Search
566 posts tagged

security

Hello Caido ๐Ÿ‘‹๐Ÿผ
2 min read

Hello Caido ๐Ÿ‘‹๐Ÿผ

security
CORS Bypass via dot
2 min read

CORS Bypass via dot

security develop
ZAP Custom En/Decoder ๋งŒ๋“ค๊ธฐ
4 min read

ZAP Custom En/Decoder ๋งŒ๋“ค๊ธฐ

security zap develop
Firefox + Container + Proxy = Hack Env
2 min read

Firefox + Container + Proxy = Hack Env

security
Front-End Tracker๋กœ DOM/Storage ๋ถ„์„ํ•˜๊ธฐ
5 min read

Front-End Tracker๋กœ DOM/Storage ๋ถ„์„ํ•˜๊ธฐ

security zap
Katana์™€ Web Crawler
2 min read

Katana์™€ Web Crawler

security
XSSHunter๊ฐ€ ์ข…๋ฃŒ๋ฉ๋‹ˆ๋‹ค
1 min read

XSSHunter๊ฐ€ ์ข…๋ฃŒ๋ฉ๋‹ˆ๋‹ค

security
๋น ๋ฅธ ํ…Œ์ŠคํŒ…์„ ์œ„ํ•œ ZAP ๋‹จ์ถ•ํ‚ค๋“ค
3 min read

๋น ๋ฅธ ํ…Œ์ŠคํŒ…์„ ์œ„ํ•œ ZAP ๋‹จ์ถ•ํ‚ค๋“ค

security zap
ZAP 2.12 ์‚ดํŽด๋ณด๊ธฐ โšก๏ธ
3 min read

ZAP 2.12 ์‚ดํŽด๋ณด๊ธฐ โšก๏ธ

security zap
localStorage + getter = Prototype Pollution
2 min read

localStorage + getter = Prototype Pollution

security
CSRF is dying
5 min read

CSRF is dying

security
Metasploit์—์„œ HTTP Debug ํ•˜๊ธฐ
2 min read

Metasploit์—์„œ HTTP Debug ํ•˜๊ธฐ

security metasploit
Broken link๋ฅผ ์ฐพ์ž! DeadFinder
2 min read

Broken link๋ฅผ ์ฐพ์ž! DeadFinder

security develop ruby
Dalfox 2.8 Release ๐Ÿš€
2 min read

Dalfox 2.8 Release ๐Ÿš€

security
OAST์— Hint๋ฅผ ๋”ํ•˜๋‹ค
2 min read

OAST์— Hint๋ฅผ ๋”ํ•˜๋‹ค

security oast
Param Digger! Easy param mining via ZAP
1 min read

Param Digger! Easy param mining via ZAP

security zap
Hex? Imhex and Hexyl
1 min read

Hex? Imhex and Hexyl

security develop
ZAPโšก๏ธ Replacer VS Sender Script
3 min read

ZAPโšก๏ธ Replacer VS Sender Script

security zap
ZAP Alert Filters๋กœ Risk ๊ฐ€์ง€๊ณ  ๋†€๊ธฐ
4 min read

ZAP Alert Filters๋กœ Risk ๊ฐ€์ง€๊ณ  ๋†€๊ธฐ

security zap develop
๊ฐ„๋‹จํ•˜๊ฒŒ ZAP Scripting ๋ฐฐ์›Œ๋ณด๊ธฐ
4 min read

๊ฐ„๋‹จํ•˜๊ฒŒ ZAP Scripting ๋ฐฐ์›Œ๋ณด๊ธฐ

security zap
ZAP Forced User Mode!!
1 min read

ZAP Forced User Mode!!

security zap
Input/Custom Vectors๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ZAP์—์„œ ์ •๋ฐ€ํ•˜๊ฒŒ ์ทจ์•ฝ์  ์Šค์บ”ํ•˜๊ธฐ ๐ŸŽฏ
2 min read

Input/Custom Vectors๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ZAP์—์„œ ์ •๋ฐ€ํ•˜๊ฒŒ ์ทจ์•ฝ์  ์Šค์บ”ํ•˜๊ธฐ ๐ŸŽฏ

security zap
Zest script in CLI
4 min read

Zest script in CLI

security zap
ZAP์—์„œ Zest Script๋กœ Headless ๊ธฐ๋ฐ˜์˜ ์ธ์ฆ ์ž๋™ํ™” ์ฒ˜๋ฆฌํ•˜๊ธฐ
5 min read

ZAP์—์„œ Zest Script๋กœ Headless ๊ธฐ๋ฐ˜์˜ ์ธ์ฆ ์ž๋™ํ™” ์ฒ˜๋ฆฌํ•˜๊ธฐ

security zap
ZAP Active Scan ์‹œ Progress์™€ Response chart ํ™œ์šฉํ•˜๊ธฐ
3 min read

ZAP Active Scan ์‹œ Progress์™€ Response chart ํ™œ์šฉํ•˜๊ธฐ

security zap
ZAP Bookmarklet for Speed up
1 min read

ZAP Bookmarklet for Speed up

security zap
PyScript์™€ Security ๐Ÿ๐Ÿ—ก
3 min read

PyScript์™€ Security ๐Ÿ๐Ÿ—ก

security
ZAP HTTP Sessions๋ฅผ ํ†ตํ•ด ๊ฐ„ํŽธํ•˜๊ฒŒ ์„ธ์…˜ ๊ธฐ๋ฐ˜ ํ…Œ์ŠคํŒ…ํ•˜๊ธฐ
3 min read

ZAP HTTP Sessions๋ฅผ ํ†ตํ•ด ๊ฐ„ํŽธํ•˜๊ฒŒ ์„ธ์…˜ ๊ธฐ๋ฐ˜ ํ…Œ์ŠคํŒ…ํ•˜๊ธฐ

security zap
CSS Transition ๊ธฐ๋ฐ˜์˜ ontransitionend XSS
1 min read

CSS Transition ๊ธฐ๋ฐ˜์˜ ontransitionend XSS

security
Metasploit ๋ฐ์ดํ„ฐ๋ฅผ Httpx๋กœ?
9 min read

Metasploit ๋ฐ์ดํ„ฐ๋ฅผ Httpx๋กœ?

security metasploit
ZAP HUNT Remix
2 min read

ZAP HUNT Remix

security zap
Context Technology๋กœ ZAP ์Šค์บ” ์†๋„ ์˜ฌ๋ฆฌ๊ธฐ
1 min read

Context Technology๋กœ ZAP ์Šค์บ” ์†๋„ ์˜ฌ๋ฆฌ๊ธฐ

security zap
Permissions-Policy ํ—ค๋”๋กœ ์กฐ๊ธˆ ๋” ์•ˆ์ „ํ•˜๊ฒŒ Browser API ์‚ฌ์šฉํ•˜๊ธฐ
2 min read

Permissions-Policy ํ—ค๋”๋กœ ์กฐ๊ธˆ ๋” ์•ˆ์ „ํ•˜๊ฒŒ Browser API ์‚ฌ์šฉํ•˜๊ธฐ

security develop
Spring4Shell RCE ์ทจ์•ฝ์  (CVE-2022-22965)
3 min read

Spring4Shell RCE ์ทจ์•ฝ์  (CVE-2022-22965)

security
ZAP Structural Modifier
3 min read

ZAP Structural Modifier

security zap
Ajax Spidering ์‹œ ๋ธŒ๋ผ์šฐ์ € ์—”์ง„ ๋ณ„ ์„ฑ๋Šฅ ๋น„๊ต ๐Ÿ
5 min read

Ajax Spidering ์‹œ ๋ธŒ๋ผ์šฐ์ € ์—”์ง„ ๋ณ„ ์„ฑ๋Šฅ ๋น„๊ต ๐Ÿ

security zap
Security Crawl Maze์™€ ZAP
2 min read

Security Crawl Maze์™€ ZAP

security zap
MyEnv := ZAP+Proxify+Burp
4 min read

MyEnv := ZAP+Proxify+Burp

security zap
XSS Weakness(JSON XSS) to Valid XSS
4 min read

XSS Weakness(JSON XSS) to Valid XSS

security
Bye๐Ÿ‘‹๐Ÿผ XSS Auditor (X-XSS-Protection)
1 min read

Bye๐Ÿ‘‹๐Ÿผ XSS Auditor (X-XSS-Protection)

security
HAR(HTTP Archive format) ํฌ๋งท๊ณผ ์•ž์œผ๋กœ์˜ ๊ฐœ๋ฐœ ๊ณ„ํš
1 min read

HAR(HTTP Archive format) ํฌ๋งท๊ณผ ์•ž์œผ๋กœ์˜ ๊ฐœ๋ฐœ ๊ณ„ํš

security develop
System Hardening์„ ํ”ผํ•ด RCE๋ฅผ ํƒ์ง€ํ•˜๊ธฐ ์œ„ํ•œ OOB ๋ฐฉ๋ฒ•๋“ค
6 min read

System Hardening์„ ํ”ผํ•ด RCE๋ฅผ ํƒ์ง€ํ•˜๊ธฐ ์œ„ํ•œ OOB ๋ฐฉ๋ฒ•๋“ค

security zap
Data URI(data:) XSS v2
2 min read

Data URI(data:) XSS v2

security
URL: prefix๋ฅผ ์ด์šฉํ•˜์—ฌ Deny-list ๊ธฐ๋ฐ˜ Protocol ๊ฒ€์ฆ ์šฐํšŒํ•˜๊ธฐ
3 min read

URL: prefix๋ฅผ ์ด์šฉํ•˜์—ฌ Deny-list ๊ธฐ๋ฐ˜ Protocol ๊ฒ€์ฆ ์šฐํšŒํ•˜๊ธฐ

security
Sequential Import Chaining์„ ์ด์šฉํ•œ CSS ๊ธฐ๋ฐ˜ ๋ฐ์ดํ„ฐ ํƒˆ์ทจ
3 min read

Sequential Import Chaining์„ ์ด์šฉํ•œ CSS ๊ธฐ๋ฐ˜ ๋ฐ์ดํ„ฐ ํƒˆ์ทจ

security
Attack Surface Detector๋ฅผ ์ด์šฉํ•ด ์†Œ์Šค์ฝ”๋“œ์—์„œ Endpoint ์ฐพ๊ธฐ
1 min read

Attack Surface Detector๋ฅผ ์ด์šฉํ•ด ์†Œ์Šค์ฝ”๋“œ์—์„œ Endpoint ์ฐพ๊ธฐ

security zap
๊ณง Chrome์—์„œ document.domain์„ ์„ค์ •ํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค โš ๏ธ
1 min read

๊ณง Chrome์—์„œ document.domain์„ ์„ค์ •ํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค โš ๏ธ

security develop
ZAP์˜ ์ƒˆ๋กœ์šด Networking Stack
2 min read

ZAP์˜ ์ƒˆ๋กœ์šด Networking Stack

security zap
Custom Payloads๋กœ ZAP ์Šค์บ๋‹ ๊ฐ•ํ™” ๐Ÿš€
4 min read

Custom Payloads๋กœ ZAP ์Šค์บ๋‹ ๊ฐ•ํ™” ๐Ÿš€

security zap
Paragraph Separator(U+2029) XSS
1 min read

Paragraph Separator(U+2029) XSS

security
๊ฐœ๋ฐœ์ž๋งŒ? ์•„๋‹ˆ ์šฐ๋ฆฌ๋„ ์Šคํฌ๋ž˜์น˜ ํŒจ๋“œ ํ•„์š”ํ•ด! Boop!
1 min read

๊ฐœ๋ฐœ์ž๋งŒ? ์•„๋‹ˆ ์šฐ๋ฆฌ๋„ ์Šคํฌ๋ž˜์น˜ ํŒจ๋“œ ํ•„์š”ํ•ด! Boop!

security develop
[Cullinan #26] Add XXE (XML External Entity)
1 min read

[Cullinan #26] Add XXE (XML External Entity)

security cullinan
ZAP vs Burpsuite in my mind at 2022
5 min read

ZAP vs Burpsuite in my mind at 2022

security zap
Authz0 v1.1 Released ๐ŸŽ‰
1 min read

Authz0 v1.1 Released ๐ŸŽ‰

security
Chrome์—์„  ์ด์ œ open ์†์„ฑ์—†์ด <details> XSS๊ฐ€ ๊ฐ€๋Šฅํ•ฉ๋‹ˆ๋‹ค.
1 min read

Chrome์—์„  ์ด์ œ open ์†์„ฑ์—†์ด
XSS๊ฐ€ ๊ฐ€๋Šฅํ•ฉ๋‹ˆ๋‹ค.

security
์•ˆ๋…• Authz0, Authorization ํ…Œ์ŠคํŠธ๋ฅผ ์œ„ํ•œ ์ƒˆ๋กœ์šด ๋„๊ตฌ ๐Ÿš€
4 min read

์•ˆ๋…• Authz0, Authorization ํ…Œ์ŠคํŠธ๋ฅผ ์œ„ํ•œ ์ƒˆ๋กœ์šด ๋„๊ตฌ ๐Ÿš€

security
Zest์™€ ZAP! ๊ฐ•๋ ฅํ•œ ๋ณด์•ˆ ํ…Œ์ŠคํŠธ ๋ฃจํ‹ด์„ ๋งŒ๋“ค์–ด๋ด์š” โšก๏ธ
6 min read

Zest์™€ ZAP! ๊ฐ•๋ ฅํ•œ ๋ณด์•ˆ ํ…Œ์ŠคํŠธ ๋ฃจํ‹ด์„ ๋งŒ๋“ค์–ด๋ด์š” โšก๏ธ

security zap
[Cullinan #25] ์•ž์œผ๋กœ์˜ ๊ณ„ํš
1 min read

[Cullinan #25] ์•ž์œผ๋กœ์˜ ๊ณ„ํš

security cullinan
๋‚˜์˜ ๋ฉ”์ธ Weapon ์ด์•ผ๊ธฐ โš”๏ธ (ZAP and Proxify)
2 min read

๋‚˜์˜ ๋ฉ”์ธ Weapon ์ด์•ผ๊ธฐ โš”๏ธ (ZAP and Proxify)

security zap
Log4 2.17 JDBCAppender RCE(CVE-2021-44832)
1 min read

Log4 2.17 JDBCAppender RCE(CVE-2021-44832)

security
ZAP์˜ ์ƒˆ๋กœ์šด Import/Export Addon, ๊ทธ๋ฆฌ๊ณ  ๋ฏธ๋ž˜์— ๋Œ€ํ•œ ๋‡Œํ”ผ์…œ
1 min read

ZAP์˜ ์ƒˆ๋กœ์šด Import/Export Addon, ๊ทธ๋ฆฌ๊ณ  ๋ฏธ๋ž˜์— ๋Œ€ํ•œ ๋‡Œํ”ผ์…œ

security zap
Web Cache ์ทจ์•ฝ์ ๋“ค์„ ์Šค์บ๋‹ํ•˜์ž ๐Ÿ”ญ
3 min read

Web Cache ์ทจ์•ฝ์ ๋“ค์„ ์Šค์บ๋‹ํ•˜์ž ๐Ÿ”ญ

security
Dalfox 2.7 Released ๐ŸŽ‰
4 min read

Dalfox 2.7 Released ๐ŸŽ‰

security
ZAP๊ณผ Burpsuite์—์„œ feedback ์ •๋ณด๋ฅผ ์ˆ˜์ง‘ํ•˜์ง€ ๋ชปํ•˜๋„๋ก ์ œํ•œํ•˜๊ธฐ
2 min read

ZAP๊ณผ Burpsuite์—์„œ feedback ์ •๋ณด๋ฅผ ์ˆ˜์ง‘ํ•˜์ง€ ๋ชปํ•˜๋„๋ก ์ œํ•œํ•˜๊ธฐ

security zap
[Cullinan #24] Add ESI Injection and Update Others
1 min read

[Cullinan #24] Add ESI Injection and Update Others

security cullinan
Private OOB ํ…Œ์ŠคํŒ…์„ ์œ„ํ•œ Self Hosted Interactsh
6 min read

