Hi๐Ÿ‘‹๐Ÿผ Iโ€™m HAHWUL.

Offensive Security Engineer, Rubyist/Crystalist/Gopher and H4cker

Posts - Page 11 of 86

Sequential Import Chaining์„ ์ด์šฉํ•œ CSS ๊ธฐ๋ฐ˜ ๋ฐ์ดํ„ฐ ํƒˆ์ทจ

  • 2 min read

์˜ค๋Š˜์€ CSS ๊ธฐ๋ฐ˜์˜ ๊ณต๊ฒฉ ๊ธฐ๋ฒ•์ธ Sequential Import Chaining์— ๋Œ€ํ•ด ์ด์•ผ๊ธฐํ•˜๋ ค๊ณ  ํ•ฉ๋‹ˆ๋‹ค. ์ž์ฒด์ ์œผ๋กœ ๋ญ”๊ฐ€ ์˜ํ–ฅ๋ ฅ์ด ์žˆ๋Š”๊ฑด ์•„๋‹ˆ์ง€๋งŒ, CSS๋ฅผ ์ œ์–ดํ•  ์ˆ˜ ์žˆ์„ ๋•Œ ์˜ํ–ฅ๋ ฅ์„ ์ฆํญ์‹œ์ผœ์ค„ ์ˆ˜ ์žˆ๋Š” ๋ฐฉ๋ฒ•์ด๋‹ˆ ๊ผญ ์•Œ์•„๋‘๊ณ , ์œ ์šฉํ•˜๊ฒŒ ์‚ฌ์šฉํ•˜์‹œ๊ธธ ๋ฐ”๋ž˜์š” ๐Ÿ˜Š

Read More

Attack Surface Detector๋ฅผ ์ด์šฉํ•ด ์†Œ์Šค์ฝ”๋“œ์—์„œ Endpoint ์ฐพ๊ธฐ

  • 1 min read

์ œ๊ฐ€ ์ผํ•  ๋•Œ ์ข…์ข… ์‚ฌ์šฉํ•˜๋Š” ZAP/Burp Addon์ด ์žˆ๋Š”๋ฐ, ์ตœ๊ทผ ์—๋Ÿฌ๊ฐ€ ์žˆ์–ด์„œ ์ฐพ๋‹ค๋ณด๋‹ˆ ์ œ๊ฐ€ ํ•œ๋ฒˆ๋„ ๋ธ”๋กœ๊ทธ์—์„œ ์–ธ๊ธ‰ํ•œ์ ์ด ์—†์—ˆ๋”๊ตฐ์š”. ๊ทธ๋ž˜์„œ ์˜ค๋Š˜์€ ๊ทธ ๋„๊ตฌ์ธ Attack surface detector์— ๋Œ€ํ•ด ์ด์•ผ๊ธฐํ• ๊นŒ ํ•ฉ๋‹ˆ๋‹ค.

Read More

Golang Logrus์—์„œ Channel hook ๋งŒ๋“ค๊ธฐ

  • 1 min read

Logrus๋Š” golang์˜ ์•„์ฃผ ์ข‹์€ logger ํŒจํ‚ค์ง€์ž…๋‹ˆ๋‹ค. logrus๋Š” hook์„ ์ด์šฉํ•ด์„œ ์ง€์ •๋œ ํ•œ๋ฒˆ์— ์—ฌ๋Ÿฌ๊ณณ์— ๋กœ๊ทธ๋ฅผ ๋‚จ๊ธธ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. built-in hook์œผ๋กœ๋Š” ํ˜„์žฌ syslog์™€ io.Writer๊ฐ€ ์žˆ๊ณ  ์ €๋Š” channel๋กœ hook์„ ์“ธ ์ผ์ด ์žˆ์–ด ๊ฐ„๋‹จํ•˜๊ฒŒ ์ž‘์„ฑํ•˜์—ฌ ๊ณต์œ ํ•ด๋ด…๋‹ˆ๋‹ค :D

Read More

ZAP์˜ ์ƒˆ๋กœ์šด Networking Stack

  • 2 min read

์ง€๋‚œ ๋ชฉ์š”์ผ ๋ฐค ZAP Developers Groups์— simon์ด ํ•œ๊ฐ€์ง€ ๋‚ด์šฉ์„ ๊ณต์œ ํ–ˆ์Šต๋‹ˆ๋‹ค. ๋ฐ”๋กœ ZAP์˜ Networking Layer์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ๊ณ , ์ €๋Š” ์ œ๋ชฉ์„ ๋ณด์ž๋งˆ์ž ์–ด๋–ค ๋‚ด์šฉ์ธ์ง€ ์ง๊ฐํ–ˆ์Šต๋‹ˆ๋‹ค. (์ œ๊ฐ€ ์ •๋ง ๊ธฐ๋‹ค๋ ธ๋˜ ๋‚ด์šฉ์ด๊ฑฐ๋“ ์š” ๐Ÿคฉ)

