hahwul

Offensive Security Engineer, Rubyist/Crystalist/Gopher and H4cker

Posts - Page 28 of 86

Why I Use ZAP

  • 5 min read

๐Ÿ—ก Army-Knife for AppSec

Application Security ๋˜๋Š” Pentest, Bugbounty ๋“ฑ ์ „๋ฐ˜์ ์ธ Offensive security ๊ด€๋ จ ์ผ์—์„œ ๊ฐ€์žฅ ํ•ต์‹ฌ์ ์ธ ๋„๊ตฌ๋Š” Burp/ZAP ๊ณผ ๊ฐ™์€ Proxy ๋„๊ตฌ์ž…๋‹ˆ๋‹ค. ์ดˆ๊ธฐ์—๋Š” Proxy ๋„๊ตฌ๋ผ๋Š” ์„ฑํ–ฅ์ด ๊ฐ•ํ–ˆ์ง€๋งŒ, ์ด์ œ๋Š” Proxy ๋„๊ตฌ๋ผ๊ธฐ ๋ณด๋‹จ Army-Knife ๋ผ๊ณ  ๋ณด๋Š”๊ฒŒ ๋” ์ ํ•ฉํ•  ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.

Read More

๋ฉ€ํ‹ฐ ํด๋ผ์šฐ๋“œ, ๋ณด์•ˆ์  ๊ด€์ ์—์„œ ๋ฐ”๋ผ๋ณด๊ธฐ

  • 2 min read

AWS๊ฐ€ ๊ฐœ์ตœํ•˜๋Š” Re:Invent๋ผ๋Š” ์ปจํผ๋Ÿฐ์Šค์—์„œ ๋ฉ€ํ‹ฐ ํด๋ผ์šฐ๋“œ์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ๊ฐ€ ์•ฝ๊ฐ„ ์–ธ๊ธ‰๋˜์—ˆ๋‚˜ ๋ด…๋‹ˆ๋‹ค. ๋Œ€์ถฉ ๋“ฃ๊ธฐ๋ก  ๋ฉ€ํ‹ฐ ํด๋ผ์šฐ๋“œ๋ฅผ ์œ„ํ•œ ๊ด€๋ฆฌํˆด์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ์ธ ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค. ๊ทธ๋ž˜์„œ ์˜ค๋Š˜์€ ๋ฉ€ํ‹ฐํด๋ผ์šฐ๋“œ๊ฐ€ ๋ญ”์ง€, ๊ทธ๋ฆฌ๊ณ  ๋ณด์•ˆ์ชฝ ๊ด€์ ์—์„  ์–ด๋–ค ๋ฐฉ๋ฒ•์œผ๋กœ ๋ฐ”๋ผ๋ด์•ผํ• ์ง€ ๊ธ€๋กœ ํ’€์–ด๋ด…๋‹ˆ๋‹ค. (์‚ฌ์‹ค ์ €๋„ ์ž˜ ๋ชฐ๋ผ์š”. ๊ทธ๋ƒฅ ์ƒ๊ฐ๋‚˜๋Š” ๋Œ€๋กœ ์ ๋Š”๊ฑฐ๊ณ , ์˜๊ฒฌ์€ ๋Œ“๊ธ€๋กœ ์ฃผ์„ธ์š” ๐Ÿ˜…)

Read More

HTTPie, curl์„ ๋Œ€์ฒดํ•  ๋งŒํ•œ ๊ฐ•๋ ฅํ•œ http client

  • 1 min read

์ง€๋‚œ์ฃผ์ธ๊ฐ€์š”? ํŠธ์œ—๋ณด๋‹ค๊ฐ€ ์“ธ๋งŒํ•ด๋ณด์ด๋Š” curl ๊ฐ™์€ ๋„๊ตฌ๋ฅผ ๋ฐœ๊ฒฌํ–ˆ์Šต๋‹ˆ๋‹ค. ๋ฐ”๋กœ httpie๋ผ๋Š” ๋„๊ตฌ์ธ๋ฐ์š”, human friendlyํ•œ ์ปจ์…‰์— ์ฒ˜์Œ๋ถ€ํ„ฐ ์•ฝ๊ฐ„ ํ˜ธ๊ฐ์ด์˜€๊ณ  ์„ค์น˜ํ•ด์„œ ์จ๋ณด๋‹ˆ ์ด๊ฑด ๋ฌผ๊ฑด์ธ ๊ฒƒ ๊ฐ™์•„ ๊ณต์œ  ์ฐจ์›์—์„œ ๊ฐ„๋‹จํ•˜๊ฒŒ ๊ธ€๋กœ ์ž‘์„ฑํ•ด๋ด…๋‹ˆ๋‹ค ๐Ÿ˜