Private OOB ํ…Œ์ŠคํŒ…์„ ์œ„ํ•œ Self Hosted Interactsh

security
Log4shell ์ „ ์„ธ๊ณ„์˜ ์ธํ„ฐ๋„ท์ด ๋ถˆํƒ€๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค ๐Ÿ”ฅ (CVE-2021-44228/CVE-2021-45046/CVE-2021-45105)
5 min read

Log4shell ์ „ ์„ธ๊ณ„์˜ ์ธํ„ฐ๋„ท์ด ๋ถˆํƒ€๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค ๐Ÿ”ฅ (CVE-2021-44228/CVE-2021-45046/CVE-2021-45105)

security zap
์›น ํ•ด์ปค๋ฅผ ์œ„ํ•œ Browser Addons
2 min read

์›น ํ•ด์ปค๋ฅผ ์œ„ํ•œ Browser Addons

security
ZAP RootCA๋ฅผ API์™€ Cli-Arguments๋กœ ์ œ์–ดํ•˜๊ธฐ
3 min read

ZAP RootCA๋ฅผ API์™€ Cli-Arguments๋กœ ์ œ์–ดํ•˜๊ธฐ

security zap
DOM XSS? ๊ทธ๋ ‡๋‹ค๋ฉด Eval Villain
3 min read

DOM XSS? ๊ทธ๋ ‡๋‹ค๋ฉด Eval Villain

security zap
ZAP Browser์—์„œ Extension ์˜๊ตฌ ์ ์šฉํ•˜๊ธฐ
2 min read

ZAP Browser์—์„œ Extension ์˜๊ตฌ ์ ์šฉํ•˜๊ธฐ

security zap
ZAP ์Šคํฌ๋ฆฝํŒ…์œผ๋กœ ๋น ๋ฅด๊ฒŒ Fake response ๋งŒ๋“ค๊ธฐ
1 min read

ZAP ์Šคํฌ๋ฆฝํŒ…์œผ๋กœ ๋น ๋ฅด๊ฒŒ Fake response ๋งŒ๋“ค๊ธฐ

security zap
[Cullinan #23] Add SSTI, CSTI and update XSS
1 min read

[Cullinan #23] Add SSTI, CSTI and update XSS

security cullinan
[Cullinan #22] Add Cache Deception and Dependency Confusion
1 min read

[Cullinan #22] Add Cache Deception and Dependency Confusion

security cullinan
Dalfox 2.6 Released ๐ŸŽ‰
4 min read

Dalfox 2.6 Released ๐ŸŽ‰

security
Solving issue the POST scan in zap-cli not work
2 min read

Solving issue the POST scan in zap-cli not work

security zap
[Cullinan #21] Add RFD(Remote File Download)
1 min read

[Cullinan #21] Add RFD(Remote File Download)

security cullinan
[Cullinan #20] LDAP Injection, ClickJacking, Cache Poisoning ๊ทธ๋ฆฌ๊ณ  ๊ฐœ์„ ์‚ฌํ•ญ
1 min read

[Cullinan #20] LDAP Injection, ClickJacking, Cache Poisoning ๊ทธ๋ฆฌ๊ณ  ๊ฐœ์„ ์‚ฌํ•ญ

security cullinan
New technic of HTTP Request Smuggling (chunked extension)
2 min read

New technic of HTTP Request Smuggling (chunked extension)

security
[Cullinan #19] Add SQLi and Cookie Bomb
1 min read

[Cullinan #19] Add SQLi and Cookie Bomb

security cullinan
Amass + Scripting = ์ตœ๊ณ ์˜ ์„œ๋ธŒ๋„๋ฉ”์ธ ํƒ์ƒ‰
8 min read

Amass + Scripting = ์ตœ๊ณ ์˜ ์„œ๋ธŒ๋„๋ฉ”์ธ ํƒ์ƒ‰

security
ZAP 2.11์ด ๋ฆด๋ฆฌ์ฆˆ๋˜์—ˆ์Šต๋‹ˆ๋‹ค! ๋น ๋ฅด๊ฒŒ ๋ฆฌ๋ทฐํ•˜์ฃ  โšก๏ธ
2 min read

ZAP 2.11์ด ๋ฆด๋ฆฌ์ฆˆ๋˜์—ˆ์Šต๋‹ˆ๋‹ค! ๋น ๋ฅด๊ฒŒ ๋ฆฌ๋ทฐํ•˜์ฃ  โšก๏ธ

security zap
403 forbidden์„ ์šฐํšŒํ•˜๋Š” 4๊ฐ€์ง€ ๋ฐฉ๋ฒ•๋“ค
3 min read

403 forbidden์„ ์šฐํšŒํ•˜๋Š” 4๊ฐ€์ง€ ๋ฐฉ๋ฒ•๋“ค

security
Cullinan 18 XST and DOM Clobbering
1 min read

Cullinan 18 XST and DOM Clobbering

security cullinan
์ด์ œ Interact.sh ๊ฐ€ ZAP OAST์—์„œ ์ง€์›๋ฉ๋‹ˆ๋‹ค
1 min read

์ด์ œ Interact.sh ๊ฐ€ ZAP OAST์—์„œ ์ง€์›๋ฉ๋‹ˆ๋‹ค

security zap
ZAP update domains (core and addon)
1 min read

ZAP update domains (core and addon)

security zap
[Cullinan #17] JWT ์ถ”๊ฐ€ ๋ฐ CSRF ๋‚ด Bypass Method ์ถ”๊ฐ€
1 min read

[Cullinan #17] JWT ์ถ”๊ฐ€ ๋ฐ CSRF ๋‚ด Bypass Method ์ถ”๊ฐ€

security cullinan
ZAP 2.11 ๋ฏธ๋ฆฌ๋ณด๊ธฐ
2 min read

ZAP 2.11 ๋ฏธ๋ฆฌ๋ณด๊ธฐ

security zap
Dalfox 2.5 Released ๐Ÿš€
1 min read

Dalfox 2.5 Released ๐Ÿš€

security
[Cullinan #16] ZIP-Slip and HPP
1 min read

[Cullinan #16] ZIP-Slip and HPP

security cullinan
ZAP Script-base Authentication
8 min read

ZAP Script-base Authentication

security zap
ZAP์˜ fuzz-script๋ฅผ ์ด์šฉํ•ด Fuzzing ์Šคํ‚ฌ ์˜ฌ๋ฆฌ๊ธฐ
6 min read

ZAP์˜ fuzz-script๋ฅผ ์ด์šฉํ•ด Fuzzing ์Šคํ‚ฌ ์˜ฌ๋ฆฌ๊ธฐ

security zap
[Cullinan #15] Add Open Redirect and Command Injection
1 min read

[Cullinan #15] Add Open Redirect and Command Injection

security cullinan
OWASP TOP 10 2021 ๋ฆฌ๋ทฐ
4 min read

OWASP TOP 10 2021 ๋ฆฌ๋ทฐ

security
[Cullinan #14] Path Traversal and OWASP TOP 10 2021
1 min read

[Cullinan #14] Path Traversal and OWASP TOP 10 2021

security cullinan
Authentication Spidering in ZAP
3 min read

Authentication Spidering in ZAP

security zap
[Cullinan #13] Add CSV Injection and CRLF Injection
1 min read

[Cullinan #13] Add CSV Injection and CRLF Injection

security cullinan
Testing Access-Control with ZAP
4 min read

Testing Access-Control with ZAP

security zap
[Cullinan #12] Add JSON/JSONP Hijacking
1 min read

[Cullinan #12] Add JSON/JSONP Hijacking

security cullinan
ZAP์— ๊ณง ์ถ”๊ฐ€๋  FileUpload AddOn ์‚ดํŽด๋ณด๊ธฐ
2 min read

ZAP์— ๊ณง ์ถ”๊ฐ€๋  FileUpload AddOn ์‚ดํŽด๋ณด๊ธฐ

security zap
Cache Busting๊ณผ ๋ณด์•ˆ ํ…Œ์ŠคํŒ…
2 min read

Cache Busting๊ณผ ๋ณด์•ˆ ํ…Œ์ŠคํŒ…

security develop
Macos์—์„œ LISTEN ์ค‘์ธ ํฌํŠธ์™€ ํ”„๋กœ์„ธ์Šค ์‰ฝ๊ฒŒ ํ™•์ธํ•˜๊ธฐ
1 min read

Macos์—์„œ LISTEN ์ค‘์ธ ํฌํŠธ์™€ ํ”„๋กœ์„ธ์Šค ์‰ฝ๊ฒŒ ํ™•์ธํ•˜๊ธฐ

security
[Cullinan #11] Add CSRF and SSRF
1 min read

[Cullinan #11] Add CSRF and SSRF

security cullinan
ZAP Automation GUI
3 min read

ZAP Automation GUI

security zap
If you need test Out-of-band on ZAP? Use OAST!
5 min read

If you need test Out-of-band on ZAP? Use OAST!

security zap
ZAP OAST ๋ฆด๋ฆฌ์ฆˆ! ์ด์ œ ZAP์—์„œ Out-Of-Band๊ฐ€ ๋” ์‰ฌ์›Œ์ง‘๋‹ˆ๋‹ค ๐Ÿš€
5 min read

ZAP OAST ๋ฆด๋ฆฌ์ฆˆ! ์ด์ œ ZAP์—์„œ Out-Of-Band๊ฐ€ ๋” ์‰ฌ์›Œ์ง‘๋‹ˆ๋‹ค ๐Ÿš€

security zap
COOP์™€ Site Isolation, ์•Œ๊ณ  ์žˆ์–ด์•ผ ํ•  ๊ตฌ๊ธ€ ๋ณด์•ˆ ์ •์ฑ…์˜ ๋ณ€ํ™”
2 min read

COOP์™€ Site Isolation, ์•Œ๊ณ  ์žˆ์–ด์•ผ ํ•  ๊ตฌ๊ธ€ ๋ณด์•ˆ ์ •์ฑ…์˜ ๋ณ€ํ™”

security
[Faraday#2] Dispatcher๋ฅผ ์ด์šฉํ•œ Scanning CI
4 min read

[Faraday#2] Dispatcher๋ฅผ ์ด์šฉํ•œ Scanning CI

security
[Faraday#1] Penetration testing IDE!
5 min read

[Faraday#1] Penetration testing IDE!

security
ZAP OAST ๋ฏธ๋ฆฌ ๊ตฌ๊ฒฝํ•˜๊ธฐ (for OOB)
3 min read

ZAP OAST ๋ฏธ๋ฆฌ ๊ตฌ๊ฒฝํ•˜๊ธฐ (for OOB)

security zap
[Cullinan #10] Update contents and Added Cut Image
1 min read

[Cullinan #10] Update contents and Added Cut Image

security cullinan
[Cullinan #9] Added history of owasp top 10
1 min read

[Cullinan #9] Added history of owasp top 10

security cullinan
ZAP Plug-n-Hack์„ ์ด์šฉํ•œ DOM/PostMessage ๋ถ„์„
4 min read

ZAP Plug-n-Hack์„ ์ด์šฉํ•œ DOM/PostMessage ๋ถ„์„

security zap
Cross-origin iframe์—์„œ alert๊ณผ confirm, prompt ์‚ฌ์šฉ ๋ถˆ๊ฐ€
1 min read

Cross-origin iframe์—์„œ alert๊ณผ confirm, prompt ์‚ฌ์šฉ ๋ถˆ๊ฐ€

security
ZAP Scanning to Swagger Documents
1 min read

ZAP Scanning to Swagger Documents

security zap
Customize request/response panel in ZAP
2 min read

Customize request/response panel in ZAP

security zap
DOM Invader, BurpSuite์˜ DOM-XSS Testing ๋„๊ตฌ
7 min read

DOM Invader, BurpSuite์˜ DOM-XSS Testing ๋„๊ตฌ

security
ZAP Passive Scan Tags์™€ Neonmarker ๊ทธ๋ฆฌ๊ณ  Highlighter
2 min read

ZAP Passive Scan Tags์™€ Neonmarker ๊ทธ๋ฆฌ๊ณ  Highlighter

security zap
ZAP์˜ ์ƒˆ๋กœ์šด Report Add-on, 'Report Generation'
3 min read

ZAP์˜ ์ƒˆ๋กœ์šด Report Add-on, 'Report Generation'

security zap
PDF ์•”ํ˜ธํ™”์™€ User-password ๊ทธ๋ฆฌ๊ณ  Owner-password
3 min read

PDF ์•”ํ˜ธํ™”์™€ User-password ๊ทธ๋ฆฌ๊ณ  Owner-password

security
PDF ํŒŒ์ผ Password Crack
1 min read

PDF ํŒŒ์ผ Password Crack

security
ZAP Automation
4 min read

ZAP Automation

security zap
ZAP Token Generation and Analysis ์‚ดํŽด๋ณด๊ธฐ
1 min read

ZAP Token Generation and Analysis ์‚ดํŽด๋ณด๊ธฐ

security zap
Bypass host validation with Parameter Pollution
1 min read

Bypass host validation with Parameter Pollution

security
Options rule configuration in ZAP
2 min read

Options rule configuration in ZAP

security zap
Dalfox 2.4 release! review with me!
5 min read

Dalfox 2.4 release! review with me!

security
CSS Injection Bypassing Trick (with dashdash and var)
1 min read

CSS Injection Bypassing Trick (with dashdash and var)

security
[Cullinan #8] Update reverse tabnabbing (browser's patched)
1 min read

[Cullinan #8] Update reverse tabnabbing (browser's patched)

security cullinan
The reverse tabnabbing has weakened more
2 min read

The reverse tabnabbing has weakened more

security
Import remote JS in IMG tag. for bypass XSS
1 min read

Import remote JS in IMG tag. for bypass XSS

security
Secure JWT and Slinding Sessions
4 min read

Secure JWT and Slinding Sessions

security develop
OOB Testing with interactsh!
3 min read

OOB Testing with interactsh!

security
[Cullinan #7] Add terms of security page
1 min read

[Cullinan #7] Add terms of security page

security cullinan
Get webpage screenshot with gowitness for CICD
1 min read

Get webpage screenshot with gowitness for CICD

security
RCE with exposed k8s api
2 min read

RCE with exposed k8s api

security
[Cullinan #6] Add reverse tabnabbing
1 min read

[Cullinan #6] Add reverse tabnabbing

security cullinan
OpenData for bug-bounty
1 min read

OpenData for bug-bounty

security
ZAP context based scanning
1 min read

ZAP context based scanning

security zap
well-known ๋””๋ ‰ํ† ๋ฆฌ์™€ securty.txt ๊ทธ๋ฆฌ๊ณ  humans.txt
2 min read

well-known ๋””๋ ‰ํ† ๋ฆฌ์™€ securty.txt ๊ทธ๋ฆฌ๊ณ  humans.txt

security
How to set ZAP active scan input vector in daemon mode
1 min read

How to set ZAP active scan input vector in daemon mode

security zap
Make and change default scan policy in ZAP cli interface
2 min read

Make and change default scan policy in ZAP cli interface

security zap
ZAP Forced browse ์™€ Fuzz์—์„œ Sync wordlist ์‚ฌ์šฉํ•˜๊ธฐ
5 min read

ZAP Forced browse ์™€ Fuzz์—์„œ Sync wordlist ์‚ฌ์šฉํ•˜๊ธฐ

security zap
Openssl๋งŒ ์‚ฌ์šฉํ•˜์—ฌ ์›น ์‚ฌ์ดํŠธ์—์„œ ์ง€์›ํ•˜๋Š” SSL cipher suite ํŒŒ์•…ํ•˜๊ธฐ
3 min read

