Hi๐Ÿ‘‹๐Ÿผ Iโ€™m HAHWUL.

Offensive Security Engineer, Rubyist/Crystalist/Gopher and H4cker

Posts - Page 3 of 86

CVSS 4.0 Preview ์‚ดํŽด๋ณด๊ธฐ

  • 3 min read

CVSS(Common Vulnerability Scoring System)๋Š” ์‹œ์Šคํ…œ, ์†Œํ”„ํŠธ์›จ์–ด์˜ ์ทจ์•ฝ์„ฑ์„ ํ‰๊ฐ€ํ•˜๊ธฐ ์œ„ํ•ด ์‚ฌ์šฉ๋˜๋Š” ์ทจ์•ฝ์„ฑ์— ๋Œ€ํ•œ ์Šค์ฝ”์–ด๋ง ์‹œ์Šคํ…œ์ž…๋‹ˆ๋‹ค. Offensive Security ๊ด€๋ จํ•˜์—ฌ ํ˜„์—…์— ์žˆ๋‹ค๋ฉด ์ต์ˆ™ํ•˜์ง€๋งŒ ๋ฐ˜๋Œ€๋กœ ๋ฌธ์ œ์ ๋„ ๋งŽ๋‹ค๊ณ  ๋Š๊ปด์ง€๋Š” ๊ทธ๋Ÿฐ ์นœ๊ตฌ์ฃ . ๋ณดํ†ต CVSS2 ๋˜๋Š” CVSS3๋ฅผ ๋งŽ์ด ์‚ฌ์šฉํ•˜๊ณ  ์žˆ๋Š” ์ƒํƒœ์ธ๋ฐ, ์Šฌ์Šฌ CVSS4์˜ ๋ฆด๋ฆฌ์ฆˆ๊ฐ€ ์ ์  ๋‹ค๊ฐ€์˜ค๊ณ  ์žˆ์–ด ์‚ดํŽด๋ณผ ํ•„์š”๊ฐ€ ์žˆ๊ธด ํ•ฉ๋‹ˆ๋‹ค.

Read More

Attack Types in Web Fuzzing

  • 2 min read

Fuzzing์€ ์–ดํ”Œ๋ฆฌ์ผ€์ด์…˜์„ ํ…Œ์ŠคํŠธํ•˜๊ณ  ๋ณด์•ˆ ์ทจ์•ฝ์ ์„ ์ฐพ์•„๋‚ด๊ธฐ ์œ„ํ•ด์„œ ๊ฐ€์žฅ ์ผ๋ฐ˜์ ์œผ๋กœ ์‚ฌ์šฉํ•˜๋Š” ๊ธฐ์ˆ ์ž…๋‹ˆ๋‹ค. ๋ณดํ†ต Burpsuite์˜ Intruder, Turbo Intruder ๋˜๋Š” ZAP์˜ Fuzz, Caido์˜ Automate์™€ ๊ฐ™์ด Proxy ๋„๊ตฌ์—์„œ ์ œ๊ณตํ•˜๋Š” ๊ธฐ๋Šฅ์„ ์‚ฌ์šฉํ•˜๊ฑฐ๋‚˜ ffuf ๊ฐ™์€ cli fuzzer๋ฅผ ์‚ฌ์šฉํ•ด์„œ ํ…Œ์ŠคํŠธํ•˜๊ณค ํ•ฉ๋‹ˆ๋‹ค.

Read More

Hack the AI Prompt ๐Ÿค–

  • 3 min read

chatGPT๋Š” ์ถœ์‹œ ์ดํ›„ ์ •๋ง ๋งŽ์€ ๊ฒƒ๋“ค์„ ๋ฐ”๊ฟจ์Šต๋‹ˆ๋‹ค. ๋ฌผ๋ก  ์‹ค์ œ ์ผ์— ํฐ ์˜ํ–ฅ์„ ์ค€๋‹ค๊ธฐ ๋ณด๋‹จ ์—ฌ๋Ÿฌ AI๊ฐ€ ์‚ฌ๋žŒ๋“ค์˜ ๋งŽ์€ ๊ด€์‹ฌ์„ ๋ฐ›๊ฒŒ๋˜๋ฉด์„œ ๋ณด์•ˆ์ ์ธ ๊ด€์ ์—์„œ๋„ ์ถฉ๋ถ„ํ•œ ๊ณ ๋ฏผ๊ณผ ๊ธฐ์ˆ ์˜ ๋ฐœ์ „์ด ์˜ค๋Š” ์‹œ๊ธฐ๋ผ๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค. ์ด์ „์— AI์— ๋Œ€ํ•œ ๊ณต๊ฒฉ์€ ํ•™์Šต ์ชฝ์— ๊ด€์—ฌํ•˜๋Š” ํ˜•ํƒœ๋กœ ์น˜์šฐ์ณค๋‹ค๋ฉด ํ˜„์žฌ๋Š” Prompt์— ๋Œ€ํ•œ ํ…Œ์ŠคํŒ…๊ณผ ๊ด€์‹ฌ๋„ ๋งŽ์€ ์ƒํƒœ์ž…๋‹ˆ๋‹ค.

