullinan #5] Smuggling 3์ข ์ถ๊ฐ(http/ws/h2c)
![Featured image of post [Cullinan #5] Smuggling 3์ข
์ถ๊ฐ(http/ws/h2c)](https://user-images.githubusercontent.com/13212227/93625650-45c8bb00-fa1d-11ea-8596-b1c8f3df557d.jpg)
[Cullinan #4] Tool wiki ์ค git, parallel ์ถ๊ฐ
Git pull/merge ์ถฉ๋ ์ ๊ธฐ๋ณธ ์๋ํฐ ๋ณ๊ฒฝ, ์๋ํฐ ๋์ฐ์ง ์๊ธฐ
[Phoenix #2] Added change note
[Phoenix #1] Phoenix์ gist ๊ธฐ๋ฐ snippets๊ฐ ์ถ๊ฐ
![Featured image of post [Phoenix #1] Phoenix์ gist ๊ธฐ๋ฐ snippets๊ฐ ์ถ๊ฐ](https://user-images.githubusercontent.com/13212227/104891658-97298c80-59b4-11eb-9e8c-1174247a6103.jpg)
ํฐ๋ฏธ๋ ๊ฒฐ๊ณผ์ ์์์ ์ ํ์! GRC
[Cullinan #3] Added Axiom and Nmap Cheatsheet
![Featured image of post [Cullinan #3] Added Axiom and Nmap Cheatsheet](https://user-images.githubusercontent.com/13212227/104816824-e2328b00-5860-11eb-9b88-269f76bad22e.jpg)
HTTP Request Smuggling (HRS)
Autochrome - ๋น ๋ฅด๊ฒ ๋ณด์ ํ ์คํธ์ฉ ์น ๋ธ๋ผ์ฐ์ ํ๊ฒฝ์ ๊ตฌ์ฑํ์!
[Cullinan #2] Added change log
![Featured image of post [Cullinan #2] Added change log](https://user-images.githubusercontent.com/13212227/104103156-e51f0000-52e3-11eb-994f-77e819fd59ee.jpg)
How to applying IntelliJ theme in ZAP
Burp Customizer! Change your burpsuite theme
[Cullinan #1] ์ปฌ๋ฆฌ๋ ํ๋ก์ ํธ ์๊ฐ
Hack the browser extension ๐ (์น ๋ธ๋ผ์ฐ์ ํ์ฅ ๊ธฐ๋ฅ ์ทจ์ฝ์ ์ ๊ฒํ๊ธฐ)
2020
ToCToU๋ฅผ ์ด์ฉํ ๊ฒ์ฆ ๋ก์ง ์ฐํํ๊ธฐ(SSRF/OOB/XXE/ETC)
Pet๊ณผ Gist๋ฅผ ์ด์ฉํ Command snippet ๋๊ธฐํํ๊ธฐ
Security considerations for browser extensions
ZAP 2.10 Released ๐ Quick review
๋ด๊ฐ ์คํ ์์ค ํ๋ก์ ํธ๋ฅผ ์ํด ์ฌ์ฉํ๋ Github actions๊ณผ App
PKA ๊ธฐ๋ฐ ssh ํ๊ฒฝ์์ passphrase๋ฅผ ๋ฌป์ง ์๋๋ก ์ค์ ํ๊ธฐ
Why I Use ZAP
๋ฉํฐ ํด๋ผ์ฐ๋, ๋ณด์์ ๊ด์ ์์ ๋ฐ๋ผ๋ณด๊ธฐ
HTTPie, curl์ ๋์ฒดํ ๋งํ ๊ฐ๋ ฅํ http client
Make cloud base ZAP Scanning Environment Using github-action
Github 2FA ์ธ์ฆ ์ดํ Authentication Error ํด๊ฒฐํ๊ธฐ
Setup a Pentest environment with Axiom
Docker scratch image from a Security perspective
Github page(Jekyll) build speed up!
Building a ZAP Monitoring Environment (Grafana + InfluxDB + Statsd)
Jekyll feed.xml ์ต์ํํ๊ธฐ
workflow_dispatch๋ฅผ ์ด์ฉํ github action ์๋ ํธ๋ฆฌ๊ฑฐ
Docker multi-stage build๋ฅผ ํตํด ์ด๋ฏธ์ง ๊ฒฝ๋ํํ๊ธฐ
Forcing HTTP Redirect XSS
Amass, go deep in the sea with free APIs
์จ๋ฆฌ์ค(Alice)์ ๋ฐฅ(Bob) ๊ทธ๋ฆฌ๊ณ ์บ๋กค(Carol), ์ด๋ฆ์ ์๋ฏธ๋?
Use proxy in macos and pulse (with psproxy, for ZAP/Burp)
HTTP/2 H2C Smuggling
Future of the WebHackersWaepons
Scanning multiple targets in ZAP
CI for Automatic recon
Docker images and running commands of vulnerable web
Transient events for XSS(sendBeacon?!)
Jekyll์ Utterances ๋๊ธ ์ ์ฉํ๊ธฐ
Atom setting for jekyll(github.io page)
How to add custom header in ZAP and zap-cli
NMAP CheatSheet
Observe new subdomain using findomain + monitor flag (์ง์์ ์ผ๋ก ์๋ธ๋๋ฉ์ธ ๋ชจ๋ํฐ๋งํ๊ธฐ)
pet and hack-pet. managing command snippets for security testing
One custom certificate, Using all tools and your devices (for bug bounty/pentesting)
Bypassing string base XSS protection with Optional chaining
E-mail ํฌ๋งท์ ์ด์ฉํ ์ฌ๋ฌ๊ฐ์ง Exploiting ๊ธฐ๋ฒ๋ค (You've got email pwned korean review)
Setup bugbounty hunting env on termux :D
golang ์ดํ๋ฆฌ์ผ์ด์ self update ์ ์ฉํ๊ธฐ(github latest version ๊ธฐ๋ฐ)
Vulnerability of postMessage and postMesasge-tracker browser extension
Find reflected parameter on ZAP for XSS!
How to use DalFox's Fun Options (if found notify , custom grepping)
Go net/http์์ tls: no renegotiation error ํด๊ฒฐํ๊ธฐ
New my XSS scanning tool "DalFox" :D
How to import external spidering output to Burpsuite or ZAP
Asciinema ์์์ GIF๋ก ๋ณํํ๊ธฐ(How to convert asciinema to gif)
Recon using fzf and other tools. for bugbounty
How to solv "argument list too long: grep" error using grep
MacOS ์ธ๋ถ๋ชจ๋ํฐ ์ฐ๊ฒฐ ์ ์์ ๋ฌธ์ (๋ณด๋ผ์ํ๋ฉด?) ํด๊ฒฐ๋ฐฉ๋ฒ / Display Profile RGB ๋ชจ๋ ๊ฐ์ ์ค์
Ways to XSS without parentheses
Find S3 bucket takeover , S3 Misconfiguration using pipelining(s3reverse/meg/gf/s3scanner)
Recon with waybackmachine. For BugBounty!
Using the Flat Darcula theme(dark mode) in ZAP!!
Find testing point using tomnomnom's tool, for bugbounty!
XSpear 1.4 Released! Find XSS! (Supported HTML report now!)
First new XSS Payload of 2020(svg animate, onpointerrawupdate)
BurpSuite 2020.01 Release Review, Change HTTP Message Editor!
Metasploit์ ๋ชฉ์๋ฆฌ๊ฐ ๊ถ๊ธํ๋ค๋ฉด sounds ํ๋ฌ๊ทธ์ธ!
Metasploit์์ Database connection์ด ์์ฃผ ๋๊ธด๋ค๋ฉด?
Write Metasploit Module in Golang
theme-color๋ฅผ ์ด์ฉํ์ฌ ๋ชจ๋ฐ์ผ ํฌ๋กฌ ๋ธ๋ผ์ฐ์ ์์ toolbar ์์ญ ์์ ๋ฐ๊พธ๊ธฐ
Blogger์์ ์ฌ๊ทํจ์๋ฅผ ํตํด ์ ์ฒด ๊ธ ๋ฆฌ์คํธ ์ป์ด์ค๊ธฐ(for Archive page , JSONP API)
How to find important information in github(with gitrob)
SameSite=Lax๊ฐ Default๋ก? SameSite Cookie์ ๋ํด ์ ํํ๊ฒ ์์๋ณด๊ธฐ
JSON Hijacking, SOP Bypass Technic with Cache-Control
Stepper! Evolution repeater on Burp suite
Three my goals for 2020
2019
XSpear 1.3 version released!
BurpSuite์์ Request ์ ๋ณด๋ฅผ ํฌํจํ์ฌ CLI ์ฑ ์คํํ๊ธฐ)
Test with GoBuster! (Powerful bruteforcing tool of golang)
Terminal์์์ golang ๊ฐ๋ฐ์ ์ํ vim-go ์ธํ ํ๊ธฐ
Burp Beautifier - Beautifying JSON/JS/HTML/XML In Burp Suite
๋งฅOS์ ๊ธฐ๋ณธ VNC Client ์ฌ์ฉํ๊ธฐ
Update golang 1.10 to 1.13 with update-golang(subfinder install error fix)
nq๋ฅผ ์ด์ฉํ command line queueing
Arachni scanner์์ Webhook์ผ๋ก Slack ์ฐ๋ํ๊ธฐ(Send msg to slack when arachni scan is complete)
How to find End-point URL in Javascript with LinkFinder
Easy command for find iOS Application directory on Jailed Device
MacOS์์ ํฐ๋ฏธ๋์ฑ์ด ์ฐจ๋จ๋ ๊ฒฝ์ฐ (Gatekeeper disable ํ๊ธฐ)
Two easy ways to get a list of scopes from a hackerone
Fixing a pip3 crash error after a Mac Catalina update
Check logic vulnerability point using GET/HEAD in Ruby on Rails
[๋ฃจ๋น์์ Go๋ก ๋์ด๊ฐ๊ธฐ] Revel์ ์ด์ฉํด MVC ์น ๊ตฌ์ฑํ๊ธฐ
![Featured image of post [๋ฃจ๋น์์ Go๋ก ๋์ด๊ฐ๊ธฐ] Revel์ ์ด์ฉํด MVC ์น ๊ตฌ์ฑํ๊ธฐ](https://1.bp.blogspot.com/-xw5ntAF7zYA/XdbCjHGU_LI/AAAAAAAAEqI/xnAl8RiMiFsJrU9_4h7g7uzGzQ3VyGPGQCLcBGAsYHQ/s1600/1413.png)
How to diable detectportal.firefox.com in firefox(enemy of burpsuite)
Mac ์ ๊ทธ๋ ์ด๋ ํ ๊ฐ๋ฐ ๊ด๋ จ ๋๊ตฌ ์๋ฌ(xcrun: error: invalid active developer path) ํด๊ฒฐ๋ฐฉ๋ฒ(xcode-select --install)
Burp suite using Tor network
Navigation with Embedded Browser on Burp suite 2.1.05(new releases)
Upgrade self XSS to Exploitable XSS an 3 Ways Technic
The scratchpad is deprecated from Firefox 72 version(์คํฌ๋์นํจ๋ ์ค๋จ...)