Openssl๋งŒ ์‚ฌ์šฉํ•˜์—ฌ ์›น ์‚ฌ์ดํŠธ์—์„œ ์ง€์›ํ•˜๋Š” SSL cipher suite ํŒŒ์•…ํ•˜๊ธฐ

security
Zest์™€ ZAP์„ ์ด์šฉํ•œ Semi-Automated Security Testing
5 min read

Zest์™€ ZAP์„ ์ด์šฉํ•œ Semi-Automated Security Testing

security zap
How to share other device settings in Axiom
2 min read

How to share other device settings in Axiom

security
[Cullinan #5] Smuggling 3์ข… ์ถ”๊ฐ€(http/ws/h2c)
1 min read

[Cullinan #5] Smuggling 3์ข… ์ถ”๊ฐ€(http/ws/h2c)

security cullinan
[Cullinan #4] Tool wiki ์ค‘ git, parallel ์ถ”๊ฐ€
1 min read

[Cullinan #4] Tool wiki ์ค‘ git, parallel ์ถ”๊ฐ€

security cullinan
[Cullinan #3] Added Axiom and Nmap Cheatsheet
1 min read

[Cullinan #3] Added Axiom and Nmap Cheatsheet

security cullinan
Autochrome - ๋น ๋ฅด๊ฒŒ ๋ณด์•ˆ ํ…Œ์ŠคํŠธ์šฉ ์›น ๋ธŒ๋ผ์šฐ์ € ํ™˜๊ฒฝ์„ ๊ตฌ์„ฑํ•˜์ž!
1 min read

Autochrome - ๋น ๋ฅด๊ฒŒ ๋ณด์•ˆ ํ…Œ์ŠคํŠธ์šฉ ์›น ๋ธŒ๋ผ์šฐ์ € ํ™˜๊ฒฝ์„ ๊ตฌ์„ฑํ•˜์ž!

security
[Cullinan #2] Added change log
1 min read

[Cullinan #2] Added change log

security cullinan
How to applying IntelliJ theme in ZAP
2 min read

How to applying IntelliJ theme in ZAP

security zap develop
Burp Customizer! Change your burpsuite theme
4 min read

Burp Customizer! Change your burpsuite theme

security
[Cullinan #1] ์ปฌ๋ฆฌ๋„Œ ํ”„๋กœ์ ํŠธ ์†Œ๊ฐœ
2 min read

[Cullinan #1] ์ปฌ๋ฆฌ๋„Œ ํ”„๋กœ์ ํŠธ ์†Œ๊ฐœ

security cullinan
Hack the browser extension ๐Ÿš€ (์›น ๋ธŒ๋ผ์šฐ์ € ํ™•์žฅ ๊ธฐ๋Šฅ ์ทจ์•ฝ์  ์ ๊ฒ€ํ•˜๊ธฐ)
8 min read

Hack the browser extension ๐Ÿš€ (์›น ๋ธŒ๋ผ์šฐ์ € ํ™•์žฅ ๊ธฐ๋Šฅ ์ทจ์•ฝ์  ์ ๊ฒ€ํ•˜๊ธฐ)

security
ToCToU๋ฅผ ์ด์šฉํ•œ ๊ฒ€์ฆ ๋กœ์ง ์šฐํšŒํ•˜๊ธฐ(SSRF/OOB/XXE/ETC)
2 min read

ToCToU๋ฅผ ์ด์šฉํ•œ ๊ฒ€์ฆ ๋กœ์ง ์šฐํšŒํ•˜๊ธฐ(SSRF/OOB/XXE/ETC)

security
Security considerations for browser extensions
6 min read

Security considerations for browser extensions

security
ZAP 2.10 Released ๐ŸŽ‰ Quick review
4 min read

ZAP 2.10 Released ๐ŸŽ‰ Quick review

security zap
Why I Use ZAP
6 min read

Why I Use ZAP

security zap
Make cloud base ZAP Scanning Environment Using github-action
2 min read

Make cloud base ZAP Scanning Environment Using github-action

security zap develop
Setup a Pentest environment with Axiom
4 min read

Setup a Pentest environment with Axiom

security
Docker scratch image from a Security perspective
2 min read

Docker scratch image from a Security perspective

security system
Building a ZAP Monitoring Environment (Grafana + InfluxDB + Statsd)
3 min read

Building a ZAP Monitoring Environment (Grafana + InfluxDB + Statsd)

security zap
Forcing HTTP Redirect XSS
3 min read

Forcing HTTP Redirect XSS

security
Amass, go deep in the sea with free APIs
8 min read

Amass, go deep in the sea with free APIs

security
์•จ๋ฆฌ์Šค(Alice)์™€ ๋ฐฅ(Bob) ๊ทธ๋ฆฌ๊ณ  ์บ๋กค(Carol), ์ด๋ฆ„์˜ ์˜๋ฏธ๋Š”?
2 min read

์•จ๋ฆฌ์Šค(Alice)์™€ ๋ฐฅ(Bob) ๊ทธ๋ฆฌ๊ณ  ์บ๋กค(Carol), ์ด๋ฆ„์˜ ์˜๋ฏธ๋Š”?

security
HTTP/2 H2C Smuggling
6 min read

HTTP/2 H2C Smuggling

security
Future of the WebHackersWaepons
2 min read

Future of the WebHackersWaepons

security
Scanning multiple targets in ZAP
2 min read

Scanning multiple targets in ZAP

security
CI for Automatic recon
4 min read

CI for Automatic recon

security
Docker images and running commands of vulnerable web
1 min read

Docker images and running commands of vulnerable web

security system
Transient events for XSS(sendBeacon?!)
1 min read

Transient events for XSS(sendBeacon?!)

security
How to add custom header in ZAP and zap-cli
4 min read

How to add custom header in ZAP and zap-cli

security zap develop
NMAP CheatSheet
3 min read

NMAP CheatSheet

security
Observe new subdomain (์ง€์†์ ์œผ๋กœ ์„œ๋ธŒ๋„๋ฉ”์ธ ๋ชจ๋‹ˆํ„ฐ๋งํ•˜๊ธฐ)
4 min read

Observe new subdomain (์ง€์†์ ์œผ๋กœ ์„œ๋ธŒ๋„๋ฉ”์ธ ๋ชจ๋‹ˆํ„ฐ๋งํ•˜๊ธฐ)

security
pet and hack-pet. managing command snippets for security testing
7 min read

pet and hack-pet. managing command snippets for security testing

security
One custom certificate, Using all tools and your devices (for bug bounty/pentesting)
7 min read

One custom certificate, Using all tools and your devices (for bug bounty/pentesting)

security zap
Bypassing string base XSS protection with Optional chaining
2 min read

Bypassing string base XSS protection with Optional chaining

security
E-mail ํฌ๋งท์„ ์ด์šฉํ•œ ์—ฌ๋Ÿฌ๊ฐ€์ง€ Exploiting ๊ธฐ๋ฒ•๋“ค
4 min read

E-mail ํฌ๋งท์„ ์ด์šฉํ•œ ์—ฌ๋Ÿฌ๊ฐ€์ง€ Exploiting ๊ธฐ๋ฒ•๋“ค

security
Setup bugbounty hunting env on termux :D
1 min read

Setup bugbounty hunting env on termux :D

security
Vulnerability of postMessage and postMesasge-tracker browser extension
4 min read

Vulnerability of postMessage and postMesasge-tracker browser extension

security
Find reflected parameter on ZAP for XSS!
1 min read

Find reflected parameter on ZAP for XSS!

security zap
How to use DalFox's Fun Options (if found notify , custom grepping)
8 min read

How to use DalFox's Fun Options (if found notify , custom grepping)

security
New my XSS scanning tool
4 min read

New my XSS scanning tool "DalFox" :D

security
How to import external spidering output to Burpsuite or ZAP
1 min read

How to import external spidering output to Burpsuite or ZAP

security zap
Recon using fzf and other tools. for bugbounty
5 min read

Recon using fzf and other tools. for bugbounty

security
Ways to XSS without parentheses
2 min read

Ways to XSS without parentheses

security
Find S3 bucket takeover , S3 Misconfiguration using pipelining(s3reverse/meg/gf/s3scanner)
2 min read

Find S3 bucket takeover , S3 Misconfiguration using pipelining(s3reverse/meg/gf/s3scanner)

security
Recon with waybackmachine. For BugBounty!
3 min read

Recon with waybackmachine. For BugBounty!

security
Using the Flat Darcula theme(dark mode) in ZAP!!
1 min read

Using the Flat Darcula theme(dark mode) in ZAP!!

security zap
Find testing point using tomnomnom's tool, for bugbounty!
4 min read

Find testing point using tomnomnom's tool, for bugbounty!

security
XSpear 1.4 Released! Find XSS! (Supported HTML report now!)
1 min read

XSpear 1.4 Released! Find XSS! (Supported HTML report now!)

security
First new XSS Payload of 2020(svg animate, onpointerrawupdate)
1 min read

First new XSS Payload of 2020(svg animate, onpointerrawupdate)

security
BurpSuite 2020.01 Release Review, Change HTTP Message Editor!
1 min read

BurpSuite 2020.01 Release Review, Change HTTP Message Editor!

security
Metasploit์˜ ๋ชฉ์†Œ๋ฆฌ๊ฐ€ ๊ถ๊ธˆํ•˜๋‹ค๋ฉด sounds ํ”Œ๋Ÿฌ๊ทธ์ธ!
1 min read

Metasploit์˜ ๋ชฉ์†Œ๋ฆฌ๊ฐ€ ๊ถ๊ธˆํ•˜๋‹ค๋ฉด sounds ํ”Œ๋Ÿฌ๊ทธ์ธ!

security metasploit
Metasploit์—์„œ Database connection์ด ์ž์ฃผ ๋Š๊ธด๋‹ค๋ฉด?
1 min read

Metasploit์—์„œ Database connection์ด ์ž์ฃผ ๋Š๊ธด๋‹ค๋ฉด?

security metasploit
Write Metasploit Module in Golang
5 min read

Write Metasploit Module in Golang

security develop metasploit go
How to find important information in github(with gitrob)
2 min read

How to find important information in github(with gitrob)

security
SameSite=Lax๊ฐ€ Default๋กœ? SameSite Cookie์— ๋Œ€ํ•ด ์ •ํ™•ํ•˜๊ฒŒ ์•Œ์•„๋ณด๊ธฐ
7 min read

SameSite=Lax๊ฐ€ Default๋กœ? SameSite Cookie์— ๋Œ€ํ•ด ์ •ํ™•ํ•˜๊ฒŒ ์•Œ์•„๋ณด๊ธฐ

security
JSON Hijacking, SOP Bypass Technic with Cache-Control
4 min read

JSON Hijacking, SOP Bypass Technic with Cache-Control

security
Stepper! Evolution repeater on Burp suite
1 min read

Stepper! Evolution repeater on Burp suite

security
XSpear 1.3 version released!
1 min read

XSpear 1.3 version released!

security
BurpSuite์—์„œ Request ์ •๋ณด๋ฅผ ํฌํ•จํ•˜์—ฌ CLI ์•ฑ ์‹คํ–‰ํ•˜๊ธฐ)
3 min read

BurpSuite์—์„œ Request ์ •๋ณด๋ฅผ ํฌํ•จํ•˜์—ฌ CLI ์•ฑ ์‹คํ–‰ํ•˜๊ธฐ)

security
Test with GoBuster! (Powerful bruteforcing tool of golang)
3 min read

Test with GoBuster! (Powerful bruteforcing tool of golang)

security
Burp Beautifier - Beautifying JSON/JS/HTML/XML In Burp Suite
1 min read

Burp Beautifier - Beautifying JSON/JS/HTML/XML In Burp Suite

security
Arachni scanner์—์„œ Webhook์œผ๋กœ Slack ์—ฐ๋™ํ•˜๊ธฐ(Send msg to slack when arachni scan is complete)
3 min read

Arachni scanner์—์„œ Webhook์œผ๋กœ Slack ์—ฐ๋™ํ•˜๊ธฐ(Send msg to slack when arachni scan is complete)

security
How to find End-point URL in Javascript with LinkFinder
2 min read

How to find End-point URL in Javascript with LinkFinder

security
Easy command for find iOS Application directory on Jailed Device
1 min read

Easy command for find iOS Application directory on Jailed Device

security
Two easy ways to get a list of scopes from a hackerone
1 min read

Two easy ways to get a list of scopes from a hackerone

security
Check logic vulnerability point using GET/HEAD in Ruby on Rails
4 min read

Check logic vulnerability point using GET/HEAD in Ruby on Rails

security develop ruby
How to diable detectportal.firefox.com in firefox(enemy of burpsuite)
1 min read

How to diable detectportal.firefox.com in firefox(enemy of burpsuite)

security
Burp suite using Tor network
1 min read

Burp suite using Tor network

security
Navigation with Embedded Browser on Burp suite 2.1.05(new releases)
1 min read

Navigation with Embedded Browser on Burp suite 2.1.05(new releases)

security
Upgrade self XSS to Exploitable XSS an 3 Ways Technic
4 min read

Upgrade self XSS to Exploitable XSS an 3 Ways Technic

security
์›น ์†Œ์ผ“์˜ ์ƒˆ๋กœ์šด ๊ณต๊ฒฉ ๊ธฐ๋ฒ•! WebSocket Connection Smuggling ๐Ÿ˜ˆ
3 min read

์›น ์†Œ์ผ“์˜ ์ƒˆ๋กœ์šด ๊ณต๊ฒฉ ๊ธฐ๋ฒ•! WebSocket Connection Smuggling ๐Ÿ˜ˆ

security
PHP7 UnderFlow RCE Vulnerabliity(CVE-2019-11043) ๊ฐ„๋‹จ ๋ถ„์„
6 min read

PHP7 UnderFlow RCE Vulnerabliity(CVE-2019-11043) ๊ฐ„๋‹จ ๋ถ„์„

security
CPDoS(Cache Poisoned Denial of Service) Attack for Korean
5 min read

CPDoS(Cache Poisoned Denial of Service) Attack for Korean

security
Find Subdomain Takeover with Amass + SubJack
1 min read

Find Subdomain Takeover with Amass + SubJack

security
jwt-cracker๋ฅผ ์ด์šฉํ•œ secret key crack
1 min read

jwt-cracker๋ฅผ ์ด์šฉํ•œ secret key crack

security
Bypass referer check logic for CSRF
3 min read

Bypass referer check logic for CSRF

security
New Technic of HTTP Desync Attack
1 min read

New Technic of HTTP Desync Attack

security
If you find powerful OXML XXE tool? it's
3 min read

If you find powerful OXML XXE tool? it's "DOCEM"

security
Normalized Stored XSS (\\xef\\xbc\\x9c => \\x3c)
1 min read

Normalized Stored XSS (\\xef\\xbc\\x9c => \\x3c)

security
Path Traversal pattern of ../
1 min read

Path Traversal pattern of ../

security
Bypass host validation Technique in Android (Common+Golden+MyThink)
3 min read

Bypass host validation Technique in Android (Common+Golden+MyThink)

security
OWASP Amass - DNS Enum/Network Mapping
1 min read

OWASP Amass - DNS Enum/Network Mapping

security
Burp collaborator ์ธ์ฆ์„œ ์—๋Ÿฌ ํ•ด๊ฒฐํ•˜๊ธฐ(certificate error solution)
1 min read

Burp collaborator ์ธ์ฆ์„œ ์—๋Ÿฌ ํ•ด๊ฒฐํ•˜๊ธฐ(certificate error solution)

security
Burp suite pro ๊ตฌ๋งค๊ธฐ(for korean, ๊ฐœ์ธ ์ฆ๋ช… ๊ด€๋ จ ๋ฌธ์ œ ์ฒ˜๋ฆฌ๋ฐฉ๋ฒ•?)
2 min read