Read More

๊ฐœ์ธ/์‚ฌ์„ค ๋„๋ฉ”์ธ์—์„œ Crystal Shard ํŒจํ‚ค์ง€ ์ฝ์–ด์˜ค๊ธฐ

  • ~1 min read

Crystal-lang์—์„  Shards๋ฅผ ํ†ตํ•ด์„œ ํŒจํ‚ค์ง€์™€ ๋””ํŽœ๋˜์‹œ๋ฅผ ๊ด€๋ฆฌํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์ด๋Š” go์˜ go get๊ณผ ์œ ์‚ฌํ•˜๊ฒŒ yaml ๋‚ด ์ž‘์„ฑ๋œ github repository์—์„œ ์†Œ์Šค๋ฅผ ์ฝ์–ด์™€ ์„ค์น˜ํ•˜๋Š” ํ˜•ํƒœ์ž…๋‹ˆ๋‹ค.

Read More

ZAP Site Tree์—์„œ 404 ํŽ˜์ด์ง€ ํ•œ๋ฒˆ์— ์ง€์šฐ๊ธฐ

  • ~1 min read

ZAP์˜ Site tree๋Š” Burp์™€๋Š” ๋‹ค๋ฅด๊ฒŒ 404 Not found๋„ ๋ณด์—ฌ์ฃผ๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ์ข…์ข… ์“ธ๋งŒํ•œ ์ •๋ณด๊ฐ€ ๋˜๊ธฐ ํ•˜์ง€๋งŒ ๋Œ€์ฒด๋กœ ๋ณด๊ธฐ ๋ถˆํŽธํ•œ ์กด์žฌ์ž…๋‹ˆ๋‹ค. ZAP์—์„œ๋Š” ๊ณต์‹์ ์œผ๋กœ ๊ธฐ๋Šฅ์„ ์ œ๊ณตํ•ด์ฃผ๊ณ  ์žˆ์ง€ ์•Š๊ธฐ ๋•Œ๋ฌธ์— ๊ฐ„๋‹จํ•˜๊ฒŒ ์Šคํฌ๋ฆฝํŒ…ํ•˜์—ฌ ์ œ๊ฑฐํ•˜๋Š” ๊ฒƒ์ด ํŽธ๋ฆฌํ•ฉ๋‹ˆ๋‹ค. ๊ฐ„๋‹จํ•˜๊ฒŒ ๊ณต์œ ํ•ด๋ด…๋‹ˆ๋‹ค.

Read More

Embed resources in crystal

  • 2 min read

Crystal์—์„œ ๋ฆฌ์†Œ์Šค ํŒŒ์ผ์„ ๋ฐ”์ด๋„ˆ๋ฆฌ์— Embed ํ•˜๋Š” ๋ฐฉ๋ฒ•์— ๋Œ€ํ•ด ๊ธฐ๋กํ•ด๋‘ก๋‹ˆ๋‹ค. ๊นƒํ—™ ์ด์Šˆ๋“ฑ์„ ์ฐพ์•„๋ณด๋ฉด stdlib๋กœ ๋งŒ๋“ค์–ด์ค„ ๊ฒƒ ๊ฐ™์ง„ ์•Š์•˜๊ณ  ์ฐพ์•„๋ณด๋‹ˆ Rucksack์ด๋ž€ ์ข‹์€ shard๋ฅผ ๋ฐœ๊ฒฌํ•ด์„œ ๊ฐ„๋‹จํ•˜๊ฒŒ ์ •๋ฆฌํ•ด๋‘˜๊ฒŒ์š”. ์ฐธ๊ณ ๋กœ Rucksack์€ Linux์™€ macOS์—์„œ๋งŒ ๋™์ž‘ํ•˜๊ณ  Windows๋Š” ์ง€์›ํ•˜์ง€ ์•Š๋Š”๋‹ค๊ณ  ํ•˜๋‹ˆ ์ด ์  ์ฐธ๊ณ ํ•˜๋ฉด ์ข‹์„ ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.