์น ์์ผ์ ์๋ก์ด ๊ณต๊ฒฉ ๊ธฐ๋ฒ! WebSocket Connection Smuggling ๐
PHP7 UnderFlow RCE Vulnerabliity(CVE-2019-11043) ๊ฐ๋จ ๋ถ์
CPDoS(Cache Poisoned Denial of Service) Attack for Korean
Find Subdomain Takeover with Amass + SubJack
Golang ์ผ๋ก ๋ง๋ ์น ์ดํ๋ฆฌ์ผ์ด์ Heroku์ ๋ฐฐํฌํ๊ธฐ
jwt-cracker๋ฅผ ์ด์ฉํ secret key crack
Bypass referer check logic for CSRF
New Technic of HTTP Desync Attack
If you find powerful OXML XXE tool? it's "DOCEM"
Normalized Stored XSS (\\xef\\xbc\\x9c => \\x3c)
How to Remove Unused JS/CSS with Browser developers tool
Path Traversal pattern of ../
Bypass host validation Technique in Android (Common+Golden+MyThink)
Rails์์ HTTP Basic Auth ์ ์ฉํ๊ธฐ(How to add HTTP basic auth on Rails)
OWASP Amass - DNS Enum/Network Mapping
Burp collaborator ์ธ์ฆ์ ์๋ฌ ํด๊ฒฐํ๊ธฐ(certificate error solution)
Burp suite pro ๊ตฌ๋งค๊ธฐ(for korean, ๊ฐ์ธ ์ฆ๋ช ๊ด๋ จ ๋ฌธ์ ์ฒ๋ฆฌ๋ฐฉ๋ฒ?)
Bypass blank,slash filter for XSS to simple trick (double-double ")
HTTP Desync Attack ์ ๋ํด ์์๋ณด์(HTTP Smuggling attack re-born, +My case)
onload*(start/end) event handler XSS(Any browser)
onpoint* XSS Payload for bypass blacklist base event-handler xss filter
JSONP Hijacking
Event handler for mobile used in XSS (ontouch*)
HTTP Request(ZAP, Burp) Parsing on Ruby code
Displaying cli base table at ruby application on terminal
XSS payload for escaping the string in JavaScript
ZAP Send to Any tools(+Send to Burp Scanner)
How to use SDCard directory in Termux(not rooted)
Run other application in ZAP ๐ฏ
OAuth ๊ณผ์ ์์ ๋ฐ์ํ ์ ์๋ ์ฌ๋ฏธ์๋ ์ธ์ฆํ ํฐ ํ์ทจ ์ทจ์ฝ์ (Chained Bugs to Leak Oauth Token) Review
XSS Payload without Anything
GraphQLmap - testing graphql endpoint for pentesting & bugbounty
Ruby on Rails Double-Tap ์ทจ์ฝ์ (CVE-2019-5418, CVE-2019-5420)
ZAP์์ Request/Respsponse ๊น๋ํ๊ฒ ๋ณด๊ธฐ
Finding in-page scripts & map files with javascript (very simple..)
Tap n Ghost Attack(ํญ ์ค ๊ณ ์คํธ) - ์๋ก์ด ๋ฌผ๋ฆฌ์ (?) ํดํน ๊ณต๊ฒฉ ๋ฒกํฐ
OWASP ZAP 2.8 Releases! ๋น ๋ฅด๊ฒ ๋ฆฌ๋ทฐํ๊ธฐ (what's different?)
Frequently used frida scripts and others..
Rails์์ Routing parameters(:action, :controller)์ ๋์ผํ ์ด๋ฆ์ ํ๋ผ๋ฏธํฐ ์ฒ๋ฆฌํ๊ธฐ
How to fuzzing with regex on ZAP Fuzzer
ZAP์์ ์ ๊ทํํ์์ ์ด์ฉํ์ฌ ์น ํผ์งํ๊ธฐ
Github Dark Theme with "stylus" add-on
Four XSS Payloads - Bypass the tag base protection
How to resolve duplicate mail transmission in Rails ActionMailer(์ค๋ณต ๋ฉ์ผ ์ ์ก ํด๊ฒฐ ๋ฐฉ๋ฒ)
Send Gmail using Rails ActionMailer Class (ActionMailer๋ฅผ ์ด์ฉํ์ฌ Gmail ์ ์กํ๊ธฐ)
How to pause/resume process on MacOS and Linux(Mac/Linux์์์ ํ๋ก์ธ์ค ์ผ์์ ์ง, ์ฌ ์์)
MacOS์์ ๋ง์ถค๋ฒ ์๋ ๊ต์ , ๋๋ธ์ฟผํ ์ด์ (๋ฐ์ดํ) ๋ณ๊ฒฝ๋์ง ์๋๋ก ํด์ ํ๊ธฐ
์นจํฌํ ์คํธ ์ฝ๊ฐ ์ ์ฉํ nmap NSE ์คํฌ๋ฆฝํธ 4๊ฐ์ง
Four nmap NSE scripts for penetration testing.
Rails App ์์ ์ ํน์ ์ฝ๋ ์คํํ๊ธฐ(How to startup code on Ruby on Rails with initialize)
Rails crono๋ฅผ ์ด์ฉํ์ฌ ์ค์ผ์ค๋งํ๊ธฐ(Scheduling with crono on Rails)
Rails์์ kaminari๋ฅผ ์ด์ฉํ์ฌ Pagination ๊ตฌํํ๊ธฐ(How to make pagination on rails(with kaminari)
Rails์์ SuckerPunch๋ฅผ ์ด์ฉํ ๋น๋๊ธฐ Thread ์ฒ๋ฆฌ(single-process Ruby asynchronous processing library)
AutoSource - Automated Source Code Review Framework Integrated With SonarQube
CVE-2019-11358๋ฅผ ํตํด Prototype Pollution์ ์์๋ณด์
๋ฃจ๋น์์ string-similarity๋ก ๋ฌธ์์ด ํผ์ผํธ๋ก ๋น๊ตํ๊ธฐ(Comparing string-similarity percent in Ruby)
Testing command(curl, wget, portscan, ssh) with Powershell
How to protect iframe XSS&XFS using sandbox attribute(+CSP)
[ Rails on Heroku ] ์์ฃผ ์ฌ์ฉํ๋ heroku ๋ช ๋ น์ด ์ ๋ฆฌ
[ Rails on Heroku ] ๊ฐ๋จํ ๋ฃจ๋น ๋ ์ผ์ฆ ์ฑ ๊ตฌ์ฑ ๋ฐ Heroku์ ๋ฐฐํฌํ๊ธฐ
[ Rails on Heroku ] Heroku๋? ๋น ๋ฅด๊ฒ ํ๊ฒฝ ๊ตฌ์ฑํ๊ธฐ
ZAP(Zed Attack Proxy)์ 4๊ฐ์ง ๋ชจ๋(Four modes of ZAP)
Jailbreak iOS Cydia ๋ด ์ค์น/์ ๋ฐ์ดํธ ์ gzip:iphoneos-arm ์๋ฌ ํด๊ฒฐ๋ฐฉ๋ฒ
Bypass XSS Protection with xmp/noscript/noframes/iframe
Metasploit์์ ์ปค์คํ ๋ฐฐ๋ ๋ง๋ค๊ธฐ
Access-Control-Allow-Origin๊ฐ wildcard(*)์ผ ๋ ์ ์ธ์ฆ ์ ๋ณด๋ฅผ ํฌํจํ ์์ฒญ์ ์คํจํ๋๊ฐ ๐ซ
robots.txt์ ๋ํด ์ ๋๋ก ์์๋ณด์. (What is robots.txt?)
MacOS์์ Proxy ์ค์ ํ๊ธฐ(for ZAP, BurpSuite)
ffmpeg๋ฅผ ์ด์ฉํ mp3 ํ์ผ metadata ์์ ํ๊ธฐ(Edit metadata in mp3 using ffmpeg)
Get cookie value in Javascript function
๐ฆ Brave Browser = ๋ณด์ + ์๋ + ์๋ก์ด ์๋
๋๋ฆฐ ZAP์ ๋น ๋ฅด๊ฒ ๋ง๋ค์! Zed Attack Proxy ์ต์ ํํ๊ธฐ
Metasploit-framework install & Setting on MacOS
Bypass domain check protection with data: for XSS
XSStrike geckodriver no such file error ํด๊ฒฐํ๊ธฐ
SQL Query for All Delete(Drop) TABLE
File content Disclosure & DOS Vulnerability in Action View of Ruby on Rails(CVE-2019-5418,CVE-2019-5419)
Seagate Personal Cloud์์ ssh ์ ์ํ๊ธฐ(Connect SSH on Seagate Personal Cloud)
Kage(GUI Base Metasploit Session Handler) Review
Swift code's Access Control(์ค์ํํธ์ ์ ๊ทผ์ ์ด)
iOS App์์ HTTP ํต์ ํ์ฉํ๊ธฐ(+App Trasport Security๋?)
