Offensive Security Engineer, Rubyist/Crystalist/Gopher and H4cker

Posts - Page 31 of 86

E-mail 포맷을 이용한 여러가지 Exploiting 기법들

2 min read

Recently, the nahamcon2020 was in over. I difficult to watching it in my time zone, so I just looked at the documents after it’s over. They were all very interesting and I learned a lot of new things. Today I’m going to talk about the email attack that I saw the most interesting among them. Of course, if you using english, best document is original material, so refer to the link below, and I will write only in Korean today!

Find reflected parameter on ZAP for XSS!

1 min read

올해부터 버그바운티 시 사용하기 좋은 웹 해킹 도구들을 정리하고 있습니다. 그중엔 BurpSuite와 ZAP의 확장 기능 컬렉션도 있고 트윗통해 추천을 받던 중 쓸만한 ZAP 확장 기능을 찾아 글로 간략하게 작성해봅니다.

How to use DalFox’s Fun Options (if found notify , custom grepping)

7 min read

As you can see from my blog and tweet, I recently full-change(new project…) my XSpear and created an XSS Scanning tool called DalFox. Today, I’m going to share some tips for using DalFox. 제 블로그나 트윗을 본다면 알겠지만, 최근 XSpear를 갈아엎고 DalFox라는 XSS Scanning 도구를 만들었습니다.