Burp suite pro ๊ตฌ๋งค๊ธฐ(for korean, ๊ฐœ์ธ ์ฆ๋ช… ๊ด€๋ จ ๋ฌธ์ œ ์ฒ˜๋ฆฌ๋ฐฉ๋ฒ•?)

security
Bypass blank,slash filter for XSS
1 min read

Bypass blank,slash filter for XSS

security
HTTP Desync Attack ์— ๋Œ€ํ•ด ์•Œ์•„๋ณด์ž(HTTP Smuggling attack re-born, +My case)
8 min read

HTTP Desync Attack ์— ๋Œ€ํ•ด ์•Œ์•„๋ณด์ž(HTTP Smuggling attack re-born, +My case)

security
onload*(start/end) event handler XSS(Any browser)
1 min read

onload*(start/end) event handler XSS(Any browser)

security
onpoint* XSS Payload for bypass blacklist base event-handler xss filter
2 min read

onpoint* XSS Payload for bypass blacklist base event-handler xss filter

security
JSONP Hijacking
3 min read

JSONP Hijacking

security
Event handler for mobile used in XSS (ontouch*)
1 min read

Event handler for mobile used in XSS (ontouch*)

security
HTTP Request(ZAP, Burp) Parsing on Ruby code
2 min read

HTTP Request(ZAP, Burp) Parsing on Ruby code

security zap develop ruby
XSS payload for escaping the string in JavaScript
1 min read

XSS payload for escaping the string in JavaScript

security
ZAP Send to Any tools(+Send to Burp Scanner)
1 min read

ZAP Send to Any tools(+Send to Burp Scanner)

security zap
How to use SDCard directory in Termux(not rooted)
1 min read

How to use SDCard directory in Termux(not rooted)

security
Run other application in ZAP ๐ŸŽฏ
2 min read

Run other application in ZAP ๐ŸŽฏ

security zap
OAuth ๊ณผ์ •์—์„œ ๋ฐœ์ƒํ•  ์ˆ˜ ์žˆ๋Š” ์žฌ๋ฏธ์žˆ๋Š” ์ธ์ฆํ† ํฐ ํƒˆ์ทจ ์ทจ์•ฝ์ (Chained Bugs to Leak Oauth Token) Review
2 min read

OAuth ๊ณผ์ •์—์„œ ๋ฐœ์ƒํ•  ์ˆ˜ ์žˆ๋Š” ์žฌ๋ฏธ์žˆ๋Š” ์ธ์ฆํ† ํฐ ํƒˆ์ทจ ์ทจ์•ฝ์ (Chained Bugs to Leak Oauth Token) Review

security
XSS Payload without Anything
1 min read

XSS Payload without Anything

security
GraphQLmap - testing graphql endpoint for pentesting & bugbounty
4 min read

GraphQLmap - testing graphql endpoint for pentesting & bugbounty

security
Ruby on Rails Double-Tap ์ทจ์•ฝ์ (CVE-2019-5418, CVE-2019-5420)
5 min read

Ruby on Rails Double-Tap ์ทจ์•ฝ์ (CVE-2019-5418, CVE-2019-5420)

security develop ruby
ZAP์—์„œ Request/Respsponse ๊น”๋”ํ•˜๊ฒŒ ๋ณด๊ธฐ
1 min read

ZAP์—์„œ Request/Respsponse ๊น”๋”ํ•˜๊ฒŒ ๋ณด๊ธฐ

security zap
Finding in-page scripts & map files with javascript (very simple..)
1 min read

Finding in-page scripts & map files with javascript (very simple..)

security develop
Tap n Ghost Attack(ํƒญ ์•ค ๊ณ ์ŠคํŠธ) - ์ƒˆ๋กœ์šด ๋ฌผ๋ฆฌ์ (?) ํ•ดํ‚น ๊ณต๊ฒฉ ๋ฒกํ„ฐ
2 min read

Tap n Ghost Attack(ํƒญ ์•ค ๊ณ ์ŠคํŠธ) - ์ƒˆ๋กœ์šด ๋ฌผ๋ฆฌ์ (?) ํ•ดํ‚น ๊ณต๊ฒฉ ๋ฒกํ„ฐ

security
OWASP ZAP 2.8 Releases! ๋น ๋ฅด๊ฒŒ ๋ฆฌ๋ทฐํ•˜๊ธฐ (what's different?)
1 min read

OWASP ZAP 2.8 Releases! ๋น ๋ฅด๊ฒŒ ๋ฆฌ๋ทฐํ•˜๊ธฐ (what's different?)

security zap
Frequently used frida scripts and others..
2 min read

Frequently used frida scripts and others..

security
How to fuzzing with regex on ZAP Fuzzer
2 min read

How to fuzzing with regex on ZAP Fuzzer

security zap
ZAP์—์„œ ์ •๊ทœํ‘œํ˜„์‹์„ ์ด์šฉํ•˜์—ฌ ์›น ํผ์ง•ํ•˜๊ธฐ
2 min read

ZAP์—์„œ ์ •๊ทœํ‘œํ˜„์‹์„ ์ด์šฉํ•˜์—ฌ ์›น ํผ์ง•ํ•˜๊ธฐ

security zap
Four XSS Payloads - Bypass the tag base protection
2 min read

Four XSS Payloads - Bypass the tag base protection

security
์นจํˆฌํ…Œ์ŠคํŠธ ์•ฝ๊ฐ„ ์œ ์šฉํ•œ nmap NSE ์Šคํฌ๋ฆฝํŠธ 4๊ฐ€์ง€
4 min read

์นจํˆฌํ…Œ์ŠคํŠธ ์•ฝ๊ฐ„ ์œ ์šฉํ•œ nmap NSE ์Šคํฌ๋ฆฝํŠธ 4๊ฐ€์ง€

security
Four nmap NSE scripts for penetration testing.
4 min read

Four nmap NSE scripts for penetration testing.

security
AutoSource - Automated Source Code Review Framework Integrated With SonarQube
1 min read

AutoSource - Automated Source Code Review Framework Integrated With SonarQube

security
CVE-2019-11358๋ฅผ ํ†ตํ•ด Prototype Pollution์„ ์•Œ์•„๋ณด์ž
4 min read

CVE-2019-11358๋ฅผ ํ†ตํ•ด Prototype Pollution์„ ์•Œ์•„๋ณด์ž

security
Testing command(curl, wget, portscan, ssh) with Powershell
1 min read

Testing command(curl, wget, portscan, ssh) with Powershell

security system
How to protect iframe XSS&XFS using sandbox attribute(+CSP)
1 min read

How to protect iframe XSS&XFS using sandbox attribute(+CSP)

security
ZAP(Zed Attack Proxy)์˜ 4๊ฐ€์ง€ ๋ชจ๋“œ(Four modes of ZAP)
1 min read

ZAP(Zed Attack Proxy)์˜ 4๊ฐ€์ง€ ๋ชจ๋“œ(Four modes of ZAP)

security zap
Jailbreak iOS Cydia ๋‚ด ์„ค์น˜/์—…๋ฐ์ดํŠธ ์‹œ gzip:iphoneos-arm ์—๋Ÿฌ ํ•ด๊ฒฐ๋ฐฉ๋ฒ•
1 min read

Jailbreak iOS Cydia ๋‚ด ์„ค์น˜/์—…๋ฐ์ดํŠธ ์‹œ gzip:iphoneos-arm ์—๋Ÿฌ ํ•ด๊ฒฐ๋ฐฉ๋ฒ•

security
Bypass XSS Protection with xmp/noscript/noframes/iframe
21 min read

Bypass XSS Protection with xmp/noscript/noframes/iframe

security
Metasploit์—์„œ ์ปค์Šคํ…€ ๋ฐฐ๋„ˆ ๋งŒ๋“ค๊ธฐ
1 min read

Metasploit์—์„œ ์ปค์Šคํ…€ ๋ฐฐ๋„ˆ ๋งŒ๋“ค๊ธฐ

security metasploit develop
Access-Control-Allow-Origin๊ฐ€ wildcard(*)์ผ ๋•Œ ์™œ ์ธ์ฆ ์ •๋ณด๋ฅผ ํฌํ•จํ•œ ์š”์ฒญ์€ ์‹คํŒจํ•˜๋Š”๊ฐ€ ๐Ÿ˜ซ
2 min read

Access-Control-Allow-Origin๊ฐ€ wildcard(*)์ผ ๋•Œ ์™œ ์ธ์ฆ ์ •๋ณด๋ฅผ ํฌํ•จํ•œ ์š”์ฒญ์€ ์‹คํŒจํ•˜๋Š”๊ฐ€ ๐Ÿ˜ซ

security
robots.txt์— ๋Œ€ํ•ด ์ œ๋Œ€๋กœ ์•Œ์•„๋ณด์ž. (What is robots.txt?)
2 min read

robots.txt์— ๋Œ€ํ•ด ์ œ๋Œ€๋กœ ์•Œ์•„๋ณด์ž. (What is robots.txt?)

security
MacOS์—์„œ Proxy ์„ค์ •ํ•˜๊ธฐ(for ZAP, BurpSuite)
1 min read

MacOS์—์„œ Proxy ์„ค์ •ํ•˜๊ธฐ(for ZAP, BurpSuite)

security zap system
ffmpeg๋ฅผ ์ด์šฉํ•œ mp3 ํŒŒ์ผ metadata ์ˆ˜์ •ํ•˜๊ธฐ(Edit metadata in mp3 using ffmpeg)
2 min read

ffmpeg๋ฅผ ์ด์šฉํ•œ mp3 ํŒŒ์ผ metadata ์ˆ˜์ •ํ•˜๊ธฐ(Edit metadata in mp3 using ffmpeg)

security
๐Ÿฆ Brave Browser = ๋ณด์•ˆ + ์†๋„ + ์ƒˆ๋กœ์šด ์‹œ๋„
2 min read

๐Ÿฆ Brave Browser = ๋ณด์•ˆ + ์†๋„ + ์ƒˆ๋กœ์šด ์‹œ๋„

security
๋Š๋ฆฐ ZAP์„ ๋น ๋ฅด๊ฒŒ ๋งŒ๋“ค์ž! Zed Attack Proxy ์ตœ์ ํ™”ํ•˜๊ธฐ
1 min read

๋Š๋ฆฐ ZAP์„ ๋น ๋ฅด๊ฒŒ ๋งŒ๋“ค์ž! Zed Attack Proxy ์ตœ์ ํ™”ํ•˜๊ธฐ

security zap
Metasploit-framework install & Setting on MacOS
1 min read

Metasploit-framework install & Setting on MacOS

security metasploit
Bypass domain check protection with data: for XSS
1 min read

Bypass domain check protection with data: for XSS

security
XSStrike geckodriver no such file error ํ•ด๊ฒฐํ•˜๊ธฐ
1 min read

XSStrike geckodriver no such file error ํ•ด๊ฒฐํ•˜๊ธฐ

security
File content Disclosure & DOS Vulnerability in Action View of Ruby on Rails(CVE-2019-5418,CVE-2019-5419)
2 min read

File content Disclosure & DOS Vulnerability in Action View of Ruby on Rails(CVE-2019-5418,CVE-2019-5419)

security
Kage(GUI Base Metasploit Session Handler) Review
2 min read

Kage(GUI Base Metasploit Session Handler) Review

security
iOS App์—์„œ HTTP ํ†ต์‹  ํ—ˆ์šฉํ•˜๊ธฐ(+App Trasport Security๋ž€?)
1 min read

iOS App์—์„œ HTTP ํ†ต์‹  ํ—ˆ์šฉํ•˜๊ธฐ(+App Trasport Security๋ž€?)

security develop
Javascript Entity XSS์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ(oldโ€ฆstyleโ€ฆnot working)
2 min read

Javascript Entity XSS์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ(oldโ€ฆstyleโ€ฆnot working)

security
XSS with style tag and onload event handler
1 min read

XSS with style tag and onload event handler

security
Automation exploit with mad-metasploit (db_autopwn module)
4 min read

Automation exploit with mad-metasploit (db_autopwn module)

security metasploit
postMessage XSS on HackerOne(by adac95) Review
2 min read

postMessage XSS on HackerOne(by adac95) Review

security
Bypass SSRF Protection using HTTP Redirect
2 min read

Bypass SSRF Protection using HTTP Redirect

security
Compiler Bomb for Hacking and Security Testing
2 min read

Compiler Bomb for Hacking and Security Testing

security
DOMAIN CNAME๊ณผ A Record๋ฅผ ์ด์šฉํ•˜์—ฌ SSRF ์šฐํšŒํ•˜๊ธฐ
1 min read

DOMAIN CNAME๊ณผ A Record๋ฅผ ์ด์šฉํ•˜์—ฌ SSRF ์šฐํšŒํ•˜๊ธฐ

security
ZAP๊ณผ BurpSuite์—์„œ์˜
1 min read

ZAP๊ณผ BurpSuite์—์„œ์˜ "handshake alert: unrecognized_name" ์—๋Ÿฌ ํ•ด๊ฒฐํ•˜๊ธฐ

security zap
Custom Scheme API Path Tampering๊ณผ ํŠธ๋ฆญ์„ ์ด์šฉํ•œ API Method ๋ณ€์กฐ
3 min read

Custom Scheme API Path Tampering๊ณผ ํŠธ๋ฆญ์„ ์ด์šฉํ•œ API Method ๋ณ€์กฐ

security
Jenkins RCE Vulnerability via NodeJS(using metasploit module)
4 min read

Jenkins RCE Vulnerability via NodeJS(using metasploit module)

security
MIME Types of script tag (for XSS)
2 min read

MIME Types of script tag (for XSS)

security
ClusterFuzz - scalable fuzzing infrastructure(On Google)
3 min read

ClusterFuzz - scalable fuzzing infrastructure(On Google)

security
๊ผญ ๋ด์•ผํ•  Metasploit ์ฝ˜ํ…์ธ  4๊ฐ€์ง€
1 min read

๊ผญ ๋ด์•ผํ•  Metasploit ์ฝ˜ํ…์ธ  4๊ฐ€์ง€

security metasploit
CSP(Content-Security-Policy) Bypass technique
7 min read

CSP(Content-Security-Policy) Bypass technique

security
APT package manager RCE(Bypass file signatures via CRLF Injection / CVE-2019-3462)
3 min read

APT package manager RCE(Bypass file signatures via CRLF Injection / CVE-2019-3462)

security
PHP Hidden webshell with carriage return(\r, hack trick)
1 min read

PHP Hidden webshell with carriage return(\r, hack trick)

security
Metasploit-framework 5.0 Review
2 min read

Metasploit-framework 5.0 Review

security metasploit
Hashicorp Consul - RCE via Rexec (Metasploit modules)
2 min read

Hashicorp Consul - RCE via Rexec (Metasploit modules)

security
PocSuite - PoC ์ฝ”๋“œ ํ…Œ์ŠคํŒ…์„ ์ฒด๊ณ„์ ์œผ๋กœ ์‰ฝ๊ฒŒ ํ•˜์ž!
7 min read

PocSuite - PoC ์ฝ”๋“œ ํ…Œ์ŠคํŒ…์„ ์ฒด๊ณ„์ ์œผ๋กœ ์‰ฝ๊ฒŒ ํ•˜์ž!

security
wget stores a file's origin URL vulnerability (CVE-2018-20483)
2 min read

wget stores a file's origin URL vulnerability (CVE-2018-20483)

security
Web Cache Poisoning Attack, ๋‹ค์‹œ ์žฌ์กฐ๋ช… ๋ฐ›๋‹ค(with Header base XSS)
4 min read

Web Cache Poisoning Attack, ๋‹ค์‹œ ์žฌ์กฐ๋ช… ๋ฐ›๋‹ค(with Header base XSS)

security
ZAP Add-on before/from-version ๋ณ€๊ฒฝํ•˜์—ฌ ์„ค์น˜ํ•˜๊ธฐ(์ตœ์†Œ ์ง€์›๋ฒ„์ „์œผ๋กœ ์„ค์น˜ ๋ถˆ๊ฐ€ํ•œ ๊ฒฝ์šฐ)
1 min read