Javascript Entity XSS์ ๋ํ ์ด์ผ๊ธฐ(oldโฆstyleโฆnot working)
์ฐ๋ถํฌ 18.04์์ OBS Studio ์ค์น ๋ฐ ์คํธ๋ฆฌ๋ฐ ํ๊ฒฝ ๊ตฌ์ฑ(+Android ํ๋ฉด ์ถ๋ ฅํ๊ธฐ)
XSS with style tag and onload event handler
Automation exploit with mad-metasploit (db_autopwn module)
Blogger์ ๋ชฉ์ฐจ ์๋์ผ๋ก ์ถ๊ฐํ๊ธฐ(Table of Contents on blogger)
postMessage XSS on HackerOne(by adac95) Review
Bypass SSRF Protection using HTTP Redirect
Compiler Bomb for Hacking and Security Testing
DOMAIN CNAME๊ณผ A Record๋ฅผ ์ด์ฉํ์ฌ SSRF ์ฐํํ๊ธฐ
ZAP๊ณผ BurpSuite์์์ "handshake alert: unrecognized_name" ์๋ฌ ํด๊ฒฐํ๊ธฐ
Custom Scheme API Path Tampering๊ณผ ํธ๋ฆญ์ ์ด์ฉํ API Method ๋ณ์กฐ
Jenkins RCE Vulnerability via NodeJS(using metasploit module)
MIME Types of script tag (for XSS)
Twitter Card on Google Blogger(๋ธ๋ก๊ฑฐ์ ํธ์ํฐ ์นด๋ ์ ์ฉํ๊ธฐ)
grep๊ณผ sed๋ฅผ ์ด์ฉํ ๋ค์ ํ์ผ ๋ด ๋ฌธ์์ด ์นํ
ClusterFuzz - scalable fuzzing infrastructure(On Google)
How to Re-Size Image in Blogger
How to Re-Size Video in Blogger Posts
editor.js - Simple Markdown Javascript Library
HarooPad - markdown ์๋ํฐ(to html view, to plain html)
AWS ์์ธ ๋ฆฌ์ ๋ด ์๋น์ค ๋๋ฉ์ธ, ์ ์ฒด ๋ฆฌ์ ์ ๋ณด(Domain of AWS Region)
๊ผญ ๋ด์ผํ Metasploit ์ฝํ ์ธ 4๊ฐ์ง
CSP(Content-Security-Policy) Bypass technique
APT package manager RCE(Bypass file signatures via CRLF Injection / CVE-2019-3462)
PHP Hidden webshell with carriage return(\r, hack trick)
Rails app์์ public ํ์ ํ์ผ์ ์ฝ์ด์ค์ง ๋ชปํ ๋(Rails not serving static files in public dir)
Task manager app with Ruby on Rails(ํ ์ผ ๊ด๋ฆฌ ๋๊ตฌ ๋ง๋ค๊ธฐ)
Docker Optimization and cleanup script (๋์ปค ์ต์ ํ ํ๊ธฐ ๐ณ)
Metasploit-framework 5.0 Review
Hashicorp Consul - RCE via Rexec (Metasploit modules)
apt-get ์ง์ ํ ํจํค์ง๋ง ์ ๊ทธ๋ ์ด๋ ํ๊ธฐ(Upgrade only specified packages)
PocSuite - PoC ์ฝ๋ ํ ์คํ ์ ์ฒด๊ณ์ ์ผ๋ก ์ฝ๊ฒ ํ์!
wget stores a file's origin URL vulnerability (CVE-2018-20483)
IntelliJ(RubyMine) ์๋ํฐ ์์ ์ด ๋ถํธํ ๋ฌธ์ (IdeaVim Plugin)
2018
Web Cache Poisoning Attack, ๋ค์ ์ฌ์กฐ๋ช ๋ฐ๋ค(with Header base XSS)
Ubuntu 18.04 Shutter Edit ์ฌ์ฉ ๋ถ๊ฐ ์ด์(Fixed disable edit)
ZAP Add-on before/from-version ๋ณ๊ฒฝํ์ฌ ์ค์นํ๊ธฐ(์ต์ ์ง์๋ฒ์ ์ผ๋ก ์ค์น ๋ถ๊ฐํ ๊ฒฝ์ฐ)
ZAP Java ๋ฒ์ ๋ฐ๊ฟ์น๊ธฐ(Change Java version for fixed ssl error on ZAP)
OWASP ZAP์ New interface! ZAP HUD ๐ฅฝ
Wordpress Post Type์ ์ด์ฉํ Privilege Escalation ์ทจ์ฝ์ (<= wordpress 5.0.0)
JSShell - interactive multi-user web based javascript shell
MacOS, iOS(iPhone, iPad) Devices ์์์ ๋ฉ๋ชจ๋ฆฌ ๋ณ์กฐ
Needle - iOS Application and Device ํดํน/๋ณด์ ๋ถ์ ํ๋ ์์ํฌ
Windcard(*) Attack on linux (์์ผ๋ ์นด๋๋ฅผ ์ด์ฉํ ๊ณต๊ฒฉ)
iOS 11.3(iPad mini2 ) Jailbraek with Electra(non-developer accouts)
unix timestamp 2038 ๋ฒ๊ทธ(Year 2038 problem)
Ubuntu Linux์์ Spectable(macOS App) ๊ฐ์ ์ฐฝ ์ ์ด ์ฌ์ฉํ๊ธฐ(Spectable for linux?)
iOS์์ Proxy ์ฌ์ฉ ์ค Burp/ZAProxy CA ๋ฃ์ด๋ ์ ๋ขฐํ ์ ์๋ ์ฌ์ดํธ ๋ฐ์ ์ ํด๊ฒฐ๋ฐฉ๋ฒ
WAF Bypass XSS Payload Only Hangul(ํ๊ธ๋ง ์ด์ฉํด์ XSS ํ์ด๋ก๋ ๋ง๋ค๊ธฐ)
ZAP Scripting์ผ๋ก Custom Header
๋น๋ฃจํ /๋นํ์ฅ ๋จ๋ง์์ ํ๋ฆฌ๋ค ์ฌ์ฉํ๊ธฐ (Frida Inject DL for no-jail, no-root)
iOS MinimumOSVersion ์ฐํ ์ฝ์ง๊ธฐ(Test case for bypass ios min sdk version)
Phar(PHP Archive)์์์ PHP Deserialization ์ทจ์ฝ์ (BlackHat 2018)
asciinema - Linux/Macos์์์ ํฐ๋ฏธ๋ ๋ นํ ํ๋ก๊ทธ๋จ
Burp suite Daracula(dark) Theme Release!
Review on recent xss tricks (๋ช๊ฐ์ง XSS ํธ๋ฆญ๋ค ์ดํด๋ณด๊ธฐ)
iOS์์์ SSL Pinning Bypass(with frida)
LOKIDN - IDN HomoGraph Attack์ ์ฌ๋ฏธ์๋ ๊ณต๊ฒฉ ๋ฒกํฐ
iOS App IPA ํ์ผ ์ถ์ถํ๊ธฐ(ipainstaller, jailbreak)
DynoRoot Exploit (DHCP Client Command Injection / CVE-2018-1111)
์น ์ด์ ๋ธ๋ฆฌ(Web Assembly)๋ ์ด๋ป๊ฒ ๋ณด์ ์ทจ์ฝ์ ๋ถ์์ ํ ๊น์?
Ruby gem ๋ง๋ค๊ธฐ(Make ruby gem)
Ruby IDB(iOS App ๋ณด์๋ถ์ ๋๊ตฌ) Select App ์ ์ฃฝ๋ ํ์ ํด๊ฒฐ ๋ฐฉ๋ฒ(iOS10, Error downloading file)
JSFuck XSS Payload ๋์ ์๋ฆฌ
XSS Polyglot Challenge(v2)์ ์ฐธ์ฌํ๋ฉฐ XSS์ ๋ํ ๊ณ ๋ฏผ์ ๋ ํด๋ด ์๋ค!
p0wn-box - ๊ฐ๋ณ๊ฒ ์ฌ์ฉํ๊ธฐ ์ข์ ๋ชจ์ํดํน/์นจํฌํ ์คํธ ํด ๋์ปค ์ด๋ฏธ์ง
Scala์ underscore(_)๋?
Burp Suite REST API(Burp 2.0 beta)
Arachni optimizing for fast scanning (Arachni ์ค์บ ์๋ ํฅ์ ์ํค๊ธฐ)
tree๋ช ๋ น ์์ด ls๋ก treeview๋ก ๋ณด๊ธฐ(Treeview without tree command as ls)
SpEL(Spring Expression Language) Injection & Spring boot RCE
Consul์ ๋ํด ์์๋ณด์! (Service Mesh)
Git pull/push ์ Password ๋ฌผ์ด๋ณด์ง ์๋๋ก ์ค์ ํ๊ธฐ(credential.helper)
ESI(Edge Side Include) Injection์ ์ด์ฉํ Web Attack(XSS, Session hijacking, SSRF / blackhat 2018)
Defcon 2018 ๋ฐํ ์๋ฃ ๋ฐ Briefings list
Docker "No space left on device" ์ค๋ฅ ํด๊ฒฐ ๋ฐฉ๋ฒ(in MacOS)
ZAP์์๋ Request๋ฅผ ๊ฐ์ง๊ณ ์คํฌ๋ฆฝํธ๋ก ์์ฑํ์! Reissue Request Scripter
Arachni ์ฝ๋๋จ์์ JSON Method ์ฌ์ฉํ๊ธฐ (undefined method `parse' for Arachni::Element::JSON:Class ํด๊ฒฐ)
Ruby์์ Cookie ๊ฐ์ JSON ํฌ๋งท์ผ๋ก ๋ณํํ๊ธฐ(Cookie format to JSON with hash!)
