I saw a new post in portswigger research today. It’s about how to successfully prove XSS when the attack phrase is blocked by WAF, but it’s short but interesting, so I’m writing it.

최근에 블로그를 blogger에서 github page로 옮기면서 댓글을 작성할 수 있는 환경이 사라졌습니다. Jekyll에서 많이들 사용하시는 Disqus의 경우 개인적으로 광고 이슈때문에 좋아하지 않기 때문에 댓글 서비스를 다시 찾아봤고, github issue 기반의 댓글 서비스인 Utterances를 알게 되었습니다.

The zap-cli is a tool that helps make ZAP easy to use on the command line. From simple scanning to CI/CD Pipeline, it’s a tool that’s used everywhere. Unlike other scanners, it does not support custom headers.

Cullinan(Wiki) 프로젝트를 진행하면서 Cullinan - Nmap에 다시 정리해두었습니다. 해당 페이지가 최신이니 참고 부탁드려요 😎

Hi hackers and bugbounty hunters. today I’m going to talk about findomain monitor options. Since the config option has been added, it is very simple to configure the monitoring environment. Speed, usability, everything => findomain

Hi, hackers and bugbounty hunters :D

저는 Burp pro / ZAP / Cli base proxy 3가지 모두를 사용합니다. 단순히 웹만 테스팅할 땐 크게 와닿지 않지만, 모바일을 테스트할 땐 인증서가 상당히 귀찮습니다. (특히 임시로 사용하는 폰들은..)

Hi hackers and bugbounty hunters :D

Recently, the nahamcon2020 was in over. I difficult to watching it in my time zone, so I just looked at the documents after it’s over. They were all very interesting and I learned a lot of new things. Today I’m going to talk about the email attack that I saw the most interesting among them. Of course, if you using english, best document is original material, so refer to the link below, and I will write only in Korean today!

The termux in my memory was Linux on Android, which was only available with some Linux commands.