ZAP Add-on before/from-version ๋ณ€๊ฒฝํ•˜์—ฌ ์„ค์น˜ํ•˜๊ธฐ(์ตœ์†Œ ์ง€์›๋ฒ„์ „์œผ๋กœ ์„ค์น˜ ๋ถˆ๊ฐ€ํ•œ ๊ฒฝ์šฐ)

security zap
ZAP Java ๋ฒ„์ „ ๋ฐ”๊ฟ”์น˜๊ธฐ(Change Java version for fixed ssl error on ZAP)
1 min read

ZAP Java ๋ฒ„์ „ ๋ฐ”๊ฟ”์น˜๊ธฐ(Change Java version for fixed ssl error on ZAP)

security zap develop
OWASP ZAP์˜ New interface! ZAP HUD ๐Ÿฅฝ
2 min read

OWASP ZAP์˜ New interface! ZAP HUD ๐Ÿฅฝ

security zap
Wordpress Post Type์„ ์ด์šฉํ•œ Privilege Escalation ์ทจ์•ฝ์ (<= wordpress 5.0.0)
3 min read

Wordpress Post Type์„ ์ด์šฉํ•œ Privilege Escalation ์ทจ์•ฝ์ (<= wordpress 5.0.0)

security
JSShell - interactive multi-user web based javascript shell
1 min read

JSShell - interactive multi-user web based javascript shell

security
MacOS, iOS(iPhone, iPad) Devices ์—์„œ์˜ ๋ฉ”๋ชจ๋ฆฌ ๋ณ€์กฐ
2 min read

MacOS, iOS(iPhone, iPad) Devices ์—์„œ์˜ ๋ฉ”๋ชจ๋ฆฌ ๋ณ€์กฐ

security
Needle - iOS Application and Device ํ•ดํ‚น/๋ณด์•ˆ ๋ถ„์„ ํ”„๋ ˆ์ž„์›Œํฌ
6 min read

Needle - iOS Application and Device ํ•ดํ‚น/๋ณด์•ˆ ๋ถ„์„ ํ”„๋ ˆ์ž„์›Œํฌ

security
Windcard(*) Attack on linux (์™€์ผ๋“œ ์นด๋“œ๋ฅผ ์ด์šฉํ•œ ๊ณต๊ฒฉ)
2 min read

Windcard(*) Attack on linux (์™€์ผ๋“œ ์นด๋“œ๋ฅผ ์ด์šฉํ•œ ๊ณต๊ฒฉ)

security system
iOS 11.3(iPad mini2 ) Jailbraek with Electra(non-developer accouts)
1 min read

iOS 11.3(iPad mini2 ) Jailbraek with Electra(non-developer accouts)

security
iOS์—์„œ Proxy ์‚ฌ์šฉ ์ค‘ Burp/ZAProxy CA ๋„ฃ์–ด๋„ ์‹ ๋ขฐํ•  ์ˆ˜ ์—†๋Š” ์‚ฌ์ดํŠธ ๋ฐœ์ƒ ์‹œ ํ•ด๊ฒฐ๋ฐฉ๋ฒ•
1 min read

iOS์—์„œ Proxy ์‚ฌ์šฉ ์ค‘ Burp/ZAProxy CA ๋„ฃ์–ด๋„ ์‹ ๋ขฐํ•  ์ˆ˜ ์—†๋Š” ์‚ฌ์ดํŠธ ๋ฐœ์ƒ ์‹œ ํ•ด๊ฒฐ๋ฐฉ๋ฒ•

security
WAF Bypass XSS Payload Only Hangul(ํ•œ๊ธ€๋งŒ ์ด์šฉํ•ด์„œ XSS ํŽ˜์ด๋กœ๋“œ ๋งŒ๋“ค๊ธฐ)
2 min read

WAF Bypass XSS Payload Only Hangul(ํ•œ๊ธ€๋งŒ ์ด์šฉํ•ด์„œ XSS ํŽ˜์ด๋กœ๋“œ ๋งŒ๋“ค๊ธฐ)

security
ZAP Scripting์œผ๋กœ Custom Header
1 min read

ZAP Scripting์œผ๋กœ Custom Header

security zap
๋น„๋ฃจํŒ…/๋น„ํƒˆ์˜ฅ ๋‹จ๋ง์—์„œ ํ”„๋ฆฌ๋‹ค ์‚ฌ์šฉํ•˜๊ธฐ (Frida Inject DL for no-jail, no-root)
3 min read

๋น„๋ฃจํŒ…/๋น„ํƒˆ์˜ฅ ๋‹จ๋ง์—์„œ ํ”„๋ฆฌ๋‹ค ์‚ฌ์šฉํ•˜๊ธฐ (Frida Inject DL for no-jail, no-root)

security
iOS App MinimumOSVersion ์šฐํšŒํ•˜๊ธฐ (๊ฐ•์ œ๋ณ€๊ฒฝ)
2 min read

iOS App MinimumOSVersion ์šฐํšŒํ•˜๊ธฐ (๊ฐ•์ œ๋ณ€๊ฒฝ)

security
Phar(PHP Archive)์—์„œ์˜ PHP Deserialization ์ทจ์•ฝ์  (BlackHat 2018)
5 min read

Phar(PHP Archive)์—์„œ์˜ PHP Deserialization ์ทจ์•ฝ์  (BlackHat 2018)

security
Burp suite Daracula(dark) Theme Release!
1 min read

Burp suite Daracula(dark) Theme Release!

security
Review on recent xss tricks (๋ช‡๊ฐ€์ง€ XSS ํŠธ๋ฆญ๋“ค ์‚ดํŽด๋ณด๊ธฐ)
1 min read

Review on recent xss tricks (๋ช‡๊ฐ€์ง€ XSS ํŠธ๋ฆญ๋“ค ์‚ดํŽด๋ณด๊ธฐ)

security
iOS์—์„œ์˜ SSL Pinning Bypass(with frida)
3 min read

iOS์—์„œ์˜ SSL Pinning Bypass(with frida)

security
LOKIDN! ์žฌ๋ฏธ์žˆ๋Š” IDN HomoGraph Attack ๋ฒกํ„ฐ
2 min read

LOKIDN! ์žฌ๋ฏธ์žˆ๋Š” IDN HomoGraph Attack ๋ฒกํ„ฐ

security
DynoRoot Exploit (DHCP Client Command Injection / CVE-2018-1111)
3 min read

DynoRoot Exploit (DHCP Client Command Injection / CVE-2018-1111)

security
์›น ์–ด์…ˆ๋ธ”๋ฆฌ(Web Assembly)๋Š” ์–ด๋–ป๊ฒŒ ๋ณด์•ˆ ์ทจ์•ฝ์  ๋ถ„์„์„ ํ• ๊นŒ์š”?
13 min read

์›น ์–ด์…ˆ๋ธ”๋ฆฌ(Web Assembly)๋Š” ์–ด๋–ป๊ฒŒ ๋ณด์•ˆ ์ทจ์•ฝ์  ๋ถ„์„์„ ํ• ๊นŒ์š”?

security
JSFuck XSS Payload ๋™์ž‘ ์›๋ฆฌ
4 min read

JSFuck XSS Payload ๋™์ž‘ ์›๋ฆฌ

security
XSS Polyglot Challenge(v2)์— ์ฐธ์—ฌํ•˜๋ฉฐ XSS์— ๋Œ€ํ•œ ๊ณ ๋ฏผ์„ ๋” ํ•ด๋ด…์‹œ๋‹ค!
1 min read

XSS Polyglot Challenge(v2)์— ์ฐธ์—ฌํ•˜๋ฉฐ XSS์— ๋Œ€ํ•œ ๊ณ ๋ฏผ์„ ๋” ํ•ด๋ด…์‹œ๋‹ค!

security
p0wn-box - ๊ฐ€๋ณ๊ฒŒ ์‚ฌ์šฉํ•˜๊ธฐ ์ข‹์€ ๋ชจ์˜ํ•ดํ‚น/์นจํˆฌํ…Œ์ŠคํŠธ ํˆด ๋„์ปค ์ด๋ฏธ์ง€
3 min read

p0wn-box - ๊ฐ€๋ณ๊ฒŒ ์‚ฌ์šฉํ•˜๊ธฐ ์ข‹์€ ๋ชจ์˜ํ•ดํ‚น/์นจํˆฌํ…Œ์ŠคํŠธ ํˆด ๋„์ปค ์ด๋ฏธ์ง€

security system
Burp Suite REST API(Burp 2.0 beta)
2 min read

Burp Suite REST API(Burp 2.0 beta)

security
Arachni optimizing for fast scanning (Arachni ์Šค์บ” ์†๋„ ํ–ฅ์ƒ ์‹œํ‚ค๊ธฐ)
15 min read

Arachni optimizing for fast scanning (Arachni ์Šค์บ” ์†๋„ ํ–ฅ์ƒ ์‹œํ‚ค๊ธฐ)

security
SpEL(Spring Expression Language) Injection & Spring boot RCE
3 min read

SpEL(Spring Expression Language) Injection & Spring boot RCE

security
ESI(Edge Side Include) Injection์„ ์ด์šฉํ•œ Web Attack(XSS, Session hijacking, SSRF / blackhat 2018)
4 min read

ESI(Edge Side Include) Injection์„ ์ด์šฉํ•œ Web Attack(XSS, Session hijacking, SSRF / blackhat 2018)

security
Defcon 2018 ๋ฐœํ‘œ ์ž๋ฃŒ ๋ฐ Briefings list
8 min read

Defcon 2018 ๋ฐœํ‘œ ์ž๋ฃŒ ๋ฐ Briefings list

security
ZAP์—์„œ๋„ Request๋ฅผ ๊ฐ€์ง€๊ณ  ์Šคํฌ๋ฆฝํŠธ๋กœ ์ƒ์„ฑํ•˜์ž! Reissue Request Scripter
1 min read

ZAP์—์„œ๋„ Request๋ฅผ ๊ฐ€์ง€๊ณ  ์Šคํฌ๋ฆฝํŠธ๋กœ ์ƒ์„ฑํ•˜์ž! Reissue Request Scripter

security zap
Arachni ์ฝ”๋“œ๋‹จ์—์„œ JSON Method ์‚ฌ์šฉํ•˜๊ธฐ (undefined method `parse' for Arachni::Element::JSON:Class ํ•ด๊ฒฐ)
1 min read

Arachni ์ฝ”๋“œ๋‹จ์—์„œ JSON Method ์‚ฌ์šฉํ•˜๊ธฐ (undefined method `parse' for Arachni::Element::JSON:Class ํ•ด๊ฒฐ)

security develop ruby
Attack a JSON CSRF with SWF(ActionScript๋ฅผ ์ด์šฉํ•œ JSON CSRF ๊ณต๊ฒฉ์ฝ”๋“œ ๊ตฌํ˜„)
1 min read

Attack a JSON CSRF with SWF(ActionScript๋ฅผ ์ด์šฉํ•œ JSON CSRF ๊ณต๊ฒฉ์ฝ”๋“œ ๊ตฌํ˜„)

security
Burp suite Extension ๊ฐœ๋ฐœ์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ(Story of Writing Burp suite extension)
6 min read

Burp suite Extension ๊ฐœ๋ฐœ์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ(Story of Writing Burp suite extension)

security develop
EternalBlue exploit for x86(32 bit) devices - 32๋น„ํŠธ pc์— ๋Œ€ํ•œ EternalBlue
2 min read

EternalBlue exploit for x86(32 bit) devices - 32๋น„ํŠธ pc์— ๋Œ€ํ•œ EternalBlue

security
JRuby Burp suite ํ™•์žฅ ๊ธฐ๋Šฅ ๊ฐœ๋ฐœ ์ค‘ ๋ฐœ์ƒํ•œ ์—๋Ÿฌ(failed to coerce [Lburp.IHttpRequestResponse; to burp.IHttpRequestResponse)
1 min read

JRuby Burp suite ํ™•์žฅ ๊ธฐ๋Šฅ ๊ฐœ๋ฐœ ์ค‘ ๋ฐœ์ƒํ•œ ์—๋Ÿฌ(failed to coerce [Lburp.IHttpRequestResponse; to burp.IHttpRequestResponse)

security develop ruby
Firefox Hackbar Addon ๋‹จ์ถ•ํ‚ค(Short cut)
1 min read

Firefox Hackbar Addon ๋‹จ์ถ•ํ‚ค(Short cut)

security
Metasploit์œผ๋กœ ์„œ๋ฒ„์˜ SSL ๋“ฑ๊ธ‰์„ ํ‰๊ฐ€ํ•˜์ž (SSLLab)
3 min read

Metasploit์œผ๋กœ ์„œ๋ฒ„์˜ SSL ๋“ฑ๊ธ‰์„ ํ‰๊ฐ€ํ•˜์ž (SSLLab)

security metasploit
Insomnia๋กœ REST API๋ฅผ ์‰ฝ๊ฒŒ ํ…Œ์ŠคํŠธํ•˜์ž ๐Ÿ˜Ž
1 min read

Insomnia๋กœ REST API๋ฅผ ์‰ฝ๊ฒŒ ํ…Œ์ŠคํŠธํ•˜์ž ๐Ÿ˜Ž

security develop
XSS ์—†์ด DOM ๋‚ด ์ค‘์š”์ •๋ณด ํƒˆ์ทจ, CSP ์šฐํšŒํ•˜๊ธฐ(Eavading CSP and Critical data leakage No XSS)
1 min read

XSS ์—†์ด DOM ๋‚ด ์ค‘์š”์ •๋ณด ํƒˆ์ทจ, CSP ์šฐํšŒํ•˜๊ธฐ(Eavading CSP and Critical data leakage No XSS)

security
Security testing SAML SSO Vulnerability & Pentest(SAML SSO ์ทจ์•ฝ์  ๋ถ„์„ ๋ฐฉ๋ฒ•)
7 min read

Security testing SAML SSO Vulnerability & Pentest(SAML SSO ์ทจ์•ฝ์  ๋ถ„์„ ๋ฐฉ๋ฒ•)

security
๋ฆฌ๋ˆ…์Šค์—์„œ OWASP ZAP๊ณผ BurpSuite์˜ ์ƒ‰์ƒ ๋ฐ”๊พธ๊ธฐ
3 min read

๋ฆฌ๋ˆ…์Šค์—์„œ OWASP ZAP๊ณผ BurpSuite์˜ ์ƒ‰์ƒ ๋ฐ”๊พธ๊ธฐ

security zap system
SQLMap Tamper Script๋ฅผ ์ด์šฉํ•œ WAF&Protection Logic Bypass
1 min read

SQLMap Tamper Script๋ฅผ ์ด์šฉํ•œ WAF&Protection Logic Bypass

security
ZAP์—์„œ Passive Script ๋งŒ๋“ค๊ธฐ
2 min read

ZAP์—์„œ Passive Script ๋งŒ๋“ค๊ธฐ

security zap develop
Subdomain Takeover ์ทจ์•ฝ์ ์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ
3 min read

Subdomain Takeover ์ทจ์•ฝ์ ์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ

security
ZAP์— ํ•„์š”ํ•œ ๊ธฐ๋Šฅ๊ณผ Burp suite ๋“€์–ผ ์ฒด์ œ๋กœ ๋Š๋‚€์ 
3 min read