Attack a JSON CSRF with SWF(ActionScript๋ฅผ ์ด์ฉํ JSON CSRF ๊ณต๊ฒฉ์ฝ๋ ๊ตฌํ)
Burp suite Extension ๊ฐ๋ฐ์ ๋ํ ์ด์ผ๊ธฐ(Story of Writing Burp suite extension)
EternalBlue exploit for x86(32 bit) devices - 32๋นํธ pc์ ๋ํ EternalBlue
์ฐ๋ถํฌ 18.04 ์์ ์นด์นด์คํก ์ค์นํ๊ธฐ(Install kakaotalk on ubuntu 18.04)
JRuby Burp suite ํ์ฅ ๊ธฐ๋ฅ ๊ฐ๋ฐ ์ค ๋ฐ์ํ ์๋ฌ(failed to coerce [Lburp.IHttpRequestResponse; to burp.IHttpRequestResponse)
Crystal - Ruby์ ๋น์ทํ๋ฉฐ ๋น ๋ฅธ ํ๋ก๊ทธ๋๋ฐ ์ธ์ด(Fast a C, Slick as Ruby)
Firefox Hackbar Addon ๋จ์ถํค(Short cut)
Metasploit์ผ๋ก ์๋ฒ์ SSL ๋ฑ๊ธ์ ํ๊ฐํ์ (SSLLab)
Git commit์ผ๋ก Issue ์ข ๋ฃํ๊ธฐ(Closing issue with commit)
tracer์ ์ด์ฉํ ruby code tracing(์ฝ๋ ํ๋ฆ ๋ถ์)
Insomnia๋ก REST API๋ฅผ ์ฝ๊ฒ ํ ์คํธํ์ ๐
XSS ์์ด DOM ๋ด ์ค์์ ๋ณด ํ์ทจ, CSP ์ฐํํ๊ธฐ(Eavading CSP and Critical data leakage No XSS)
Rubocop auto correct๋ฅผ ์ด์ฉํ ๋ฃจ๋น ์ฝ๋ ์ ๋ฆฌํ๊ธฐ(๋ฆฌํฉํ ๋ง)
Ruby Limit to number of thread in loop(๋ฐ๋ณต๋ฌธ์์ ์ ํ๋ ๊ฐฏ์์ ์ฐ๋ ๋ ๋๋ฆฌ๊ธฐ)
Security testing SAML SSO Vulnerability & Pentest(SAML SSO ์ทจ์ฝ์ ๋ถ์ ๋ฐฉ๋ฒ)
Awesome ๋ฃจ๋น ํ๋ก๊ทธ๋๋ฐ ์คํ์ผ ๊ฐ์ด๋(Awesome ruby programming style guide) and rubocop
๋ฆฌ๋ ์ค์์ OWASP ZAP๊ณผ BurpSuite์ ์์ ๋ฐ๊พธ๊ธฐ
Ruby on Rails(ROR) ์์ SAML IdP(Identity Provider) ๊ตฌํํ๊ธฐ(SSO)
inquirer ๋ผ์ด๋ธ๋ฌ๋ฆฌ๋ฅผ ์ด์ฉํ ์ปค๋งจ๋๋ผ์ธ ๊ธฐ๋ฐ ์ฒดํฌ๋ฐ์ค ๋ง๋ค๊ธฐ(Ruby/Python)
SQLMap Tamper Script๋ฅผ ์ด์ฉํ WAF&Protection Logic Bypass
ZAP์์ Passive Script ๋ง๋ค๊ธฐ
Ruby์์ Exception ์ฒ๋ฆฌ( begin-rescue-else-ensure-end )
Subdomain Takeover ์ทจ์ฝ์ ์ ๋ํ ์ด์ผ๊ธฐ(About Subdomain Takeover and How to test)
Git contribute ๊ด๋ จ ์ ๋ฆฌ(Pull reuqest ๋ง๋ค๊ธฐ)
ZAP์ ํ์ํ ๊ธฐ๋ฅ๊ณผ Burp suite ๋์ผ ์ฒด์ ๋ก ๋๋์
ZAP ๋จ์ถํค ์ฌ์ฉ ํ
ZAP Scripting์ผ๋ก Code Generator ๊ตฌํํ๊ธฐ
Burp์ ZAP ๋์์ ์ฌ์ฉํ๊ธฐ ๐
์นด์นด์ค ํ์น, ์๋์๋ต API๋ฅผ ์ด์ฉํด ์ฑ๋ด ๊ฐ๋ฐํ๊ธฐ!
Burp suite ์ค๋ ์๊ฐ ๋ฐ๋ผ๋ณธ OWASP ZAP(Zed Attack Proxy). ์ด์ ๋ถํฐ ๋์ผ์ด๋ค!
Firefox XSS with Context menu(+css payload..)
Not-rooted android Kali linux with Termux!(๋น ๋ฃจํ ํฐ์์ ์นผ๋ฆฌ ๊ตฌ์ฑํ๊ธฐ)
YSoSerial - Java object deserialization payload generator
BurpKit - Awesome Burp suite Extender(Burp์์ ๊ฐ๋ฐ์ ๋๊ตฌ๋ฅผ ์ฌ์ฉํ์!)
JRuby๋ฅผ ์ด์ฉํ Ruby & Java ๊ฐ ํฌ๋ก์ค ๊ฐ๋ฐ
Javascript๋ฅผ ์ด์ฉํ์ฌ ๊ฐ๋จํ๊ฒ ์นด์นด์คํก ๊ณต์ (์นด์นด์ค๋งํฌ) ์ ์ฉํ๊ธฐ
Evasion technique using Wildcards, Quotation marks and backslash, $IFS(WAF, ๋ฐฉ์ด๋ก์ง ์ฐํ)
Android App(apk) ์๋ช ํ๊ธฐ(apk signing with jarsigner,keytool)
Mapscii - Ascii base Map on Linux terminal (๋ฆฌ๋ ์ค ํฐ๋ฏธ๋์์ ์์คํค ์ง๋๋ฅผ ๋ณด์!)
Metasploit WMAP ๋ชจ๋๋ค
Android Meterpreter shell ์์์ ์คํ ๊ถํ ์์น ์ฝ์ง ์ด์ผ๊ธฐ
MacOS์์ git ์คํ ์ CommandLIneTools ์๋ฌ ๋ฐ์ํ ๊ฒฝ์ฐ ํด๊ฒฐ๋ฐฉ๋ฒ
Kali Linux 2(04.30) release review
Rails์ ๋ผ์ฐํ ๊ณผ constraints๋ฅผ ์ด์ฉํ์ฌ IP๊ธฐ๋ฐ ACL ๋ง๋ค๊ธฐ
Rails development ํ๊ฒฝ์์ error ์ ๋ณด ์ค์ด๊ธฐ
BugCrowd HUNT - ๋ฒ๊ทธ ๋ฐ์ดํฐ๋ฅผ ์ํ ZAP/Burp Extension
Metasploit web delivery ๋ชจ๋์ ์ด์ฉํ Command line์์ meterpreter session ๋ง๋ค๊ธฐ
Android 4.4(KitKat)์์ NetHunter ์ค์นํ๊ธฐ
G3 ์๋ฆฌ์ฆ ๋ฃจํ ์คํฌ๋ฆฝํธ ์ดํด๋ณด๊ธฐ(LG Root Script.bat )
adb๋ก ์ฑ ์ค์น ์ ๋ฐ์ํ๋ Failure [INSTALL_FAILED_TEST_ONLY]
HTTPS/HTTP Mixed Content (์์ธ ๋์ ์ฝํ ์ธ [File] ๋ฅผ ์ฝ์ด์ค๋ ๊ฒ์ ์ฐจ๋จํ์ต๋๋ค.)
Bypass XSS Protection with fake tag and data: (๊ฐ์ง ํ๊ทธ์ data ๊ตฌ๋ฌธ์ ์ด์ฉํ XSS ์ฐํ๊ธฐ๋ฒ)
๊ตฌ๊ธ ๋ธ๋ก๊ฑฐ ๊ฐ์ธ ๋๋ฉ์ธ์ HTTPS ์ ๊ณต! (HTTPS support to custom domain on google blogger)
๋์ปค ์ปจํ ์ด๋(Docker Container)์ ๋ํ ์ ๊ถํ๊ณผ ์ ๊ทผ์ ๋ํ ์ด์ผ๊ธฐ
Bypass XSS Protection (Event Handler filtering) with string+slash(XSS ์ฐํ๊ธฐ๋ฒ)
Ruby language์์์ Symbol(์ฌ๋ณผ)์ด๋?
MITM Proxy server in Ruby (evil-proxy์ rails๋ฅผ ์ด์ฉํ WASE ํธ๋ํฝ ์์ง ๊ตฌ๊ฐ ๋ง๋ค๊ธฐ)
Protocol-relative URL - HTML/Javascript/CSS์์ ์ฃผ์ ํ์์ ์ฌ์ฉ๋๋ double slash(//)๋ ๋ฌด์์ธ๊ฐ?
URL Hash(#) ์ ์ด์ฉํ XSS ์ฐํ๊ธฐ๋ฒ
0x0c(^L)๋ฅผ ์ด์ฉํ XSS ์ฐํ ๊ธฐ๋ฒ(no slash, no blank)
Ruby on Rails - submodel, subclass or subcontroller ๋ง๋ค๊ธฐ(references type)
PostgreSQL FATAL: Peer authentication failed for user Error ํด๊ฒฐํ๊ธฐ
website capture๋ฅผ ์ํ ruby gem (feat PhantomJS)
๊ตฌ๊ธ ๋ธ๋ก๊ฑฐ(Google Blogger) ํ์ด์ง, ๊ฒ์๊ธ(ํฌ์คํธ) ๊ด๋ จ ํ์ ๋ค
Elastic search ์ฟผ๋ฆฌ ์ ๋ฆฌ(cheat sheet)
[HACKING] Bug Bounty๋ฅผ ์ํ WASE(Web Audit Search Engine) ๋ง๋ค๊ธฐ [2] - Burp suite์ Elastic search ์ฐ๋ํ๊ธฐ
[HACKING] Bug Bounty๋ฅผ ์ํ WASE(Web Audit Search Engine) ๋ง๋ค๊ธฐ [1] - Elastic search์ ruby-rails
[HACKING] Memcached reflection DOS attack ๋ถ์
[CODING] Android "Only the original thread that created a view hierarchy can touch its views." ์๋ฌ ํด๊ฒฐ๋ฐฉ๋ฒ
[HACKING] Adobe Flash Player NetConnection Type Confusion(CVE-2015-0336) ๋ถ์
[DOCKER] ๋์ปค ์ปจํ ์ด๋, ํธ์คํธ๊ฐ ํ์ผ ์ ์ก/๋ฐ๊ธฐ(How to send/recive docker container)
[ROR] Ruby on Rails "cannot load such file -- [package]" ํด๊ฒฐ ๋ฐฉ๋ฒ
[RUBY] nokogiri install/update ์๋ฌ ํด๊ฒฐํ๊ธฐ(An error occurred while installing nokogiri (1.8.2), and Bundler cannot continue.)
