Posts - Page 31 of 87
Docker images and running commands of vulnerable web
~1 min read
I often use the weak web for performance testing of tools under development. I write post collection of docker commands for the execution of the vulnerable web.
Transient events for XSS(sendBeacon?!)
1 min read
I saw a new post in portswigger research today. It’s about how to successfully prove XSS when the attack phrase is blocked by WAF, but it’s short but interesting, so I’m writing it.
Jekyll에 Utterances, Giscus 댓글 적용하기
2 min read
최근에 블로그를 blogger에서 github page로 옮기면서 댓글을 작성할 수 있는 환경이 사라졌습니다. Jekyll에서 많이들 사용하시는 Disqus의 경우 개인적으로 광고 이슈때문에 좋아하지 않기 때문에 댓글 서비스를 다시 찾아봤고, github issue 기반의 댓글 서비스인 Utterances를 알게 되었습니다.
How to add custom header in ZAP and zap-cli
3 min read
The zap-cli is a tool that helps make ZAP easy to use on the command line. From simple scanning to CI/CD Pipeline, it’s a tool that’s used everywhere. Unlike other scanners, it does not support custom headers.
NMAP CheatSheet
2 min read
Cullinan(Wiki) 프로젝트를 진행하면서 Cullinan - Nmap에 다시 정리해두었습니다. 해당 페이지가 최신이니 참고 부탁드려요 😎
Observe new subdomain (지속적으로 서브도메인 모니터링하기)
3 min read
Hi hackers and bugbounty hunters. today I’m going to talk about findomain monitor options. Since the config option has been added, it is very simple to configure the monitoring environment. Speed, usability, everything => findomain
pet and hack-pet. managing command snippets for security testing
5 min read
Hi, hackers and bugbounty hunters :D
One custom certificate, Using all tools and your devices (for bug bounty/pentesting)
5 min read
저는 Burp pro / ZAP / Cli base proxy 3가지 모두를 사용합니다. 단순히 웹만 테스팅할 땐 크게 와닿지 않지만, 모바일을 테스트할 땐 인증서가 상당히 귀찮습니다. (특히 임시로 사용하는 폰들은..)
Bypassing string base XSS protection with Optional chaining
2 min read
Hi hackers and bugbounty hunters :D
E-mail 포맷을 이용한 여러가지 Exploiting 기법들
2 min read
Recently, the nahamcon2020 was in over. I difficult to watching it in my time zone, so I just looked at the documents after it’s over. They were all very interesting and I learned a lot of new things. Today I’m going to talk about the email attack that I saw the most interesting among them. Of course, if you using english, best document is original material, so refer to the link below, and I will write only in Korean today!