Read More

Default vs Release build in Crystal

  • 1 min read

Crystal์€ ์ปดํŒŒ์ผ ์–ธ์–ด๋กœ ๋ฐ”์ด๋„ˆ๋ฆฌ๋กœ ๋นŒ๋“œํ•˜์—ฌ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋ฆฌ๊ณ  ๊ณต์‹ ๊ฐ€์ด๋“œ์—์„  release build ์‹œ โ€”release flag ์‚ฌ์šฉ์„ ๊ถŒ๊ณ ํ•˜๊ณ  ์žˆ๋Š”๋ฐ์š”. ์˜ค๋Š˜์€ ์ด flag๊ฐ€ ์–ด๋–ค ์—ญํ• ์„ ํ•˜๋Š”์ง€, ์™œ ๊ถŒ๊ณ ๋˜๊ณ  ์žˆ๋Š”์ง€ ์ •๋ฆฌํ•ด๋ด…๋‹ˆ๋‹ค.

Read More

Homebrew๋กœ ํŒจํ‚ค์ง€ ์ œ๊ณตํ•˜๊ธฐ ๐Ÿบ

  • 2 min read

์ œ๊ฐ€ ๋งŒ๋“  ๋„๊ตฌ๋Š” ๋Œ€๋ถ€๋ถ„ Homebrew, Binary, RubyGem, Snapcraft ๋“ฑ์„ ํ†ตํ•ด ๋ฐฐํฌํ•ฉ๋‹ˆ๋‹ค. ํŠนํžˆ macOS์˜ ๊ฒฝ์šฐ Homebrew๋ฅผ ํ†ตํ•œ ์„ค์น˜ ๋น„์ค‘์ด ์—„์ฒญ ๋†’๊ธฐ ๋–„๋ฌธ์— Go ๊ธฐ๋ฐ˜ ์•ฑ๋“ค์€ ๊ฐ€๊ธ‰์ ์ด๋ฉด Homebrew๋ฅผ ์ง€์›ํ•˜๋ ค๊ณ  ํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋ฆฌ๊ณ  ์ด๋Ÿฌํ•œ ๋Œ€๋ถ€๋ถ„์˜ ์ž‘์—…์€ Goreleaser๋ž€ ๋„๊ตฌ๋ฅผ ํ†ตํ•ด์„œ ์ง„ํ–‰ํ•˜๊ธฐ ๋•Œ๋ฌธ์— ๋งค์šฐ ํŽธ๋ฆฌํ•˜๊ฒŒ ์ง„ํ–‰ํ–ˆ์—ˆ์ฃ .

Read More

Encoding Only Your Choices, EOYC

  • 2 min read

์š”์ฆ˜ ์žฅ๋‚œ๊ฐ ์‚ผ์•„ Crystal๊ณผ Elixir๋กœ ์—ฌ๋Ÿฌ๊ฐ€์ง€ ์ฝ”๋“œ๋ฅผ ์ž‘์„ฑํ•ด๋ณด๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ํŠนํžˆ Crystal์€ Ruby์™€ ์ œ๊ฐ€ ์˜ˆ์ „์— ํ•œ๋ฒˆ ์†Œ๊ฐœํ•˜๊ธฐ๋„ ํ—€๊ณ  Ruby์™€ ๊ฑฐ์˜ ์œ ์‚ฌํ•œ ๋ฌธ๋ฒ•์— ์†๋„๊นŒ์ง€ ๊ฐ–์ถ”๊ณ  ์žˆ์–ด ๊ฐœ์ธ์ ์œผ๋กœ ๊ด€์‹ฌ์ด ๋งŽ์•˜๋˜ ์–ธ์–ด์ž…๋‹ˆ๋‹ค. ์ตœ๊ทผ์— ์—ฌ๋Ÿฌ๊ฐ€์ง€ ์ด์œ ๋กœ Crystal์€ ์ฃผ๋ ฅ ์–ธ์–ด๋กœ ๋งŒ๋“ค์–ด๊ฐ€๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ์˜ค๋Š˜์€ Crystal๋กœ ์ž‘์„ฑํ•œ ๊ฐ„๋‹จํ•œ ๋„๊ตฌ ํ•˜๋‚˜ ๊ณต์œ ํ•˜๋ ค๊ณ  ๊ธ€์„ ์ž‘์„ฑํ•ด๋ด…๋‹ˆ๋‹ค.

Read More