[HACKING] Kali linux The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 ์๋ฌ ํด๊ฒฐํ๊ธฐ
iframe์ height:100%๊ฐ ์๋ ๋ viewport๋ฅผ ์ด์ฉํ์ฌ ํด๊ฒฐํ๊ธฐ
[HACKING] TCPโStarvation Attack (DOS Attack on TCP Sessions)
[CODING] Backspace,Delete not working in vim insert mode(vim์์ ์ญ์ ๊ฐ ์ ๋์ง ์์๋)
Vim์์์ ๊ฐ๋ฐ์ ์ํ ์ต์ํ์ plugin ์ค์
Learning Go Language - Hello world, GoRoutine
[DEBIAN] Kali Linux ๋ก๊ทธ์ธ ํ๋ฉด, ์ ๊ธ ํ๋ฉด ๋ณ๊ฒฝํ๊ธฐ(Change background login , lock screen)
[HACKING] iOS App ์ ์ ๋ถ์๋๊ตฌ IDB (Ruby gem package "IDB" for iOS Static Analysis)
macOS์์ aapt ๋ค์ด๋ก๋/์ฌ์ฉํ๊ธฐ(Download aapt binary for macOS)
์์คํค ์ฝ๋&HTML ์ฝ๋ํ(Ascii&HTML code table, URL encode)
Metasploit Modules for EternalSynergy / EternalRomance / EternalChampion
Shodan API์ Metasploit์ ์ด์ฉํ Exploiting script - AutoSploit
[RUBY] ํด๋ฆฝ๋ณด๋์ ๋ฐ์ดํฐ๋ฅผ ๋ณต์ฌํ์! clipboard gem
Metasploit์ alias plugin์ ์ด์ฉํ์ฌ resource script๋ฅผ ๋ช ๋ น์ด๋ก ๋ง๋ค๊ธฐ
[HACKING] DocumentBuilderFactory XXE ์ทจ์ฝ์ ๊ด๋ จ ์ฐ๊ตฌ(?) ์ค๊ฐ ์ ๋ฆฌ(feat apktool)
2017
[HACKING] Analyzing BurpLoader.jar in Burp Suite Pro Crack(Larry Lau version) Part3(Bypass Certificate expiration time)
[HACKING] DocumentBuilderFactory XXE Vulnerability ๋ถ์(ParseDroid, apktool xxe exploit)
[WEB HACKING] OOXML XXE with Burp Suite(OOXML XXE ๊ด๋ จ Burp suite Extension)
Bookmarklet์ด๋?
[WEB HACKING] Reflected XSS๋ฅผ ์ฝ๊ฒ ์ฐพ์ - "Reflector" Burp Suite Extension
[EXPLOIT] macOS High Sierra root privilege escalation ์ทจ์ฝ์ /๋ฒ๊ทธ์ ๋ํ ์ด์ผ๊ธฐ(code metasploit)
[WEB HACKING] SQLite SQL Injection and Payload
[RUBY] ROR DB Column ์ถ๊ฐํ๊ธฐ(Add column from Ruby on Rails Database)
Blind XSS(Cross-Site Scripting)์ ๋ณด์ํ ์คํ
[EXPLOIT] JAVA SE Web start JNLP XXE ์ทจ์ฝ์ ๋ถ์(CVE-2017-10309, feat Metasploit)
BadIntent - Android ์ทจ์ฝ์ ๋ถ์์ ์ํ Burp Suite Extension ๐ฑ
[WEB HACKING] OWASP Top 10 2017 RC2 Review (์ ๊ท ํญ๋ชฉ ๋ฐ ๊ฐ์ธ์ ์ธ ์๊ฒฌ)
[LINUX] Install docker on kali linux(์นผ๋ฆฌ ๋ฆฌ๋ ์ค์์ ๋์ปค ์ค์นํ๊ธฐ)
๊ฐ์ Pentest ํ๊ฒฝ ๊ตฌ์ฑ์ ์ํ metasploitable2 ์ค์น
[WEB HACKING] Bypass DOM XSS Filter/Mitigation via Script Gadgets
[SYSTEM HACKING] lynis๋ฅผ ์ด์ฉํ ์์คํ ์ทจ์ฝ์ ์ค์บ(System vulnerability Scanning with lynis)
XCode Simulator์ App(.ipa) ํ์ผ ์ค์นํ๊ธฐ
[LINUX] Make a Persistent Live OS USB(๋น ํ๋ฐ์ฑ Live OS ๋ง๋ค๊ธฐ)
Metasploit + OpenVAS ์ฐ๋ (using Docker)
[HACKING] Kali Live OS๋ฅผ ์ด์ฉํ Windows, Linux ๋ฌผ๋ฆฌ ์ ๊ทผ ํดํน
[WEB HACKING] Struts2 RCE(CVE-2017-5638, S2-045) ํ ์คํธ ๋ฐ docker file ๊ณต์
[LINUX] Plank Dock - ์ฌํํ๊ณ ๊น๋ํ Dock Application
[LINUX] How to install xfce on blackarch linux
[LINUX] BlackArch Linux install tip!
[LINUX] VirtualBox์์ ๋์คํฌ ํฌ๊ธฐ ๋ณ๊ฒฝํ๊ธฐ(๋์ ํ ๋น, ๊ณ ์ ํ ๋น)
[HACKING] KALI Linux 2017.2 Release Review (๋ฌด์์ด ๋ฌ๋ผ์ก์๊น์?)
[WEB HACKING] New attack vectors in SSRF(Server-Side Request Forgery) with URL Parser
[HACKING] Android Cloak & Dagger Attack๊ณผ Toast Overlay Attack(CVE-2017-0752)
Metasploit ipknock๋ฅผ ์ด์ฉํ hidden meterpreter shell
[EXPLOIT] Struts2 REST Plugin XStream RCE ์ทจ์ฝ์ ๋ถ์(feat msf) CVE-2017-9805 / S2-052
Metasploit ์ rhosts์์ Column/Tagging ์ปค์คํฐ๋ง์ด์ง ํ๊ธฐ
[WEB HACKING] Retire.js๋ฅผ ์ด์ฉํด JS Library ์ทจ์ฝ์ ์ฐพ๊ธฐ
[EXPLOIT] OpenSSL OOB(Out-Of-Bound) Read DOS Vulnerability. Analysis CVE-2017-3731
Frida๋ฅผ ์๊ฐํฉ๋๋ค! ๋ฉํฐ ํ๋ซํผ ํํน์ ์ํ ๊ฐ์ฅ ๊ฐ๋ ฅํ ๋๊ตฌ ๐
[POWERSHELL] ํ์์์ ์ด์ฉํ ํ์ผ ์ ๋ณด ํ์ธํ๊ธฐ(Write a get file information script)
[POWERSHELL] ์ด ์์คํ ์์ ์คํฌ๋ฆฝํธ๋ฅผ ์คํํ ์ ์์ผ๋ฏ๋ก ํ์ผ์ ๋ก๋ํ ์ ์์ต๋๋ค(execution of scripts is disabled on this system.) ์๋ฌ ํด๊ฒฐ ๋ฐฉ๋ฒ
Metasploit API์ msfrpcd, ๊ทธ๋ฆฌ๊ณ NodeJS
Metasploit-Aggregator๋ฅผ ์ด์ฉํ Meterpreter session ๊ด๋ฆฌํ๊ธฐ
[WEB HACKING] ์ด๋ฏธ์ง ํ์ผ ๋ด metadata์ Payload ์ฝ์ ํ๊ธฐ(XSS,XXE,Meterpreter Scenario )
Automatic Exploit&Vulnerability Attack Using db_autopwn.rb
Data Leak Scenario on Meterpreter using ADS
Privilege Escalation on Meterpreter
[WEB HACKING] Web hacking and vulnerability analysis with firefox!
[MAD-METASPLOIT] 0x30 - Meterpreter?
Meterpreter๋ฅผ ์ด์ฉํ Windows7 UAC ์ฐํํ๊ธฐ
[MAD-METASPLOIT] 0x41 - Armitage
[MAD-METASPLOIT] 0x40 - Anti Forensic
[MAD-METASPLOIT] 0x34 - Persistence Backdoor
[MAD-METASPLOIT] 0x33 - Using post module
[MAD-METASPLOIT] 0x32 - Privilige Escalation
[MAD-METASPLOIT] 0x21 - Browser attack
[MAD-METASPLOIT] 0x22 - Malware and Infection
[MAD-METASPLOIT] 0x31 - Migrate & Hiding process
[MAD-METASPLOIT] 0x20 - Remote Exploit
[MAD-METASPLOIT] 0x12 - Vulnerability Scanning
[MAD-METASPLOIT] 0x11 - Network scanning using Auxiliary Module
[MAD-METASPLOIT] 0x10 - Port scanning
[MAD-METASPLOIT] 0x02 - Database setting and workspace
[MAD-METASPLOIT] 0x01 - MSF Architecture
[MAD-METASPLOIT] 0x00 - Metasploit?