ZAP์— ํ•„์š”ํ•œ ๊ธฐ๋Šฅ๊ณผ Burp suite ๋“€์–ผ ์ฒด์ œ๋กœ ๋Š๋‚€์ 

security zap
ZAP ๋‹จ์ถ•ํ‚ค ์‚ฌ์šฉ ํŒ
1 min read

ZAP ๋‹จ์ถ•ํ‚ค ์‚ฌ์šฉ ํŒ

security zap
ZAP Scripting์œผ๋กœ Code Generator ๊ตฌํ˜„ํ•˜๊ธฐ
5 min read

ZAP Scripting์œผ๋กœ Code Generator ๊ตฌํ˜„ํ•˜๊ธฐ

security zap ruby
Burp์™€ ZAP ๋™์‹œ์— ์‚ฌ์šฉํ•˜๊ธฐ ๐Ÿš€
1 min read

Burp์™€ ZAP ๋™์‹œ์— ์‚ฌ์šฉํ•˜๊ธฐ ๐Ÿš€

security zap
Burp suite ์ค‘๋…์ž๊ฐ€ ๋ฐ”๋ผ๋ณธ OWASP ZAP(Zed Attack Proxy). ์ด์ œ๋ถ€ํ„ฐ ๋“€์–ผ์ด๋‹ค!
3 min read

Burp suite ์ค‘๋…์ž๊ฐ€ ๋ฐ”๋ผ๋ณธ OWASP ZAP(Zed Attack Proxy). ์ด์ œ๋ถ€ํ„ฐ ๋“€์–ผ์ด๋‹ค!

security zap
Firefox XSS with Context menu(+css payload..)
1 min read

Firefox XSS with Context menu(+css payload..)

security
Not-rooted android Kali linux with Termux!(๋น„ ๋ฃจํŒ…ํฐ์—์„œ ์นผ๋ฆฌ ๊ตฌ์„ฑํ•˜๊ธฐ)
1 min read

Not-rooted android Kali linux with Termux!(๋น„ ๋ฃจํŒ…ํฐ์—์„œ ์นผ๋ฆฌ ๊ตฌ์„ฑํ•˜๊ธฐ)

security
YSoSerial - Java object deserialization payload generator
2 min read

YSoSerial - Java object deserialization payload generator

security
BurpKit - Awesome Burp suite Extender(Burp์—์„œ ๊ฐœ๋ฐœ์ž ๋„๊ตฌ๋ฅผ ์‚ฌ์šฉํ•˜์ž!)
3 min read

BurpKit - Awesome Burp suite Extender(Burp์—์„œ ๊ฐœ๋ฐœ์ž ๋„๊ตฌ๋ฅผ ์‚ฌ์šฉํ•˜์ž!)

security
Evasion technique using Wildcards, Quotation marks and backslash, $IFS(WAF, ๋ฐฉ์–ด๋กœ์ง ์šฐํšŒ)
2 min read

Evasion technique using Wildcards, Quotation marks and backslash, $IFS(WAF, ๋ฐฉ์–ด๋กœ์ง ์šฐํšŒ)

security
Android App(apk) ์„œ๋ช…ํ•˜๊ธฐ(apk signing with jarsigner,keytool)
1 min read

Android App(apk) ์„œ๋ช…ํ•˜๊ธฐ(apk signing with jarsigner,keytool)

security
Metasploit WMAP ๋ชจ๋“ˆ๋“ค
1 min read

Metasploit WMAP ๋ชจ๋“ˆ๋“ค

security metasploit
Android Meterpreter shell ์—์„œ์˜ ์‹คํ–‰ ๊ถŒํ•œ ์ƒ์Šน ์‚ฝ์งˆ ์ด์•ผ๊ธฐ
3 min read

Android Meterpreter shell ์—์„œ์˜ ์‹คํ–‰ ๊ถŒํ•œ ์ƒ์Šน ์‚ฝ์งˆ ์ด์•ผ๊ธฐ

security metasploit
BugCrowd HUNT - ๋ฒ„๊ทธ ๋ฐ”์šดํ‹ฐ๋ฅผ ์œ„ํ•œ ZAP/Burp Extension
3 min read

BugCrowd HUNT - ๋ฒ„๊ทธ ๋ฐ”์šดํ‹ฐ๋ฅผ ์œ„ํ•œ ZAP/Burp Extension

security zap
Metasploit web delivery ๋ชจ๋“ˆ์„ ์ด์šฉํ•œ Command line์—์„œ meterpreter session ๋งŒ๋“ค๊ธฐ
4 min read

Metasploit web delivery ๋ชจ๋“ˆ์„ ์ด์šฉํ•œ Command line์—์„œ meterpreter session ๋งŒ๋“ค๊ธฐ

security metasploit
Android 4.4(KitKat)์—์„œ NetHunter ์„ค์น˜ํ•˜๊ธฐ
2 min read

Android 4.4(KitKat)์—์„œ NetHunter ์„ค์น˜ํ•˜๊ธฐ

security
G3 ์‹œ๋ฆฌ์ฆˆ ๋ฃจํŒ… ์Šคํฌ๋ฆฝํŠธ ์‚ดํŽด๋ณด๊ธฐ(LG Root Script.bat )
2 min read

G3 ์‹œ๋ฆฌ์ฆˆ ๋ฃจํŒ… ์Šคํฌ๋ฆฝํŠธ ์‚ดํŽด๋ณด๊ธฐ(LG Root Script.bat )

security
HTTPS/HTTP Mixed Content (์„ž์ธ ๋™์  ์ฝ˜ํ…์ธ  [File] ๋ฅผ ์ฝ์–ด์˜ค๋Š” ๊ฒƒ์„ ์ฐจ๋‹จํ–ˆ์Šต๋‹ˆ๋‹ค.)
2 min read

HTTPS/HTTP Mixed Content (์„ž์ธ ๋™์  ์ฝ˜ํ…์ธ  [File] ๋ฅผ ์ฝ์–ด์˜ค๋Š” ๊ฒƒ์„ ์ฐจ๋‹จํ–ˆ์Šต๋‹ˆ๋‹ค.)

security develop
Bypass XSS Protection with fake tag and data: (๊ฐ€์งœ ํƒœ๊ทธ์™€ data ๊ตฌ๋ฌธ์„ ์ด์šฉํ•œ XSS ์šฐํšŒ๊ธฐ๋ฒ•)
1 min read

Bypass XSS Protection with fake tag and data: (๊ฐ€์งœ ํƒœ๊ทธ์™€ data ๊ตฌ๋ฌธ์„ ์ด์šฉํ•œ XSS ์šฐํšŒ๊ธฐ๋ฒ•)

security
Bypass XSS Protection (Event Handler filtering) with string+slash(XSS ์šฐํšŒ๊ธฐ๋ฒ•)
1 min read

Bypass XSS Protection (Event Handler filtering) with string+slash(XSS ์šฐํšŒ๊ธฐ๋ฒ•)

security
MITM Proxy server in Ruby (evil-proxy์™€ rails๋ฅผ ์ด์šฉํ•œ WASE ํŠธ๋ž˜ํ”ฝ ์ˆ˜์ง‘ ๊ตฌ๊ฐ„ ๋งŒ๋“ค๊ธฐ)
2 min read

MITM Proxy server in Ruby (evil-proxy์™€ rails๋ฅผ ์ด์šฉํ•œ WASE ํŠธ๋ž˜ํ”ฝ ์ˆ˜์ง‘ ๊ตฌ๊ฐ„ ๋งŒ๋“ค๊ธฐ)

security develop ruby
URL Hash(#) ์„ ์ด์šฉํ•œ XSS ์šฐํšŒ๊ธฐ๋ฒ•
3 min read

URL Hash(#) ์„ ์ด์šฉํ•œ XSS ์šฐํšŒ๊ธฐ๋ฒ•

security
0x0c(^L)๋ฅผ ์ด์šฉํ•œ XSS ์šฐํšŒ ๊ธฐ๋ฒ•(no slash, no blank)
1 min read

0x0c(^L)๋ฅผ ์ด์šฉํ•œ XSS ์šฐํšŒ ๊ธฐ๋ฒ•(no slash, no blank)

security
[HACKING] Bug Bounty๋ฅผ ์œ„ํ•œ WASE(Web Audit Search Engine) ๋งŒ๋“ค๊ธฐ [2] - Burp suite์™€ Elastic search ์—ฐ๋™ํ•˜๊ธฐ
1 min read

[HACKING] Bug Bounty๋ฅผ ์œ„ํ•œ WASE(Web Audit Search Engine) ๋งŒ๋“ค๊ธฐ [2] - Burp suite์™€ Elastic search ์—ฐ๋™ํ•˜๊ธฐ

security develop ruby
[HACKING] Bug Bounty๋ฅผ ์œ„ํ•œ WASE(Web Audit Search Engine) ๋งŒ๋“ค๊ธฐ [1] - Elastic search์™€ ruby-rails
3 min read

[HACKING] Bug Bounty๋ฅผ ์œ„ํ•œ WASE(Web Audit Search Engine) ๋งŒ๋“ค๊ธฐ [1] - Elastic search์™€ ruby-rails

security develop ruby
[HACKING] Memcached reflection DOS attack ๋ถ„์„
7 min read

[HACKING] Memcached reflection DOS attack ๋ถ„์„

security
[HACKING] Adobe Flash Player NetConnection Type Confusion(CVE-2015-0336) ๋ถ„์„
3 min read

[HACKING] Adobe Flash Player NetConnection Type Confusion(CVE-2015-0336) ๋ถ„์„

security
[HACKING] TCPโ€‘Starvation Attack (DOS Attack on TCP Sessions)
2 min read

[HACKING] TCPโ€‘Starvation Attack (DOS Attack on TCP Sessions)

security
[HACKING] iOS App ์ •์  ๋ถ„์„๋„๊ตฌ IDB (Ruby gem package
3 min read

[HACKING] iOS App ์ •์  ๋ถ„์„๋„๊ตฌ IDB (Ruby gem package "IDB" for iOS Static Analysis)

security
Metasploit Modules for EternalSynergy / EternalRomance / EternalChampion
5 min read

Metasploit Modules for EternalSynergy / EternalRomance / EternalChampion

security metasploit
Shodan API์™€ Metasploit์„ ์ด์šฉํ•œ Exploiting script - AutoSploit
1 min read

Shodan API์™€ Metasploit์„ ์ด์šฉํ•œ Exploiting script - AutoSploit

security metasploit
Metasploit์˜ alias plugin์„ ์ด์šฉํ•˜์—ฌ resource script๋ฅผ ๋ช…๋ น์–ด๋กœ ๋งŒ๋“ค๊ธฐ
2 min read

Metasploit์˜ alias plugin์„ ์ด์šฉํ•˜์—ฌ resource script๋ฅผ ๋ช…๋ น์–ด๋กœ ๋งŒ๋“ค๊ธฐ

security metasploit
[HACKING] DocumentBuilderFactory XXE ์ทจ์•ฝ์  ๊ด€๋ จ ์—ฐ๊ตฌ(?) ์ค‘๊ฐ„ ์ •๋ฆฌ(feat apktool)
2 min read

[HACKING] DocumentBuilderFactory XXE ์ทจ์•ฝ์  ๊ด€๋ จ ์—ฐ๊ตฌ(?) ์ค‘๊ฐ„ ์ •๋ฆฌ(feat apktool)

security
[HACKING] Analyzing BurpLoader.jar in Burp Suite Pro Crack(Larry Lau version) Part3(Bypass Certificate expiration time)
3 min read

[HACKING] Analyzing BurpLoader.jar in Burp Suite Pro Crack(Larry Lau version) Part3(Bypass Certificate expiration time)

security
[HACKING] DocumentBuilderFactory XXE Vulnerability ๋ถ„์„(ParseDroid, apktool xxe exploit)
3 min read

[HACKING] DocumentBuilderFactory XXE Vulnerability ๋ถ„์„(ParseDroid, apktool xxe exploit)

security
[WEB HACKING] OOXML XXE with Burp Suite(OOXML XXE ๊ด€๋ จ Burp suite Extension)
1 min read

[WEB HACKING] OOXML XXE with Burp Suite(OOXML XXE ๊ด€๋ จ Burp suite Extension)

security
Reflected XSS๋ฅผ ์‰ฝ๊ฒŒ ์ฐพ์ž - Reflector Burp Suite Extension
6 min read

Reflected XSS๋ฅผ ์‰ฝ๊ฒŒ ์ฐพ์ž - Reflector Burp Suite Extension

security
[EXPLOIT] macOS High Sierra root privilege escalation ์ทจ์•ฝ์ /๋ฒ„๊ทธ์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ(code metasploit)
2 min read

[EXPLOIT] macOS High Sierra root privilege escalation ์ทจ์•ฝ์ /๋ฒ„๊ทธ์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ(code metasploit)

security system
[WEB HACKING] SQLite SQL Injection and Payload
4 min read

[WEB HACKING] SQLite SQL Injection and Payload

security
Blind XSS(Cross-Site Scripting)์™€ ๋ณด์•ˆํ…Œ์ŠคํŒ…
2 min read

Blind XSS(Cross-Site Scripting)์™€ ๋ณด์•ˆํ…Œ์ŠคํŒ…

security
[EXPLOIT] JAVA SE Web start JNLP XXE ์ทจ์•ฝ์  ๋ถ„์„(CVE-2017-10309, feat Metasploit)
5 min read

[EXPLOIT] JAVA SE Web start JNLP XXE ์ทจ์•ฝ์  ๋ถ„์„(CVE-2017-10309, feat Metasploit)

security develop
BadIntent - Android ์ทจ์•ฝ์  ๋ถ„์„์„ ์œ„ํ•œ Burp Suite Extension ๐Ÿ“ฑ
7 min read

BadIntent - Android ์ทจ์•ฝ์  ๋ถ„์„์„ ์œ„ํ•œ Burp Suite Extension ๐Ÿ“ฑ

security
OWASP Top 10 2017 RC2 Review
2 min read

OWASP Top 10 2017 RC2 Review

security
[LINUX] Install docker on kali linux(์นผ๋ฆฌ ๋ฆฌ๋ˆ…์Šค์—์„œ ๋„์ปค ์„ค์น˜ํ•˜๊ธฐ)
1 min read

[LINUX] Install docker on kali linux(์นผ๋ฆฌ ๋ฆฌ๋ˆ…์Šค์—์„œ ๋„์ปค ์„ค์น˜ํ•˜๊ธฐ)

security system
๊ฐ€์ƒ Pentest ํ™˜๊ฒฝ ๊ตฌ์„ฑ์„ ์œ„ํ•œ metasploitable2 ์„ค์น˜
4 min read

๊ฐ€์ƒ Pentest ํ™˜๊ฒฝ ๊ตฌ์„ฑ์„ ์œ„ํ•œ metasploitable2 ์„ค์น˜

security metasploit
[WEB HACKING] Bypass DOM XSS Filter/Mitigation via Script Gadgets
4 min read

[WEB HACKING] Bypass DOM XSS Filter/Mitigation via Script Gadgets

security
[SYSTEM HACKING] lynis๋ฅผ ์ด์šฉํ•œ ์‹œ์Šคํ…œ ์ทจ์•ฝ์  ์Šค์บ”(System vulnerability Scanning with lynis)
1 min read

[SYSTEM HACKING] lynis๋ฅผ ์ด์šฉํ•œ ์‹œ์Šคํ…œ ์ทจ์•ฝ์  ์Šค์บ”(System vulnerability Scanning with lynis)

security system
XCode Simulator์— App(.ipa) ํŒŒ์ผ ์„ค์น˜ํ•˜๊ธฐ
1 min read

XCode Simulator์— App(.ipa) ํŒŒ์ผ ์„ค์น˜ํ•˜๊ธฐ

security develop
[LINUX] Make a Persistent Live OS USB(๋น„ ํœ˜๋ฐœ์„ฑ Live OS ๋งŒ๋“ค๊ธฐ)
1 min read

[LINUX] Make a Persistent Live OS USB(๋น„ ํœ˜๋ฐœ์„ฑ Live OS ๋งŒ๋“ค๊ธฐ)

security system
Metasploit + OpenVAS ์—ฐ๋™ (using Docker)
2 min read

Metasploit + OpenVAS ์—ฐ๋™ (using Docker)

security metasploit
[HACKING] Kali Live OS๋ฅผ ์ด์šฉํ•œ Windows, Linux ๋ฌผ๋ฆฌ ์ ‘๊ทผ ํ•ดํ‚น
3 min read

