HAHWUL

HAHWUL

Security engineer, Developer and H4cker

Cullinun

Cullinan

Cullinan is wiki of offensive security

Phoenix

Phoenix

Phoenix is online tools for me

Hack the browser extension ๐Ÿš€ (์›น ๋ธŒ๋ผ์šฐ์ € ํ™•์žฅ ๊ธฐ๋Šฅ ์ทจ์•ฝ์  ์ ๊ฒ€ํ•˜๊ธฐ)

Hack the browser extension ๐Ÿš€ (์›น ๋ธŒ๋ผ์šฐ์ € ํ™•์žฅ ๊ธฐ๋Šฅ ์ทจ์•ฝ์  ์ ๊ฒ€ํ•˜๊ธฐ)

์ƒˆํ•ด ์ฒซ๊ธ€์ž…๋‹ˆ๋‹ค. ์‚ฌ์‹ค 12์›” ๋งˆ์ง€๋ง‰ ๊ธ€๋กœ ์ž‘์„ฑํ•˜๋ ค๊ณ  ํ–ˆ๋Š”๋ฐ, ๋งˆ๋ฌด๋ฆฌ๋ฅผ ๋ชปํ•ด์„œ ์ƒˆํ•ด ์ฒซ๊ธ€์ด ๋˜์–ด๋ฒ„๋ ธ๋„ค์š”. ์ตœ๊ทผ์— ๋ธŒ๋ผ์šฐ์ € ํ™•์žฅ ๊ด€๋ จํ•ด์„œ ๊ธฐ์กด์— ์•Œ๋˜...

2020 Retrospective, ํšŒ๊ณ 

2020 Retrospective, ํšŒ๊ณ 

๋†€๋ž๊ฒŒ๋„, ๋ฒŒ์จ 2020๋…„๋„๊ฐ€ ๊ฑฐ์˜ ๋๋‚˜๊ฐ€๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ๋ณดํ†ต ์ผ๊ธฐ๊ฐ™์€ ๊ธ€์€ ์ž˜ ์“ฐ์ง€ ์•Š์•˜์ง€๋งŒ ์ƒ๊ฐ๋„ ์ข€ ์ •๋ฆฌํ• ๊ฒธ ์ž‘์„ฑ ํ•ด๋ด…๋‹ˆ๋‹ค. ์˜ค๋Š˜์€ 2020๋…„๋„...

Bypass domain check using ToCToU for SSRF/XXE/OOB, Etc

Bypass domain check using ToCToU for SSRF/XXE/OOB, Etc

๐Ÿค” What is ToCToU? In software development, time-of-check to time-of-use (TOCTOU, T...

Pet๊ณผ Gist๋ฅผ ์ด์šฉํ•œ Command snippet ๋™๊ธฐํ™”ํ•˜๊ธฐ

Pet๊ณผ Gist๋ฅผ ์ด์šฉํ•œ Command snippet ๋™๊ธฐํ™”ํ•˜๊ธฐ

Pet? Go ๊ธฐ๋ฐ˜์˜ command-line snippet mananger์ž…๋‹ˆ๋‹ค. fzf์™€ ์œ ์‚ฌํ•œ ์ธํ„ฐํŽ˜์ด์Šค๋ฅผ ๊ฐ€์ง€๊ณ  ์žˆ๊ณ , ์ž์ฃผ ์‚ฌ์šฉํ•˜๋Š” ๋ช…๋ น์„ ...

Security considerations for browser extensions

Security considerations for browser extensions

๋ธŒ๋ผ์šฐ์ € ํ™•์žฅ ๊ธฐ๋Šฅ์˜ ๋ณด์•ˆ ๊ด€๋ จํ•˜์—ฌ ํ…Œ์ŠคํŠธํ• ๊ฒŒ ํ•„์š”ํ•˜์—ฌ ์ œ๊ฐ€ ์•Œ๋˜ ๋‚ด์šฉ์— ์กฐ๊ธˆ ๋” ๋ฆฌ์„œ์น˜ํ•˜์—ฌ ๊ธ€๋กœ ์ž‘์„ฑํ•ด ๋ด…๋‹ˆ๋‹ค. ์šฐ์„  ๋ธŒ๋ผ์šฐ์ € ํ™•์žฅ ๊ธฐ๋Šฅ์€ ์›น ๋ธŒ...

ZAP 2.10 Released ๐ŸŽ‰ Quick review

ZAP 2.10 Released ๐ŸŽ‰ Quick review

2020 ๋งˆ์ง€๋ง‰์ด ์–ผ๋งˆ ๋‚จ์ง€ ์•Š์€ ์˜ค๋Š˜ ๋“œ๋””์–ด ZAP 2.10.0์ด ๋ฆด๋ฆฌ์ฆˆ ๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋™์•ˆ dark mode ๋“ฑ์„ ์ด์œ ๋กœ weekly ๋ฒ„์ „์„ ์‚ฌ...

๋‚ด๊ฐ€ ์˜คํ”ˆ ์†Œ์Šค ํ”„๋กœ์ ํŠธ๋ฅผ ์œ„ํ•ด ์‚ฌ์šฉํ•˜๋Š” Github actions๊ณผ App

๋‚ด๊ฐ€ ์˜คํ”ˆ ์†Œ์Šค ํ”„๋กœ์ ํŠธ๋ฅผ ์œ„ํ•ด ์‚ฌ์šฉํ•˜๋Š” Github actions๊ณผ App

์˜ค๋Š˜์€ ์ œ๊ฐ€ ์˜คํ”ˆ์†Œ์Šค ํ”„๋กœ์ ํŠธ์—์„œ ์ฃผ๋กœ ์‚ฌ์šฉํ•˜๋Š” git-action ๊ณผ app์— ๋Œ€ํ•ด ๊ฐ€๋ณ๊ฒŒ ์†Œ๊ฐœํ•ด๋“œ๋ฆด๊นŒ ํ•ฉ๋‹ˆ๋‹ค. ๋‹ค๋ฅธ ํ”„๋กœ์ ํŠธ๋“ค๊ณผ ๋น„๊ตํ•ด๋ณด๋ฉด ์ „ ...

PKA ๊ธฐ๋ฐ˜ ssh ํ™˜๊ฒฝ์—์„œ passphrase๋ฅผ ๋ฌป์ง€ ์•Š๋„๋ก ์„ค์ •ํ•˜๊ธฐ

PKA ๊ธฐ๋ฐ˜ ssh ํ™˜๊ฒฝ์—์„œ passphrase๋ฅผ ๋ฌป์ง€ ์•Š๋„๋ก ์„ค์ •ํ•˜๊ธฐ

Problem ๋ณดํ†ต ํŽธ์˜์„ฑ๊ณผ ๋ณด์•ˆ์„ฑ ๋ชจ๋‘๋ฅผ ์œ„ํ•ด ssh๋Š” PKA(Public Key Authentication) ๊ธฐ๋ฐ˜์œผ๋กœ ์šด์˜ํ•˜๋Š” ๊ฒฝ์šฐ๊ฐ€ ๋งŽ์Šต๋‹ˆ๋‹ค....

Why I Use ZAP

Why I Use ZAP

๐Ÿ—ก Army-Knife for AppSec Application Security ๋˜๋Š” Pentest, Bugbounty ๋“ฑ ์ „๋ฐ˜์ ์ธ Offensiv...