[METASPLOIT] DB ์ฐ๋ ์ดํ ๋ฐ์ํ๋ Module database cache not built yet(slow search) ํด๊ฒฐํ๊ธฐ
[METASPLOIT] msgrpc ์๋ฒ๋ฅผ ์ด์ฉํ์ฌ msfconsole๊ณผ armitage ์ฐ๋ํ๊ธฐ
[WEB HACKING] WebKit JSC ์ทจ์ฝ์ ์ ํตํ SOP ์ฐํ(WebKit base browser XSS Technique)
[CODING] MediaWiki ์ Google Login ์ฐ๋ํ๊ธฐ(Interoperability GoogleLogin)
[HACKING] Closed network infection scenario and Detecting hidden networks (Using USB/Exploit)
AngularJS Sandbox Escape๋ก ์์๋ณด๋ constructor XSS์ Prototype Pollution
[METASPLOIT] Writing Custom Plugin for metasploit
Metasploit resource script์ ruby code๋ก ์ปค์คํฐ๋ง์ด์ง ํ๊ธฐ
[WEB HACKING] Easily trigger event handler for XSS/ClickJacking" using CSS(or stylesheet)
[HACKING] Analyzing BurpLoader.jar in Burp Suite Pro Crack(Larry Lau version) Part2
[HACKING] Symbolic Execution(symbolic evaluation)์ ์ด์ฉํ ์ทจ์ฝ์ ๋ถ์
[RUBY] RQRCode๋ฅผ ์ด์ฉํ QR์ฝ๋ ์์ฑํ๊ธฐ
[WEB HACKING] Bypass XSS filter with back-tick(JS Template Literal String)
[WEB HACKING] SWF Debugging with ffdec(jpexs)
[HTML] data URL Scheme๋ฅผ ์ด์ฉํ html ๋ด ์ด๋ฏธ์ง ๋ํ๋ด๊ธฐ
[DEBIAN] Sony VAIO on/off keyboard backlight on linux
[WEB HACKING] SWF(Flash) Vulnerability Analysis Techniques
[METASPLOIT] msfconsole ๋ด Prompt ์ค์ ํ๊ธฐ
OOXML XXE Vulnerability (Exploiting XXE In file upload Function!)
[DEBIAN] Thunder Bird์์ Anigmail, GnuPG(gpg)๋ฅผ ํตํ ์ด๋ฉ์ผ ์ํธํ
[WEB HACKING] Parameter Padding for Attack a JSON CSRF(Cross-site Request Forgery)
[HACKING] Eternalblue vulnerability&exploit and msf code
[EXPLOIT] Linux Kernel - Packet Socket Local root Privilege Escalation(CVE-2017-7308,out-of-bound) ๋ถ์
[DEBIAN] terminator๋ฅผ ์ด์ฉํ ์ฐฝ ๋ถํ ํฐ๋ฏธ๋ ์ฌ์ฉํ๊ธฐ
Form action + data:๋ฅผ ์ด์ฉํ XSS Filtering ์ฐํ ๊ธฐ๋ฒ
[WEB HACKING] Apache Struts2 Remote Code Execute Vulnerability(CVE-2017-5638, S2-045)
PuDB ์ด์ฉํ์ฌ cli์์ python ๋๋ฒ๊น ํ๊ธฐ
[DEBIAN] Intro Memcahed and Accessing Memcached from the command line
[WEB HACKING] Bypass XSS Blank filtering with Forward Slash
[METASPLOIT] Hardware pentest using metasploit - Hardware-Bridge
[CODING] Ruby telegram-bot ์ ์ด์ฉํ ํ ๋ ๊ทธ๋จ ๋ด ๋ง๋ค๊ธฐ
[HACKING] Lavabit&Magma - Encrypted Email Service (Dark Mail Alliance)
[HACKING] Microsoft Windows Kernel Win32k.sys Local Privilege Escalation Vulnerability ๋ถ์(CVE-2016-7255/MS16-135)
[WEB HACKING] PHP Comparison Operators Vulnerability for Password Cracking
[WEB HACKING] Bypass XSS(Quotation&Apostrophe filtering) with JS Regular expression [์๋ฐ์คํฌ๋ฆฝํธ ์ ๊ทํํ์์ ์ด์ฉํ XSS ์ฐํ ๊ธฐ๋ฒ]
2016
HTML AccessKey and Hidden XSS (Trigger AccessKey and Hidden XSS)
[TIP] Name of Special Characters for Hacker, Programmer (ํน์๋ฌธ์์ ์ด๋ฆ)
[WEB HACKING] SOP(Same-Origin Policy)์ Web Security
[WEB HACKING] Web Vulnerability scanning with VEGA WVS(VAGA๋ฅผ ์ด์ฉํ ์น ์ทจ์ฝ์ ์ค์บ)
[EXPLOIT] IE VBScript Engine Memory Corruption ๋ถ์(Analysis a CVE-2016-0189)
[DEBIAN] Remmina - SSH/RDP/VNC Client (Remmina๋ฅผ ์ด์ฉํ ์๊ฒฉ ์/๋ฐ์คํฌํ ๊ด๋ฆฌํ๊ธฐ)
[DEBIAN] Remote Mount with SSH(๋ฆฌ๋ ์ค์์ SSH๋ก ์๊ฒฉ ๋๋ ํ ๋ฆฌ ๋ง์ดํธํ๊ธฐ)
[EXPLOIT] MySQL(MariaDB/PerconaDB) Root Privilege Escalation(Symlink attack)
![Featured image of post [EXPLOIT] MySQL(MariaDB/PerconaDB) Root Privilege Escalation(Symlink attack)](https://4.bp.blogspot.com/-hAAvc7PsCsk/WBoGYoRAUcI/AAAAAAAABx4/OkScHiEncbsZWctyNZt-bOuFoXnNzYTJACLcB/s1600/Linux%2BWallpaper.jpg)
Form์์ ์ฒดํฌ๋ฐ์ค ์ฌ๋ฌ๊ฐ ๊ฐ ์ ๋ฌํ๊ธฐ
[EXPLOIT] MySQL(MariaDB/PerconaDB) Remote Code Execution and Privilege Escalation(CVE-2016-6662)
postMessage๋ฅผ ์ด์ฉํ XSS์ Info Leak
[WEB HACKING] Burp Suite's hotkeys and Edit hotkey
[DEBIAN] SquashFS - compressed read-only file system for Linux
[CODING] WebSocket - Overview , Protocol/API and Security
apt-get ์ฌ์ฉ ์ Could not get lock /var/lib/dpkg/lock ์๋ฌ ํด๊ฒฐํ๊ธฐ
[HACKING] Mobile Application Vulnerability Research Guide(OWASP Mobile Security Project)
[RUBY] Cuntom column sort function on Two-dimensional array
[DEBIAN] webissues๋ฅผ ์ด์ฉํ Bug Tracking(install webissue and tutorial)
[DEBIAN] Using Redmine on Debian and Apache server, and Change a theme
[DEBIAN] Change the GRUB background image
[METASPLOIT] Meterpreter Railgun / Useful API call for Hacker&Pentester
[RUBY] ROR(Ruby on Rails)๋ฅผ ์ด์ฉํ Web Develope part2 - Create Blog Application and Security
[RUBY] ROR(Ruby on Rails)๋ฅผ ์ด์ฉํ Web Develope part1 - About/Install Rails
[DEBIAN] Geany - Develope IDE for hacker and programmer
[HACKING] BlackArch Linux Install, Review (Arch linux for Pentest)
[METASPLOIT] Meterpreter Paranoid Mode - SSL Certified Meterpreter shell
[DEBIAN] malloc() ์ sysctl vm.swappiness๋ฅผ ์ด์ฉํ์ฌ Swap ์ ๊ทน ํ์ฉํ๊ธฐ
[EXPLOIT] GNU Wget 1.18 Arbitrary File Upload/Remote Code Execution ๋ถ์(Analysis)
[RUBY] Writing a Web Crawler with Ruby and Nokogiri(nokogiri๋ฅผ ์ด์ฉํ ์น ํฌ๋กค๋ฌ ๋ง๋ค๊ธฐ)
[RUBY] Nokogiri library๋ฅผ ์ด์ฉํ Web(HTML/XML) Parsing
[WEB HACKING] PUT/DELETE CSRF(Cross-site Request Forgrey) Atttack
[JQUERY] Create wait/loading animation using jquery(addClass,removeClass)
HIDDEN:XSS - <input type=hidden> ์์์ XSS
[PYTHON] Tkinter module์ ์ด์ฉํ Clipboard(ํด๋ฆฝ๋ณด๋) ์ ์ด/์์ฉ๊ตฌ ๋ง๋ค๊ธฐ
[WEB HACKING] Making XSS Keylogger(XSS Keylogger ๋ง๋ค๊ธฐ)
[DEBIAN] Linux Terminal์์ .sql ํ์ผ ์คํํ๊ธฐ(Execute .sql file on linux . MYSQL)
[RUBY] ๋ฃจ๋น์์ Process/command ์คํํ๊ธฐ(Execute Process and command)