Read More

Github 2FA ์ธ์ฆ ์ดํ›„ Authentication Error ํ•ด๊ฒฐํ•˜๊ธฐ

  • ~1 min read

Gitub๋Š” ํŽธ์˜์„ฑ ๋•Œ๋ฌธ์— 2FA(Two-Factor) ์ธ์ฆ์„ ์‚ฌ์šฉํ•˜์ง€ ์•Š์•˜์—ˆ๋Š”๋ฐ, Marketplace ์—…๋ฐ์ดํŠธ๋ฅผ ์œ„ํ•ด ์•ฝ๊ฐ„์˜ ๋ถˆํŽธํ•จ์„ ๊ฐ์ˆ˜ํ•˜๊ณ  2FA๋ฅผ ์„ค์ •ํ–ˆ์Šต๋‹ˆ๋‹ค. (์–ด์ฐจํ”ผ ๋‹ค๋ฅธ ์„œ๋น„์Šค์—์„œ ์ด๋ฏธ ๋งŽ์ด ์“ฐ๊ณ ์žˆ๋˜ ์ƒํƒœ๋ผ.. ๋ญ ์‚ฌ์‹ค ํฌ๊ฒŒ ๋ถˆํŽธํ• ๊ฒŒ ์—†์„ ์ค„ ์•Œ์•˜์ฃ )

Read More

Setup a Pentest environment with Axiom

  • 3 min read

What is Axiom

Axiom is a dynamic infrastructure framework to efficiently work with multi-cloud enviornments, build and deploy repeatable infrastructure focussed on offensive and defensive security.

Read More

Docker scratch image from a Security perspective

  • 2 min read

์ตœ๊ทผ ๋„์ปค ๊ด€๋ จํ•ด์„œ ํ…Œ์ŠคํŠธํ•˜๋˜ ์ค‘ Scratch ๋ผ๋Š” ์ด๋ฏธ์ง€๋ฅผ ๋ณด๊ฒŒ ๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ๊ฐœ์ธ์ ์œผ๋ก  ์ฒ˜์Œ๋ณด๋Š” ์ด๋ฏธ์ง€์ธ๋ฐ, ํŠน์ดํ•˜๊ฒŒ๋„ ๋ณดํŽธ์ ์ธ OS์—์„œ ์‚ฌ์šฉ๋˜๋Š” ๋ช…๋ น์–ด๋ถ€ํ„ฐ ์—ฌ๋Ÿฌ๊ฐ€์ง€ ์ค‘์š”ํ•œ ๋ฐ”์ด๋„ˆ๋ฆฌ๋‚˜ ์„ค์ •๊นŒ์ง€ ์—†๋Š” ๋…ํŠนํ•œ ์ด๋ฏธ์ง€์˜€์ฃ . ์ฐพ๋‹ค๋ณด๋‹ˆ ์ƒ๊ฐ๋ณด๋‹ค ์žฌ๋ฏธ์žˆ๋Š” ์ด๋ฏธ์ง€์—ฌ์„œ ๊ด€๋ จ ๋‚ด์šฉ๊ณผ ์ €์˜ ์ƒ๊ฐ์„ ์•ฝ๊ฐ„ ๋”ํ•ด์„œ ๊ธ€์„ ์ž‘์„ฑํ•ด๋ด…๋‹ˆ๋‹ค.

Read More

Jekyll Build Speed Up!

  • 3 min read

์ข…์ข… ์ œ Github page๋Š” ๋นŒ๋“œ๊ฐ€ ์‹คํŒจํ•ฉ๋‹ˆ๋‹ค. ๋ฌผ๋ก  ๋Œ€๋žต์ ์ธ ์ด์œ ๋Š” ์•Œ๊ณ  ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค. Github page๋Š” ์•ฝ ์ตœ๋Œ€ 13๋ถ„ ์ „ํ›„ ์ •๋„์˜ build time์„ ๊ฐ€์งˆ ์ˆ˜ ์žˆ๋Š”๋ฐ, ์ด๋ฅผ ๋„˜์–ด๊ฐ€๊ฒŒ ๋˜๋ฉด pending ๋˜๊ฑฐ๋‚˜ ์‹คํŒจํ•ฉ๋‹ˆ๋‹ค. ์ œ Jekyll์˜ ๋นŒ๋“œ ์‹œ๊ฐ„์ด 15๋ถ„ ์ •๋„ ๊ฑธ๋ฆฌ๋˜ ์ƒํƒœ๋กœ ๋‹น์—ฐํžˆ ์‹คํŒจํ•˜๋Š” ๊ฒฝ์šฐ๊ฐ€ ๋ฐœ์ƒํ–ˆ์—ˆ์ฃ .

Read More

Jekyll feed.xml ์ตœ์†Œํ™”ํ•˜๊ธฐ

  • 2 min read

RSS๋Š” ๋งค์šฐ ์˜ค๋ž˜๋œ ๊ธฐ์ˆ ์ด์ง€๋งŒ, ์•„์ง๊นŒ์ง€๋„ ๋งŽ์€ ์›น ์„œ๋น„์Šค์—์„œ ์ง€์›ํ•˜๊ณ  ์‚ฌ์šฉ๋˜๋Š” ๊ธฐ์ˆ ์ž…๋‹ˆ๋‹ค. ์ผ๋ฐ˜ ์‚ฌ์šฉ์ž๊ฐ€ ๋ฆฌ๋”๋ฅผ ํ†ตํ•ด ์‰ฝ๊ฒŒ ๊ธ€ ๋ชฉ๋ก์„ ๋ฐ›์•„์„œ ์ฝ์„ ์ˆ˜ ์žˆ๊ณ , SEO ๊ด€์ ์—์„œ๋„ ์ƒ๋‹นํžˆ ์ค‘์š”ํ•œ ๋ถ€๋ถ„์ž…๋‹ˆ๋‹ค.

Read More