Hi๐Ÿ‘‹๐Ÿผ Iโ€™m HAHWUL.

Offensive Security Engineer, Rubyist/Crystalist/Gopher and H4cker

Posts - Page 23 of 86

DCO and Github Sign-off Commit

  • 3 min read

์–ด์ œ ๋ฐค์— ZAP์ชฝ์— Pull Request๋ฅผ ๋‚ ๋ ธ๋‹ค๊ฐ€ ์•„๋ž˜์™€ ๊ฐ™์€ ์ƒํ™ฉ์ด ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค.

Read More

The reverse tabnabbing has weakened more

  • 1 min read

Reverse tabnabbing์€ ๋ฆฌ์Šคํฌ๊ฐ€ ๋†’์€ ๊ณต๊ฒฉ์€ ์•„๋‹ˆ์ง€๋งŒ ํ”ผ์‹ฑ์—์„œ ์ถฉ๋ถ„ํžˆ ์‚ฌ์šฉ๋  ์ˆ˜ ์žˆ๊ธฐ ๋•Œ๋ฌธ์— ๋ณด์•ˆ์„ ์กฐ๊ธˆ ๋” ์‹ ๊ฒฝ์“ด๋‹ค๋ฉด ๋ถ„๋ช…์ด ์ฒดํฌํ•˜๊ณ  ๊ฐ€์•ผํ•  ๋ถ€๋ถ„์ž…๋‹ˆ๋‹ค. ํ•ด๋‹น ๊ณต๊ฒฉ์— ๋Œ€ํ•œ ์„ค๋ช…์€ ์•„๋ž˜ ๋งํฌ๋ฅผ ์ฐธ๊ณ ํ•ด์ฃผ์„ธ์š”.

Read More

Import remote JS in IMG tag. for bypass XSS

  • 1 min read

๋ฐค์— ํŠธ์œ—์„ ๋ณด๋‹ค๊ฐ€ ๊ฐ„๋‹จํ•œ XSS ํŠธ๋ฆญ์„ ๋ดค๋Š”๋ฐ ํŠน๋ณ„ํžˆ ๋ญ”๊ฐ€๊ฐ€ ์žˆ๋Š”๊ฑด ์•„๋‹ˆ์ง€๋งŒ ๊ฐ€๋”์”ฉ CSP ์šฐํšŒ์—๋„ ์‚ฌ์šฉ๋  ์ˆ˜ ์žˆ์„ ๊ฒƒ ๊ฐ™์•„ ๊ธ€๋กœ ์ž‘์„ฑํ•ด๋‘ก๋‹ˆ๋‹ค.

Read More

Secure JWT and Slinding Sessions

  • 3 min read

Sessions ์ด๋ž€?

Sessions์€ ์ปดํ“จํŒ…์—์„œ ๋น„์Šทํ•˜์ง€๋งŒ ์—ฌ๋Ÿฌ ์˜๋ฏธ๋กœ ์‚ฌ์šฉ๋˜๋Š” ์šฉ์–ด์ž…๋‹ˆ๋‹ค. ์ผ๋ฐ˜์ ์œผ๋กœ ์ƒํƒœ๋ฅผ ์˜๋ฏธํ•œ๋‹ค๊ณ  ๋ณด๋ฉด ๋  ๊ฒƒ ๊ฐ™๊ณ , ์›น์—์„œ๋Š” HTTP๊ฐ€ ๋น„ ์—ฐ๊ฒฐํ˜• ํ”„๋กœํ† ์ฝœ์ด๊ธฐ ๋•Œ๋ฌธ์— ์„œ๋ฒ„๊ฐ€ ๊ธฐ์กด์— ์ ‘์†ํ–ˆ๋˜ ํด๋ผ์ด์–ธํŠธ์ธ์ง€ ํ™•์ธํ•  ์ˆ˜ ์žˆ๋Š” ์ˆ˜๋‹จ์œผ๋กœ ์‚ฌ์šฉ๋ฉ๋‹ˆ๋‹ค. (ํŒŒ์ผ ์ฟ ํ‚ค๋ž‘ ๋น„์Šทํ•˜์ฃ . ๋‹ค๋งŒ ์ฒ˜๋ฆฌ์—์„  ์•ฝ๊ฐ„ ๋‹ค๋ฅด๊ธดํ•ฉ๋‹ˆ๋‹ค.)

Read More

OOB Testing with interactsh!

  • 2 min read

OOB(Out-Of-Band)์™€ Callback ์„œ๋ฒ„

SSRF, RCE ๋“ฑ์—์„œ ๊ณต๊ฒฉ ํŽ˜์ด๋กœ๋“œ์˜ ์„ฑ๊ณต ์—ฌ๋ถ€๋ฅผ ์–ด๋– ํ•œ ๋ฐฉ์‹์œผ๋กœ ์ฒดํฌํ•˜์‹œ๋‚˜์š”? ๋ณดํ†ต์€ ์›๊ฒฉ์ง€์˜ ์„œ๋ฒ„๋ฅผ ๋‘๊ณ  HTTP๋‚˜ DNS ์š”์ฒญ์ด ๋ฐœ์ƒํ•˜๋Š”๊ฑธ ๊ฐ์ง€ํ•ด์„œ ์ฒดํฌํ•˜๊ณค ํ•ฉ๋‹ˆ๋‹ค. BurpSuite์—” ์ด๋Ÿฌํ•œ ์ž‘์—…์„ ์œ„ํ•ด collaborator๋ผ๋Š” ์•„์ฃผ ์œ ์šฉํ•œ ๋„๊ตฌ(์‚ฌ์šฉ์ž๋ณ„๋กœ ๋ณ„๋„์˜ ๋„๋ฉ”์ธ๊ณผ callback-notify๋ฅผ ์ œ๊ณต)๊ฐ€ ์žˆ๊ณ  ์ด๋ฅผ ๊ธฐ๋ฐ˜์œผ๋กœํ•œ ์—ฌ๋Ÿฌ๊ฐ€์ง€ ํ™•์žฅ๊ธฐ๋Šฅ(taborator, activescan, collaborator everywhere)์ด ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

Get webpage screenshot with gowitness for CICD

  • ~1 min read

What is gowitness

gowitness๋Š” ๋ฒ„๊ทธ๋ฐ”์šดํ‹ฐ ์ปค๋ฎค๋‹ˆํ‹ฐ์—์„œ ์ž˜ ์•Œ๋ ค์ง„ ๋„๊ตฌ๋กœ ๋Œ€๋Ÿ‰์˜ URL์„ ๋Œ€์ƒ์œผ๋กœ ์›น ์Šคํฌ๋ฆฐ์ƒท์„ ๋น ๋ฅด๊ฒŒ ์ฐ์„ ์ˆ˜ ์žˆ๋Š” ๋„๊ตฌ์ž…๋‹ˆ๋‹ค.

Read More