[HACKING] JDWP(Java Debug Wire Protocol) Remote Code Execution
Anti-XSS Filter Evasion of XSS
[WEB HACKING] Reflected File Download(RFD) Attack
[DEBIAN] GDB layout(-tui, layout asm,reg) and save setting in gdb(gdb ๋ ์ด์์ ๋ฐ ์ธํ ์ ์ฅํ๊ธฐ)
[DEBIAN] Gedit Plugins for hacker/programmer(ํด์ปค/ํ๋ก๊ทธ๋๋จธ๋ฅผ ์ํ gedit ํ๋ฌ๊ทธ์ธ)
[DEBIAN] Linux์์ Sublimetext3 ํ๊ธ ์ ๋ ฅ ์ฌ์ฉํ๊ธฐ(Use hangul on slt3)
[BUG] Repair & Fix Windows7 Install Error [0x000035a] (VirtualBox Win7 64-bit ์๋ฌ ์์ ํ๊ธฐ)
[WEB HACKING] XDE(XSS DOM-base Evasion) Attack
[WEB HACKING] SWF๋ด DEBUG Password Crack ํ๊ธฐ(Cracking DEBUG password in SWF flash file / EnableDebugger2)
[WEB HACKING] DotDotPwn - The Path Traversal Fuzzer(DDP๋ฅผ ์ด์ฉํ Path Traversal)
[WEB HACKING] Apache Struts2 DMI REC(Remote Command Executeion) Vulnerability(CVE-2016-3081)
[WEB HACKING] Apache Struts2 REC(Remote Command Executeion) Vulnerability(CVE-2016-0785)
[WEB HACKING] Google Hacking(๊ตฌ๊ธํดํน) - ๊ฒ์์์ง์ ์ด์ฉํ ํดํน ๊ธฐ์ (Using a search engine hacking)
[HACKING] Social Engineering Attack(์์ ์์ง๋์ด๋ง) - ์คํ์ด ๊ฐ์ ํดํน
[HACKING] Phase of Ethical Hacking Phase5 - Covering Tracks
[HACKING] Phase of Ethical Hacking Phase4 - Maintaining Access
[HACKING] Phase of Ethical Hacking Phase3 - Gaining Access
[HACKING] Phase of Ethical Hacking Phase2 - Scanning/Enumeration
[HACKING] Phase of Ethical Hacking Phase1 - Reconnaissance/Footprinting
[HACKING] Phase of Ethical Hacking/Pentest(๋ชจ์/์ค๋ฆฌํดํน์ ๋จ๊ณ)
[DEBIAN] qemu๋ฅผ ์ด์ฉํ arm elf ํ์ผ ์คํ
[HACKING] OpenSSL Client ์์ SSLv2 ์ฌ์ฉํ๊ธฐ(Check DROWN Attack)
[HACKING] SSLv2 DROWN Attack(CVE-2016-0800) ์ทจ์ฝ์ ๋ถ์ / ๋์๋ฐฉ์
[CODING] git pull ์ฌ์ฉ ์ ๊ฐ์ ๋ก pull ํ๊ธฐ
[HACKING] NMAP Part2 - NSE(Nmap Script Engine)์ ์ด์ฉํ ์ทจ์ฝ์ ์ค์บ๋(Vulnerability scan with NSE Script)
[HACKING] NMAP Part1 - nmap์ ์ด์ฉํ ์ฌ๋ฌ๊ฐ์ง ๋คํธ์ํฌ ์ค์บ ๊ธฐ๋ฒ(network scan with nmap)
[WEB HACKING] arachni - Web application security scanner framework
[PYTHON] Terminal์ table ์ถ๋ ฅํ๊ธฐ(Source Code / Python / Terminal / Table)
[DEBIAN] w3m/lynx :: Linux text base web browser(๋ฆฌ๋ ์ค ํ ์คํธ ๋ธ๋ผ์ฐ์ )
[METASPLOIT] /local_exploit_suggester ๋ชจ๋์ ์ด์ฉํ Local Exploit ์ฐพ๊ธฐ
[HACKING] steghide๋ฅผ ์ด์ฉํ Steganography(Embed/Extract Steganography with steghide)
[METASPLOIT] Default Shell์ Meterpreter Shell๋ก ์ ๊ทธ๋ ์ด๋ํ๊ธฐ(Nomal Shell to Meterpreter shell)
SQLNinja๋ฅผ ์ด์ฉํ SQL Injection ํ ์คํ
[SYSTEM HACKING] Remote NFS Mount ๋ฐ Metasploit nfs/nfsmount ๋ชจ๋์ ์ด์ฉํ NFS Scan/Access
[SYSTEM HACKING] RPC Port Map Dump๋ฅผ ์ด์ฉํ ์๋น์ค Port ํ์ธ
[DEBIAN] Ctrl+Alt+F12(Ctrl+Alt+Fn) Black Screen ๋ณต๊ตฌ ๋ฐฉ๋ฒ(Ctrl+Alt+F12 / Return GUI)
[WEB HACKING] A2SV(Auto Scanning to SSL Vulnerability) - SSL ์ทจ์ฝ์ ์ ๊ฒ์ ์ํ ๊ฐ๋จํ ํด
![Featured image of post [WEB HACKING] A2SV(Auto Scanning to SSL Vulnerability) - SSL ์ทจ์ฝ์ ์ ๊ฒ์ ์ํ ๊ฐ๋จํ ํด](https://i.ytimg.com/vi/BZLJ_KHpsV8/default.jpg)
[PYTHON] argparse ๋ฅผ ์ด์ฉํ ํ์ด์ฌ ์คํฌ๋ฆฝํธ Argument ์ฒ๋ฆฌํ๊ธฐ
GIT ๊ฐ์ Push ํ๊ธฐ (error: failed to push some refs to)
[JAVA] Byte to String / String to Byte (์๋ฐ Byte ํ ๋ณํ)
[EXPLOIT] Android sensord Local Root Exploit ๋ถ์(Android Exploit Anlaysis)
[EXPLOIT] Linux Kernel REFCOUNT Overflow/UAF in Keyrings ์ทจ์ฝ์ ๋ถ์
[DEBIAN] IceWeasel Adobe Flash Plugin ์ค์นํ๊ธฐ(Install Adobe Flash Plugin on IceWeasel/Debian)
JWT(JSON Web Token) ์ธ์ฆ๋ฐฉ์๊ณผ ๋ณด์ํ ์คํ , ์ทจ์ฝ์ ๋ถ์
[EXPLOIT] Linux Kernel Overlayfs - Local Privilege Escalation ์ทจ์ฝ์ ๋ถ์
[WEB HACKING] Java Applet Attack ๋ถ์ ๋ฐ ํ์ฉ ๊ธฐ๋ฒ(Java Applet XSS,Malicious File Download)
[JAVA] ๊ฐ๋จํ Java Applet ๋ง๋ค๊ธฐ(Simle Code for Java Applet)
TOCTOU(Time-of-check Time-of-use) Race Condition
MongoDB Injection์ผ๋ก ์์๋ณด๋ NoSQL Injection
๋ธ๋ก๊ทธ ๋๋ฉ์ธ ๋ณ๊ฒฝํ์์ต๋๋ค.
[WEB HACKING] XXN Attack(X-XSS-Nightmare) :: R-XSS Bypass Browser XSS Filter
[PHP] php์์ ๋ฐฐ์ด/๋ค์ฐจ์ ๋ฐฐ์ด ์ ๋ ฌํ๊ธฐ(sorting array in php)
2015
[RUBY] WEBrick::mount_proc ๋ฉ์๋๋ฅผ ์ด์ฉํ WEBrick ์๋ฒ ๋ด Ruby ์ฒ๋ฆฌ๋ถ๋ถ ๋ง๋ค๊ธฐ
[RUBY] WEBrick์ ์ด์ฉํ ๊ฐ๋จ Ruby ์น ์๋ฒ ๋ง๋ค๊ธฐ(Writing Web Server Code whit Ruby WEBrick)
[SYSTEM HACKING] ShellNoob๋ฅผ ์ด์ฉํ Shellcode ์์ฑ ๋ฐ ํ์ฉ (Writing Shell Code with ShellNoob || Install and Using ShellNoob)
[SYSTEM HACKING] 64bit Linux Execve Shell Code ๋ง๋ค๊ธฐ(64bit Execve ShellCode & Remove Null Byte)
[DEBIAN] Bash Custom Prompt ๊ธด ๋ฌธ์์ด Overwrite(๊ฐํ๋ถ๊ฐ) ํด๊ฒฐ ๋ฐฉ๋ฒ(overwrite long command on bash prompt)
[EXPLOIT] Joomla 1.5 Object Injection & Remote Command Execution ์ฝ๋ ๋ถ์(Code Analysis)
[DEBIAN] BASH Shell ํ๋กฌํํธ ์์ ๋ณ๊ฒฝํ๊ธฐ(Change The Color Of Bash Prompt Shell)
[SYSTEM HACKING] FlawFinder๋ฅผ ์ด์ฉํ C/C++ Source Code ์ทจ์ฝ์ ๋ถ์(Vulnerability Analysis)
[RUBY] Ruby์์ MySQL ์ฐ๋ํ๊ธฐ(DB Connection ๋ฐ SQL Query ์ ์ก)
[CODING] HTML/Javascript ๋ฅผ ์ด์ฉํ ํ์ ๋ ์ด์ด ๋ง๋ค๊ธฐ :: Code for Popup Search Layer
[WEB HACKING] Weevely๋ฅผ ์ด์ฉํ์ฌ Stealth Webshell ๋ง๋ค๊ธฐ(weevely ์ค์น ๋ฐ ์ฌ์ฉ)
[ANDROID] ADB๋ฅผ ์ด์ฉํ Android Remote Shell/Debugging (with ADB)
Burp Suite๋ฅผ ํตํ Android SSL Packet ๋ถ์(Android Proxy + SSL Certificate)
HSTS(Http Strict Transport Security)์ ๋ณด์/์นจํฌ ํ ์คํธ
[SYSTEM HACKING] Peach Fuzzer์ GUI ๋ชจ๋ - Peach3 Fuzz Bang(Run Peach Fuzzer on GUI Interface)
[SYSTEM HACKING] Peach Fuzzer๋ฅผ ํตํด Application ๋ถ์ 2 - Application Fuzzing for Exploit