Read More

Custom Payloads๋กœ ZAP ์Šค์บ๋‹ ๊ฐ•ํ™” ๐Ÿš€

  • 3 min read

์˜ค๋Š˜์€ ์ œ๊ฐ€ ์ตœ๊ทผ์— ZAP์—์„œ ์•ฝ๊ฐ„ ๊ด€์‹ฌ์žˆ๊ฒŒ ๋ณด๊ณ ์žˆ๋˜ ๊ธฐ๋Šฅ ํ•˜๋‚˜๋ฅผ ์†Œ๊ฐœํ•ด๋“œ๋ฆด๊นŒ ํ•ฉ๋‹ˆ๋‹ค. ๋ฐ”๋กœ Custom Payloads์ธ๋ฐ์š”. Fuzzer๋‚˜ ZAP์˜ Scripting engine์„ ์‚ฌ์šฉํ•˜์ง€ ์•Š๊ณ  ์กฐ๊ธˆ ๋” ์‰ฝ๊ฒŒ ์ง€์ •๋œ ํŽ˜์ด๋กœ๋“œ ๊ธฐ๋ฐ˜์œผ๋กœ ํ…Œ์ŠคํŠธ๋ฅผ ํ•  ์ˆ˜ ์žˆ์–ด์„œ ์•Œ์•„๋‘์‹œ๋ฉด ๋ณด์•ˆ ํ…Œ์ŠคํŒ…์ด๋‚˜ ์ž๋™ํ™” ๊ตฌํ˜„์—์„œ ์ž˜ ์‚ฌ์šฉํ•˜์‹ค ์ˆ˜ ์žˆ์„๊ฑฐ๋ž€ ์ƒ๊ฐ์ด ๋“ญ๋‹ˆ๋‹ค.

Read More

Paragraph Separator(U+2029) XSS

  • 1 min read

Gareth Heyes๊ฐ€ ์žฌ๋ฏธ์žˆ๋Š” XSS ํŠธ๋ฆญ์„ ํ•˜๋‚˜ ๊ณต์œ ํ–ˆ๋Š”๋ฐ์š”. Browser๊ฐ€ ์ด๋ฅผ ์ฒ˜๋ฆฌํ•˜๋Š” ๋ฐฉ์‹์„ ์ž˜ ์ƒ๊ฐํ•ด๋ณด๋ฉด, ์—ฌ๋Ÿฌ ํ˜•ํƒœ๋กœ ์šฐํšŒํ•˜๋Š”๋ฐ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์„ ๊ฒƒ ๊ฐ™๋‹จ ๋Š๋‚Œ์ด ๋“ค์—ˆ์Šต๋‹ˆ๋‹ค.

Read More

๊ฐœ๋ฐœ์ž๋งŒ? ์•„๋‹ˆ ์šฐ๋ฆฌ๋„ ์Šคํฌ๋ž˜์น˜ ํŒจ๋“œ ํ•„์š”ํ•ด! Boop!

  • 1 min read

์ €๋Š” ์ข…์ข… ์žฌ๋ฏธ์žˆ๋Š” ์•ฑ์ด ์žˆ์„์ง€ ์•ฑ์Šคํ† ์–ด๋ฅผ ๋‘˜๋Ÿฌ๋ณด๊ณค ํ•ฉ๋‹ˆ๋‹ค. ๊ทธ๋Ÿฌ๋˜ ์ค‘ ๋ณด์•ˆ ํ…Œ์ŠคํŒ…์—์„œ ์“ธ๋งŒํ•  ๊ฒƒ ๊ฐ™์€ ๋„๊ตฌ๋ฅผ ์ฐพ์•„ ์ด๋ฒˆ ์—ฐํœด๋™์•ˆ ์‚ฌ์šฉํ•ด๋ณด๊ณ , ๊ดœ์ฐฎ๋‹ค๊ณ  ๋Š๊ปด์„œ ๋ธ”๋กœ๊ทธ๋ฅผ ํ†ตํ•ด ๊ณต์œ ํ•ด๋ด…๋‹ˆ๋‹ค. ๋ฐ”๋กœ Boop ์ž…๋‹ˆ๋‹ค.

Read More