[HACKING] Kali Live OS๋ฅผ ์ด์šฉํ•œ Windows, Linux ๋ฌผ๋ฆฌ ์ ‘๊ทผ ํ•ดํ‚น

security system
[WEB HACKING] Struts2 RCE(CVE-2017-5638, S2-045) ํ…Œ์ŠคํŠธ ๋ฐ docker file ๊ณต์œ 
2 min read

[WEB HACKING] Struts2 RCE(CVE-2017-5638, S2-045) ํ…Œ์ŠคํŠธ ๋ฐ docker file ๊ณต์œ 

security
[LINUX] How to install xfce on blackarch linux
1 min read

[LINUX] How to install xfce on blackarch linux

security system
[LINUX] BlackArch Linux install tip!
1 min read

[LINUX] BlackArch Linux install tip!

security system
[HACKING] KALI Linux 2017.2 Release Review (๋ฌด์—‡์ด ๋‹ฌ๋ผ์กŒ์„๊นŒ์š”?)
1 min read

[HACKING] KALI Linux 2017.2 Release Review (๋ฌด์—‡์ด ๋‹ฌ๋ผ์กŒ์„๊นŒ์š”?)

security system
[WEB HACKING] New attack vectors in SSRF(Server-Side Request Forgery) with URL Parser
6 min read

[WEB HACKING] New attack vectors in SSRF(Server-Side Request Forgery) with URL Parser

security
[HACKING] Android Cloak & Dagger Attack๊ณผ Toast Overlay Attack(CVE-2017-0752)
3 min read

[HACKING] Android Cloak & Dagger Attack๊ณผ Toast Overlay Attack(CVE-2017-0752)

security
Metasploit ipknock๋ฅผ ์ด์šฉํ•œ hidden meterpreter shell
8 min read

Metasploit ipknock๋ฅผ ์ด์šฉํ•œ hidden meterpreter shell

security metasploit
[EXPLOIT] Struts2 REST Plugin XStream RCE ์ทจ์•ฝ์  ๋ถ„์„(feat msf) CVE-2017-9805 / S2-052
3 min read

[EXPLOIT] Struts2 REST Plugin XStream RCE ์ทจ์•ฝ์  ๋ถ„์„(feat msf) CVE-2017-9805 / S2-052

security
Metasploit ์˜ rhosts์—์„œ Column/Tagging ์ปค์Šคํ„ฐ๋งˆ์ด์ง• ํ•˜๊ธฐ
4 min read

Metasploit ์˜ rhosts์—์„œ Column/Tagging ์ปค์Šคํ„ฐ๋งˆ์ด์ง• ํ•˜๊ธฐ

security metasploit
[WEB HACKING] Retire.js๋ฅผ ์ด์šฉํ•ด JS Library ์ทจ์•ฝ์  ์ฐพ๊ธฐ
2 min read

[WEB HACKING] Retire.js๋ฅผ ์ด์šฉํ•ด JS Library ์ทจ์•ฝ์  ์ฐพ๊ธฐ

security
[EXPLOIT] OpenSSL OOB(Out-Of-Bound) Read DOS Vulnerability. Analysis CVE-2017-3731
10 min read

[EXPLOIT] OpenSSL OOB(Out-Of-Bound) Read DOS Vulnerability. Analysis CVE-2017-3731

security
Frida๋ฅผ ์†Œ๊ฐœํ•ฉ๋‹ˆ๋‹ค! ๋ฉ€ํ‹ฐ ํ”Œ๋žซํผ ํ›„ํ‚น์„ ์œ„ํ•œ ๊ฐ€์žฅ ๊ฐ•๋ ฅํ•œ ๋„๊ตฌ ๐Ÿ˜Ž
12 min read

Frida๋ฅผ ์†Œ๊ฐœํ•ฉ๋‹ˆ๋‹ค! ๋ฉ€ํ‹ฐ ํ”Œ๋žซํผ ํ›„ํ‚น์„ ์œ„ํ•œ ๊ฐ€์žฅ ๊ฐ•๋ ฅํ•œ ๋„๊ตฌ ๐Ÿ˜Ž

security
Metasploit API์™€ msfrpcd, ๊ทธ๋ฆฌ๊ณ  NodeJS
9 min read

Metasploit API์™€ msfrpcd, ๊ทธ๋ฆฌ๊ณ  NodeJS

security develop metasploit
Metasploit-Aggregator๋ฅผ ์ด์šฉํ•œ Meterpreter session ๊ด€๋ฆฌํ•˜๊ธฐ
5 min read

Metasploit-Aggregator๋ฅผ ์ด์šฉํ•œ Meterpreter session ๊ด€๋ฆฌํ•˜๊ธฐ

security metasploit
[WEB HACKING] ์ด๋ฏธ์ง€ ํŒŒ์ผ ๋‚ด metadata์— Payload ์‚ฝ์ž…ํ•˜๊ธฐ(XSS,XXE,Meterpreter Scenario )
7 min read

[WEB HACKING] ์ด๋ฏธ์ง€ ํŒŒ์ผ ๋‚ด metadata์— Payload ์‚ฝ์ž…ํ•˜๊ธฐ(XSS,XXE,Meterpreter Scenario )

security
Automatic Exploit&Vulnerability Attack Using db_autopwn.rb
1 min read

Automatic Exploit&Vulnerability Attack Using db_autopwn.rb

security metasploit
Data Leak Scenario on Meterpreter using ADS
4 min read

Data Leak Scenario on Meterpreter using ADS

security metasploit
Privilege Escalation on Meterpreter
5 min read

Privilege Escalation on Meterpreter

security metasploit
[WEB HACKING] Web hacking and vulnerability analysis with firefox!
5 min read

[WEB HACKING] Web hacking and vulnerability analysis with firefox!

security
[MAD-METASPLOIT] 0x30 - Meterpreter?
2 min read

[MAD-METASPLOIT] 0x30 - Meterpreter?

security metasploit
Meterpreter๋ฅผ ์ด์šฉํ•œ Windows7 UAC ์šฐํšŒํ•˜๊ธฐ
3 min read

Meterpreter๋ฅผ ์ด์šฉํ•œ Windows7 UAC ์šฐํšŒํ•˜๊ธฐ

security metasploit
[MAD-METASPLOIT] 0x41 - Armitage
1 min read

[MAD-METASPLOIT] 0x41 - Armitage

security metasploit
[MAD-METASPLOIT] 0x40 - Anti Forensic
2 min read

[MAD-METASPLOIT] 0x40 - Anti Forensic

security metasploit
[MAD-METASPLOIT] 0x34 - Persistence Backdoor
1 min read

[MAD-METASPLOIT] 0x34 - Persistence Backdoor

security metasploit
[MAD-METASPLOIT] 0x33 - Using post module
2 min read

[MAD-METASPLOIT] 0x33 - Using post module

security metasploit
[MAD-METASPLOIT] 0x32 - Privilige Escalation
1 min read

[MAD-METASPLOIT] 0x32 - Privilige Escalation

security metasploit
[MAD-METASPLOIT] 0x21 - Browser attack
2 min read

[MAD-METASPLOIT] 0x21 - Browser attack

security metasploit
[MAD-METASPLOIT] 0x22 - Malware and Infection
1 min read

[MAD-METASPLOIT] 0x22 - Malware and Infection

security metasploit
[MAD-METASPLOIT] 0x31 - Migrate & Hiding process
1 min read

[MAD-METASPLOIT] 0x31 - Migrate & Hiding process

security metasploit
[MAD-METASPLOIT] 0x20 - Remote Exploit
4 min read

[MAD-METASPLOIT] 0x20 - Remote Exploit

security metasploit
[MAD-METASPLOIT] 0x12 - Vulnerability Scanning
2 min read

[MAD-METASPLOIT] 0x12 - Vulnerability Scanning

security metasploit
[MAD-METASPLOIT] 0x11 - Network scanning using Auxiliary Module
7 min read

[MAD-METASPLOIT] 0x11 - Network scanning using Auxiliary Module

security metasploit
[MAD-METASPLOIT] 0x10 - Port scanning
3 min read

[MAD-METASPLOIT] 0x10 - Port scanning

security metasploit
[MAD-METASPLOIT] 0x02 - Database setting and workspace
1 min read

[MAD-METASPLOIT] 0x02 - Database setting and workspace

security metasploit
[MAD-METASPLOIT] 0x01 - MSF Architecture
2 min read

[MAD-METASPLOIT] 0x01 - MSF Architecture

security metasploit
[MAD-METASPLOIT] 0x00 - Metasploit?
1 min read

[MAD-METASPLOIT] 0x00 - Metasploit?

security metasploit
[METASPLOIT] DB ์—ฐ๋™ ์ดํ›„ ๋ฐœ์ƒํ•˜๋Š” Module database cache not built yet(slow search) ํ•ด๊ฒฐํ•˜๊ธฐ
1 min read

[METASPLOIT] DB ์—ฐ๋™ ์ดํ›„ ๋ฐœ์ƒํ•˜๋Š” Module database cache not built yet(slow search) ํ•ด๊ฒฐํ•˜๊ธฐ

security metasploit
[METASPLOIT] msgrpc ์„œ๋ฒ„๋ฅผ ์ด์šฉํ•˜์—ฌ msfconsole๊ณผ armitage ์—ฐ๋™ํ•˜๊ธฐ
1 min read

[METASPLOIT] msgrpc ์„œ๋ฒ„๋ฅผ ์ด์šฉํ•˜์—ฌ msfconsole๊ณผ armitage ์—ฐ๋™ํ•˜๊ธฐ

security metasploit
[WEB HACKING] WebKit JSC ์ทจ์•ฝ์ ์„ ํ†ตํ•œ SOP ์šฐํšŒ(WebKit base browser XSS Technique)
4 min read

[WEB HACKING] WebKit JSC ์ทจ์•ฝ์ ์„ ํ†ตํ•œ SOP ์šฐํšŒ(WebKit base browser XSS Technique)

security
[HACKING] Closed network infection scenario and Detecting hidden networks (Using USB/Exploit)
6 min read

[HACKING] Closed network infection scenario and Detecting hidden networks (Using USB/Exploit)

security
AngularJS Sandbox Escape๋กœ ์•Œ์•„๋ณด๋Š” constructor XSS์™€ Prototype Pollution
6 min read

AngularJS Sandbox Escape๋กœ ์•Œ์•„๋ณด๋Š” constructor XSS์™€ Prototype Pollution

security
[METASPLOIT] Writing Custom Plugin for metasploit
4 min read

[METASPLOIT] Writing Custom Plugin for metasploit

security develop metasploit
Metasploit resource script์™€ ruby code๋กœ ์ปค์Šคํ„ฐ๋งˆ์ด์ง• ํ•˜๊ธฐ
5 min read

Metasploit resource script์™€ ruby code๋กœ ์ปค์Šคํ„ฐ๋งˆ์ด์ง• ํ•˜๊ธฐ

security metasploit
[WEB HACKING] Easily trigger event handler for XSS/ClickJacking
3 min read

[WEB HACKING] Easily trigger event handler for XSS/ClickJacking" using CSS(or stylesheet)

security
[HACKING] Analyzing BurpLoader.jar in Burp Suite Pro Crack(Larry Lau version) Part2
3 min read

[HACKING] Analyzing BurpLoader.jar in Burp Suite Pro Crack(Larry Lau version) Part2

security
[HACKING] Symbolic Execution(symbolic evaluation)์„ ์ด์šฉํ•œ ์ทจ์•ฝ์  ๋ถ„์„
3 min read

[HACKING] Symbolic Execution(symbolic evaluation)์„ ์ด์šฉํ•œ ์ทจ์•ฝ์  ๋ถ„์„

security
Bypass XSS filter with back-tick(JS Template Literal String)
3 min read

Bypass XSS filter with back-tick(JS Template Literal String)

security
[WEB HACKING] SWF Debugging with ffdec(jpexs)
1 min read

[WEB HACKING] SWF Debugging with ffdec(jpexs)

security
[WEB HACKING] SWF(Flash) Vulnerability Analysis Techniques
6 min read

[WEB HACKING] SWF(Flash) Vulnerability Analysis Techniques

security
[METASPLOIT] msfconsole ๋‚ด Prompt ์„ค์ •ํ•˜๊ธฐ
1 min read

[METASPLOIT] msfconsole ๋‚ด Prompt ์„ค์ •ํ•˜๊ธฐ

security metasploit
OOXML XXE Vulnerability (Exploiting XXE In file upload Function!)
4 min read

OOXML XXE Vulnerability (Exploiting XXE In file upload Function!)

security
[DEBIAN] Thunder Bird์—์„œ Anigmail, GnuPG(gpg)๋ฅผ ํ†ตํ•œ ์ด๋ฉ”์ผ ์•”ํ˜ธํ™”
3 min read

[DEBIAN] Thunder Bird์—์„œ Anigmail, GnuPG(gpg)๋ฅผ ํ†ตํ•œ ์ด๋ฉ”์ผ ์•”ํ˜ธํ™”

security system
Parameter Padding for Attack a JSON CSRF
1 min read

Parameter Padding for Attack a JSON CSRF

security
[HACKING] Eternalblue vulnerability&exploit and msf code
6 min read

[HACKING] Eternalblue vulnerability&exploit and msf code

security
[EXPLOIT] Linux Kernel - Packet Socket Local root Privilege Escalation(CVE-2017-7308,out-of-bound) ๋ถ„์„
13 min read

[EXPLOIT] Linux Kernel - Packet Socket Local root Privilege Escalation(CVE-2017-7308,out-of-bound) ๋ถ„์„

security system
Form action + data:๋ฅผ ์ด์šฉํ•œ XSS Filtering ์šฐํšŒ ๊ธฐ๋ฒ•
1 min read

Form action + data:๋ฅผ ์ด์šฉํ•œ XSS Filtering ์šฐํšŒ ๊ธฐ๋ฒ•

security
Apache Struts2 RCE Vulnerability(CVE-2017-5638/S2-045)
2 min read

Apache Struts2 RCE Vulnerability(CVE-2017-5638/S2-045)

security
Bypass XSS Blank filtering with Forward Slash
2 min read

Bypass XSS Blank filtering with Forward Slash

security
[METASPLOIT] Hardware pentest using metasploit - Hardware-Bridge
4 min read

[METASPLOIT] Hardware pentest using metasploit - Hardware-Bridge

security metasploit
[HACKING] Lavabit&Magma - Encrypted Email Service (Dark Mail Alliance)
2 min read

[HACKING] Lavabit&Magma - Encrypted Email Service (Dark Mail Alliance)

security
[HACKING] Microsoft Windows Kernel Win32k.sys Local Privilege Escalation Vulnerability ๋ถ„์„(CVE-2016-7255/MS16-135)
21 min read

[HACKING] Microsoft Windows Kernel Win32k.sys Local Privilege Escalation Vulnerability ๋ถ„์„(CVE-2016-7255/MS16-135)

security system
[WEB HACKING] PHP Comparison Operators Vulnerability for Password Cracking
3 min read

[WEB HACKING] PHP Comparison Operators Vulnerability for Password Cracking

security develop
์ •๊ทœํ‘œํ˜„์‹์„ ์ด์šฉํ•œ XSS ์šฐํšŒ ๊ธฐ๋ฒ•
4 min read

์ •๊ทœํ‘œํ˜„์‹์„ ์ด์šฉํ•œ XSS ์šฐํšŒ ๊ธฐ๋ฒ•

security
HTML AccessKey and Hidden XSS (Trigger AccessKey and Hidden XSS)
3 min read