[SYSTEM HACKING] Peach Fuzzer๋ฅผ ํตํด Application ๋ถ์ 1 - Install Peach Fuzzer
[SYSTEM HACKING] Melkor ELF(Binary) Fuzzer ์ค์น ๋ฐ ์ฌ์ฉ๋ฒ(Install and Usage)
[HTML/CSS] HTML ์ด๋ฒคํธํธ๋ค๋ฌ, ์คํฌ๋ฆฝํธ๋ฅผ ์ด์ฉํ Text Box ํด๋ฆญ ์ ์ฌ๋ผ์ง๋ ๊ธ์ ๋ง๋ค๊ธฐ
[PYTHON] Python์์์ ์์ธ์ฒ๋ฆฌ ๋ฐฉ๋ฒ(Exception code for Error data)
[PYTHON] PDB(Python Debugger)์ฌ์ฉ๋ฒ ๋ฐ PDB๋ฅผ ์ด์ฉํ ํ์ด์ฌ ์คํฌ๋ฆฝํธ(.PY) ๋๋ฒ๊น / PDB ์ต์ (PDB Options)
[HACKING] APKInspector๋ฅผ ์ด์ฉํ Android Malware ๋ถ์ํ๊ธฐ 2 - APKInspector๋ฅผ ์ด์ฉํ Malware Analysis
[HACKING] APKInspector๋ฅผ ์ด์ฉํ Android Malware ๋ถ์ํ๊ธฐ 1 - APKInspector ์ค์นํ๊ธฐ(Install APKInspector)
[SYSTEM HACKING] Binary ๋ถ์์ ํตํด Program์ ํฌํจ๋ ์จ๊ฒจ์ง ๋ฐ์ดํฐ ์ฐพ์๋ด๊ธฐ(Find Hidden Data for Application Hakcing)
[RUBY] OCRA๋ฅผ ์ด์ฉํ์ฌ Ruby ์คํฌ๋ฆฝํธ(.rb File) exe(Win Format) ํฌํ
[MALWARE] ์ ์ฑ ๋๋ฉ์ธ ๋ณ์กฐ ๋ถ์(98.xxx.xxx.148:5896, ํ์ธต ๊ฐ์ ๋ chrome์ ์ต์ ๋ฒ์ ์ด ์ถ์๋์์ต๋๋ค/์ ์ฑ์ฝ๋)
GDB๋ฅผ ์ด์ฉํ ์๊ฒฉ ๋๋ฒ๊น (GDB Remote Debugging)
[WEB HACKING] URL Redirection & URL Forwards ์ฐํ ๊ธฐ๋ฒ(Bypass Redirection Filtering)
CSS๋ฅผ ํตํด Body ํ๊ทธ ์ฌ๋ฐฑ ์์ ๊ธฐ
[CODING] HTML/CSS ๊ธ์ ํ ๋๋ฆฌ ์ ์ฉํ๊ธฐ(Apply text border) / text-shadow
[EXPLOIT] OpenSSL Alternative Chains Certificate Forgery (CVE-2015-1793) ์ทจ์ฝ์ ๋ถ์
[CODING] highlight.js ๋ฅผ ์ด์ฉํ Code Highlight(HTML/CSS ์ฒ๋ฆฌ)
[JAVA] Java Swing[GUI] Programming์ ์ํ WindowBuilder ์ฌ์ฉํ๊ธฐ(์ค์น/์ฌ์ฉ)
[JAVA] GUI ํ๋ก๊ทธ๋๋ฐ์ ์ํ Java Swing(Java Swing for GUI Programming)
[EXPLOIT] ์ผ์ฑ(Samsung) SecEmailUI.apk ์ทจ์ฝ์ (Vulnerability SecEmailUI.apk on Android) #edb-38554 / CVE-2015-7893
[METASPLOIT] Android Meterpreter Shell ๋ถ์ - Part 1 Meterpreter APK Analysis
[METASPLOIT] Metasploit Custom Scanner ๋ง๋ค๊ธฐ(Make Simple Scan Module)
[PHP] Terminal ํ๊ฒฝ์์ php ํ์ผ ์คํํ๊ธฐ
[DEBIAN] Synergy๋ฅผ ์ด์ฉํ Linux,Windows ๊ฐ ํค๋ณด๋/๋ง์ฐ์ค ๊ณต์ (Shared Keyboard and Mouse Using Synergy)
[METASPLOIT] Metasploit์์ generate ๋ช ๋ น์ ํตํด payload ์์ฑํ๊ธฐ(generate shellcode on metasploit)
[WEB HACKING] ActiveX ์ทจ์ฝ์ ๋ถ์ ๋ฐฉ๋ฒ(ActiveX Vulnerability Analysis)
[CODING] HTML Style ํ๊ทธ/CSS๋ฅผ ์ด์ฉํ ๋ ์ด์ด ๊ณ ์ ํ๊ธฐ(Fixed Layer / CSS)
[HACKING] BDF(BackDoor-Factory) ์ค์น ๋ฐ exe ํ์ผ์ backdoor ํจ์นํ๊ธฐ(patch executable binaries with user desired shellcode)
[METASPLOIT] Veil Framework(Payload Generator)๋ฅผ ์ด์ฉํ Antivirus ์ฐํํ๊ธฐ
[Exploit] SSLv3 POODLE Attack ํ์ธ ๋ฐ ๋์๋ฐฉ์(Check and Modify)
[CODING] CSS๋ฅผ ์ด์ฉํ h1, h2 ํ๊ทธ ๋ฐ์ค ์ ์ฉํ๊ธฐ(Editing for h1,h2)
[DEBIAN] Linux DB EERD ๋ชจ๋ธ๋ง(Modeling and Design) Tool(mysql-workbench on linux)
Javascript ์ด๋ฒคํธ ํธ๋ค๋ฌ๋ฅผ ์ด์ฉํ์ฌ Input ํ๊ทธ ์ํฐ ์ฒ๋ฆฌ Char Codes)
[EXPLOIT] StageFright Exploit Code ๋ถ์(StageFrigt Exploit Analysis)
grep -v , -E ์ต์ ์ ์ด์ฉํ ๋ฌธ์์ด ์ ์ธํ์ฌ ์ฐพ๊ธฐ
[EXPLOIT] YESWIKI 2.0 Path Traversal Vulnerability
[SYSTEM HACKING] /proc/self/maps ํ์ผ์ ์ด์ฉํ์ฌ ์คํ์ค์ธ ์์คํ ๋ฉ๋ชจ๋ฆฌ ์ฃผ์ ํ์ธํ๊ธฐ
[ANDROID] Android ์ gdb ์ค์นํ๊ธฐ(Build ARM-GDB for Android)
[HACKING] Android UnPacker - APK ๋๋ ํ ํ๊ธฐ(APK Deobfuscation)
[ANDROID] Android NDK ์ค์นํ๊ธฐ(Install Android NDK)
[DEBIAN] PITIVI - ๋ฆฌ๋ ์ค ์์ ํธ์ง ํด(Audio,Video Editor on Linux)
[SYSTEM HACKING] RIPS - Source Code Vulnerability Scanner(์์ค์ฝ๋ ์ทจ์ฝ์ ๋ถ์ ํด)
[HACKING] TOR๋ฅผ ์ด์ฉํ์ฌ ์ต๋ช ๋คํธ์ํฌ ์ฌ์ฉํ๊ธฐ(Anonymity Network Using Tor) on linux
[SYSTEM HACKING] Trinity๋ฅผ ํ์ฉํ System call Fuzzing (Install Trinity and Trinity Tutorial)
[METASPLOIT] Metasploit ์ค์น(bundle install) ์ ๋ฐ์ ์๋ฌ ์ฒ๋ฆฌ(Install Metasploit troubleshooting)
[SYSTEM HACKING] ์ํํธ์จ์ด ๋ฒ๊ทธ๋ฅผ ์ด์ฉํ ์์คํ ์ทจ์ฝ์ /ํดํน(System vulnerability&hacking use software bug)
[HACKING] katoolin ์ ์ด์ฉํ Kali Linux Hacking tool ๊ฐํธ ์ค์น(Easy Install Kali Linux Hacking Tool)
[RUBY] HexDump Ruby Code(๋ฃจ๋น๋ก ํฅ์ค ์ ๋ณด ์ถ๋ ฅํ๊ธฐ)
[HACKING] BeEF(The Browser Exploitation Framework) ์ค์นํ๊ธฐ(Install BeEF on Debian)
[METASPLOIT] Metasploit์ AutoRunScript๋ฅผ ์ด์ฉํ ์นจํฌ ํ ์๋ ํ๊ฒฝ ๊ตฌ์ฑ
[METASPLOIT] Metasploit ์ ์ด์ฉํ HashDump ๋ฐ Password Crack(John the Ripper)
[DEBIAN] Pidgin(on Debian) ์์ Facebook ์ฌ์ฉํ๊ธฐ
[METASPLOIT] Metasploit ์์์ WMAP ๋ชจ๋ ๋ก๋ ๋ฐ ์ฌ์ฉ/์ค์บ(Web Vulnerability Scan on MSF-WMAP)
[Android] aapt ๋ฅผ ์ด์ฉํ์ฌ AndroidManifest.xml ๋ฐ ํผ๋ฏธ์ (perm) ํ์ธํ๊ธฐ(malware analysis)
[LAIKABOSS]๋กํ๋๋งํด(Lockheed Martin)์ ๋ผ์ด์ปค๋ณด์ค(LAIKABOSS) ์ค์น ๋ฐ ์ฌ์ฉ/๊ฐ๋จ๋ถ์
[HACKING] WEBSPLOIT - MITM Attack Framework ์ค์น ๋ฐ ์ฌ์ฉ
[WEB HACKING] PHP Injection(code injection) ๋ฐ ๊ณต๊ฒฉ์ ๋ถ์(Attack/Check Point/after Action)
OpenVAS Debian Linux ์ ์ค์นํ๊ธฐ(Install OpenVAS Scanner on debian)
[METASPLOIT] MSF์์ workspace๋ฅผ ์ด์ฉํ ํจ์จ์ ์ธ Target ๊ด๋ฆฌ(workspace management)
[METASPLOIT] MSF์์ Postgres DB ์ฐ๊ฒฐ ๋ฐ ์ฌ์ฉํ๊ธฐ
[METASPLOIT] MSFVENOM์ ์ด์ฉํ Android ์นจํฌ ๋ฐ Meterpreter Shell ์ฌ์ฉ
๋ฌธ์๋ง ๋ฐ์๋ ํดํน, Stagefright(์คํ ์ด์งํ๋ผ์ดํธ) - ์๋๋ก์ด๋ MMS์ทจ์ฝ์ (๋ฉํฐ๋ฏธ๋์ด ๋ก๋) / ์๋๋ก์ด๋ 95% ์ทจ์ฝ
[Hacking] Exploit Pack :: ํตํฉ Exploit Framework [1] - Exploit Pack๊ณผ ์ค์น ๋ฐ UI
recodemydesktop - ๋ฐ๋น์ ํ๋ฉด ์์ ์บก์ณ ํ๋ก๊ทธ๋จ(recode screen[video] on debian)
๊ธ์ต๊ฐ๋ ์ ํ์ ์ ์ฑ์ฝ๋/DNS ๋ณ์กฐ ์์ธ๊ณผ ๊ฐ๋จํ ํด๊ฒฐ๋ฐฉ๋ฒ
๋๋ก ํดํน(SkyJacking) - ๋ฌด์ ๋ ํดํน์ ํตํ ๋๋ก ์๊ฒฉ์ ์ด ํ์ทจ
[WEB HACKING] ProjectSend R582 WebShell ์ทจ์ฝ์ (Exploit) [ZERODAY?]
[WEB HACKING] XSS(Cross Site Script)์ XFS(Cross Frame Script)์ ์ฐจ์ด
HEX Encoding์ ์ด์ฉํ XSS ํํฐ๋ง ์ฐํ