HTML AccessKey and Hidden XSS (Trigger AccessKey and Hidden XSS)

security
SOP(Same-Origin Policy)์™€ Web Security
3 min read

SOP(Same-Origin Policy)์™€ Web Security

security develop
[WEB HACKING] Web Vulnerability scanning with VEGA WVS(VAGA๋ฅผ ์ด์šฉํ•œ ์›น ์ทจ์•ฝ์  ์Šค์บ”)
2 min read

[WEB HACKING] Web Vulnerability scanning with VEGA WVS(VAGA๋ฅผ ์ด์šฉํ•œ ์›น ์ทจ์•ฝ์  ์Šค์บ”)

security
[EXPLOIT] IE VBScript Engine Memory Corruption ๋ถ„์„(Analysis a CVE-2016-0189)
9 min read

[EXPLOIT] IE VBScript Engine Memory Corruption ๋ถ„์„(Analysis a CVE-2016-0189)

security
[EXPLOIT] MySQL(MariaDB/PerconaDB) Root Privilege Escalation(Symlink attack)
5 min read

[EXPLOIT] MySQL(MariaDB/PerconaDB) Root Privilege Escalation(Symlink attack)

security
[EXPLOIT] MySQL(MariaDB/PerconaDB) Remote Code Execution and Privilege Escalation(CVE-2016-6662)
13 min read

[EXPLOIT] MySQL(MariaDB/PerconaDB) Remote Code Execution and Privilege Escalation(CVE-2016-6662)

security
postMessage๋ฅผ ์ด์šฉํ•œ XSS์™€ Info Leak
8 min read

postMessage๋ฅผ ์ด์šฉํ•œ XSS์™€ Info Leak

security
BurpSuite์˜ ๋‹จ์ถ•ํ‚ค(Hotkey) ์†Œ๊ฐœ ๋ฐ ๋ณ€๊ฒฝํ•˜๊ธฐ
2 min read

BurpSuite์˜ ๋‹จ์ถ•ํ‚ค(Hotkey) ์†Œ๊ฐœ ๋ฐ ๋ณ€๊ฒฝํ•˜๊ธฐ

security
[CODING] WebSocket - Overview , Protocol/API and Security
2 min read

[CODING] WebSocket - Overview , Protocol/API and Security

security develop
[HACKING] Mobile Application Vulnerability Research Guide(OWASP Mobile Security Project)
7 min read

[HACKING] Mobile Application Vulnerability Research Guide(OWASP Mobile Security Project)

security
Meterpreter Railgun! ๊ณต๊ฒฉํ•˜๊ณ  ํ™•์žฅํ•˜์ž ๐Ÿฆน๐Ÿผ
6 min read

Meterpreter Railgun! ๊ณต๊ฒฉํ•˜๊ณ  ํ™•์žฅํ•˜์ž ๐Ÿฆน๐Ÿผ

security metasploit
[HACKING] BlackArch Linux Install, Review (Arch linux for Pentest)
2 min read

[HACKING] BlackArch Linux Install, Review (Arch linux for Pentest)

security system
Paranoid Mode! SSL Certified Meterpreter shell
4 min read

Paranoid Mode! SSL Certified Meterpreter shell

security metasploit
[EXPLOIT] GNU Wget 1.18 Arbitrary File Upload/Remote Code Execution ๋ถ„์„(Analysis)
5 min read

[EXPLOIT] GNU Wget 1.18 Arbitrary File Upload/Remote Code Execution ๋ถ„์„(Analysis)

security
PUT/DELETE CSRF(Cross-site Request Forgrey) Attack
5 min read

PUT/DELETE CSRF(Cross-site Request Forgrey) Attack

security
HIDDEN:XSS - <input type=hidden> ์—์„œ์˜ XSS
5 min read

HIDDEN:XSS - ์—์„œ์˜ XSS

security
[WEB HACKING] Making XSS Keylogger(XSS Keylogger ๋งŒ๋“ค๊ธฐ)
2 min read

[WEB HACKING] Making XSS Keylogger(XSS Keylogger ๋งŒ๋“ค๊ธฐ)

security
[HACKING] JDWP(Java Debug Wire Protocol) Remote Code Execution
6 min read

[HACKING] JDWP(Java Debug Wire Protocol) Remote Code Execution

security
Anti-XSS Filter Evasion of XSS
9 min read

Anti-XSS Filter Evasion of XSS

security
[WEB HACKING] Reflected File Download(RFD) Attack
3 min read

[WEB HACKING] Reflected File Download(RFD) Attack

security
[WEB HACKING] XDE(XSS DOM-base Evasion) Attack
4 min read

[WEB HACKING] XDE(XSS DOM-base Evasion) Attack

security
[WEB HACKING] SWF๋‚ด DEBUG Password Crack ํ•˜๊ธฐ(Cracking DEBUG password in SWF flash file / EnableDebugger2)
2 min read

[WEB HACKING] SWF๋‚ด DEBUG Password Crack ํ•˜๊ธฐ(Cracking DEBUG password in SWF flash file / EnableDebugger2)

security
[WEB HACKING] DotDotPwn - The Path Traversal Fuzzer(DDP๋ฅผ ์ด์šฉํ•œ Path Traversal)
3 min read

[WEB HACKING] DotDotPwn - The Path Traversal Fuzzer(DDP๋ฅผ ์ด์šฉํ•œ Path Traversal)

security
[WEB HACKING] Apache Struts2 DMI REC(Remote Command Executeion) Vulnerability(CVE-2016-3081)
2 min read

[WEB HACKING] Apache Struts2 DMI REC(Remote Command Executeion) Vulnerability(CVE-2016-3081)

security
Apache Struts2 REC Vulnerability (CVE-2016-0785)
3 min read

Apache Struts2 REC Vulnerability (CVE-2016-0785)

security
Google Hacking(๊ตฌ๊ธ€ํ•ดํ‚น) - ๊ฒ€์ƒ‰์—”์ง„์„ ์ด์šฉํ•œ ํ•ดํ‚น ๊ธฐ์ˆ 
1 min read

Google Hacking(๊ตฌ๊ธ€ํ•ดํ‚น) - ๊ฒ€์ƒ‰์—”์ง„์„ ์ด์šฉํ•œ ํ•ดํ‚น ๊ธฐ์ˆ 

security
[HACKING] Social Engineering Attack(์†Œ์…œ ์—”์ง€๋‹ˆ์–ด๋ง) - ์ŠคํŒŒ์ด ๊ฐ™์€ ํ•ดํ‚น
4 min read

[HACKING] Social Engineering Attack(์†Œ์…œ ์—”์ง€๋‹ˆ์–ด๋ง) - ์ŠคํŒŒ์ด ๊ฐ™์€ ํ•ดํ‚น

security
[HACKING] Phase of Ethical Hacking Phase5 - Covering Tracks
3 min read

[HACKING] Phase of Ethical Hacking Phase5 - Covering Tracks

security
[HACKING] Phase of Ethical Hacking Phase4 - Maintaining Access
2 min read

[HACKING] Phase of Ethical Hacking Phase4 - Maintaining Access

security
[HACKING] Phase of Ethical Hacking Phase3 - Gaining Access
4 min read

[HACKING] Phase of Ethical Hacking Phase3 - Gaining Access

security
[HACKING] Phase of Ethical Hacking Phase2 - Scanning/Enumeration
2 min read

[HACKING] Phase of Ethical Hacking Phase2 - Scanning/Enumeration

security
[HACKING] Phase of Ethical Hacking Phase1 - Reconnaissance/Footprinting
2 min read

[HACKING] Phase of Ethical Hacking Phase1 - Reconnaissance/Footprinting

security
[HACKING] Phase of Ethical Hacking/Pentest(๋ชจ์˜/์œค๋ฆฌํ•ดํ‚น์˜ ๋‹จ๊ณ„)
3 min read

[HACKING] Phase of Ethical Hacking/Pentest(๋ชจ์˜/์œค๋ฆฌํ•ดํ‚น์˜ ๋‹จ๊ณ„)

security
[HACKING] OpenSSL Client ์—์„œ SSLv2 ์‚ฌ์šฉํ•˜๊ธฐ(Check DROWN Attack)
1 min read

[HACKING] OpenSSL Client ์—์„œ SSLv2 ์‚ฌ์šฉํ•˜๊ธฐ(Check DROWN Attack)

security
[HACKING] SSLv2 DROWN Attack(CVE-2016-0800) ์ทจ์•ฝ์  ๋ถ„์„ / ๋Œ€์‘๋ฐฉ์•ˆ
3 min read

[HACKING] SSLv2 DROWN Attack(CVE-2016-0800) ์ทจ์•ฝ์  ๋ถ„์„ / ๋Œ€์‘๋ฐฉ์•ˆ

security
[HACKING] NMAP Part2 - NSE(Nmap Script Engine)์„ ์ด์šฉํ•œ ์ทจ์•ฝ์  ์Šค์บ๋‹(Vulnerability scan with NSE Script)
2 min read

[HACKING] NMAP Part2 - NSE(Nmap Script Engine)์„ ์ด์šฉํ•œ ์ทจ์•ฝ์  ์Šค์บ๋‹(Vulnerability scan with NSE Script)

security
[HACKING] NMAP Part1 - nmap์„ ์ด์šฉํ•œ ์—ฌ๋Ÿฌ๊ฐ€์ง€ ๋„คํŠธ์›Œํฌ ์Šค์บ” ๊ธฐ๋ฒ•(network scan with nmap)
3 min read

[HACKING] NMAP Part1 - nmap์„ ์ด์šฉํ•œ ์—ฌ๋Ÿฌ๊ฐ€์ง€ ๋„คํŠธ์›Œํฌ ์Šค์บ” ๊ธฐ๋ฒ•(network scan with nmap)

security
Arachni - Web application security scanner framework
1 min read

Arachni - Web application security scanner framework

security
MSF์˜ local_exploit_suggester ๋ชจ๋“ˆ์„ ์ด์šฉํ•œ Local Exploit ์ฐพ๊ธฐ
3 min read

MSF์˜ local_exploit_suggester ๋ชจ๋“ˆ์„ ์ด์šฉํ•œ Local Exploit ์ฐพ๊ธฐ

security metasploit
[HACKING] steghide๋ฅผ ์ด์šฉํ•œ Steganography(Embed/Extract Steganography with steghide)
7 min read

[HACKING] steghide๋ฅผ ์ด์šฉํ•œ Steganography(Embed/Extract Steganography with steghide)

security
[METASPLOIT] Default Shell์„ Meterpreter Shell๋กœ ์—…๊ทธ๋ ˆ์ด๋“œํ•˜๊ธฐ(Nomal Shell to Meterpreter shell)
1 min read

[METASPLOIT] Default Shell์„ Meterpreter Shell๋กœ ์—…๊ทธ๋ ˆ์ด๋“œํ•˜๊ธฐ(Nomal Shell to Meterpreter shell)

security metasploit
SQLNinja๋ฅผ ์ด์šฉํ•œ SQL Injection ํ…Œ์ŠคํŒ…
2 min read

SQLNinja๋ฅผ ์ด์šฉํ•œ SQL Injection ํ…Œ์ŠคํŒ…

security
[SYSTEM HACKING] Remote NFS Mount ๋ฐ Metasploit nfs/nfsmount ๋ชจ๋“ˆ์„ ์ด์šฉํ•œ NFS Scan/Access
1 min read

[SYSTEM HACKING] Remote NFS Mount ๋ฐ Metasploit nfs/nfsmount ๋ชจ๋“ˆ์„ ์ด์šฉํ•œ NFS Scan/Access

security metasploit
[SYSTEM HACKING] RPC Port Map Dump๋ฅผ ์ด์šฉํ•œ ์„œ๋น„์Šค Port ํ™•์ธ
1 min read

[SYSTEM HACKING] RPC Port Map Dump๋ฅผ ์ด์šฉํ•œ ์„œ๋น„์Šค Port ํ™•์ธ

security system
A2SV(Auto Scanning to SSL Vulnerability) - SSL ์ทจ์•ฝ์  ์ ๊ฒ€ ๋„๊ตฌ
2 min read

A2SV(Auto Scanning to SSL Vulnerability) - SSL ์ทจ์•ฝ์  ์ ๊ฒ€ ๋„๊ตฌ

security
[EXPLOIT] Android sensord Local Root Exploit ๋ถ„์„(Android Exploit Anlaysis)
10 min read

[EXPLOIT] Android sensord Local Root Exploit ๋ถ„์„(Android Exploit Anlaysis)

security
[EXPLOIT] Linux Kernel REFCOUNT Overflow/UAF in Keyrings ์ทจ์•ฝ์  ๋ถ„์„
7 min read

[EXPLOIT] Linux Kernel REFCOUNT Overflow/UAF in Keyrings ์ทจ์•ฝ์  ๋ถ„์„

security system
JWT(JSON Web Token) ์ธ์ฆ๋ฐฉ์‹๊ณผ ๋ณด์•ˆํ…Œ์ŠคํŒ…, ์ทจ์•ฝ์  ๋ถ„์„
3 min read

JWT(JSON Web Token) ์ธ์ฆ๋ฐฉ์‹๊ณผ ๋ณด์•ˆํ…Œ์ŠคํŒ…, ์ทจ์•ฝ์  ๋ถ„์„

security
[EXPLOIT] Linux Kernel Overlayfs - Local Privilege Escalation ์ทจ์•ฝ์  ๋ถ„์„
8 min read

[EXPLOIT] Linux Kernel Overlayfs - Local Privilege Escalation ์ทจ์•ฝ์  ๋ถ„์„

security system
Java Applet์„ ์ด์šฉํ•œ ๊ณต๊ฒฉ ๋ฐฉ๋ฒ•๋“ค
4 min read

Java Applet์„ ์ด์šฉํ•œ ๊ณต๊ฒฉ ๋ฐฉ๋ฒ•๋“ค

security develop
TOCTOU(Time-of-check Time-of-use) Race Condition
2 min read

TOCTOU(Time-of-check Time-of-use) Race Condition

security system
MongoDB Injection์œผ๋กœ ์•Œ์•„๋ณด๋Š” NoSQL Injection
4 min read

MongoDB Injection์œผ๋กœ ์•Œ์•„๋ณด๋Š” NoSQL Injection

security
[WEB HACKING] XXN Attack(X-XSS-Nightmare) :: R-XSS Bypass Browser XSS Filter
3 min read

[WEB HACKING] XXN Attack(X-XSS-Nightmare) :: R-XSS Bypass Browser XSS Filter

security
[SYSTEM HACKING] ShellNoob๋ฅผ ์ด์šฉํ•œ Shellcode ์ž‘์„ฑ ๋ฐ ํ™œ์šฉ (Writing Shell Code with ShellNoob || Install and Using ShellNoob)
4 min read

[SYSTEM HACKING] ShellNoob๋ฅผ ์ด์šฉํ•œ Shellcode ์ž‘์„ฑ ๋ฐ ํ™œ์šฉ (Writing Shell Code with ShellNoob || Install and Using ShellNoob)

security system
64bit Linux Execve Shell Code ๋งŒ๋“ค๊ธฐ
6 min read

64bit Linux Execve Shell Code ๋งŒ๋“ค๊ธฐ

security system
[EXPLOIT] Joomla 1.5 Object Injection & Remote Command Execution ์ฝ”๋“œ ๋ถ„์„(Code Analysis)
3 min read

[EXPLOIT] Joomla 1.5 Object Injection & Remote Command Execution ์ฝ”๋“œ ๋ถ„์„(Code Analysis)

security
JS,CSS๋ฅผ ์ด์šฉํ•ด ํŒ์—… ๋ ˆ์ด์–ด ๋งŒ๋“ค๊ธฐ
2 min read

JS,CSS๋ฅผ ์ด์šฉํ•ด ํŒ์—… ๋ ˆ์ด์–ด ๋งŒ๋“ค๊ธฐ

security develop
[WEB HACKING] Weevely๋ฅผ ์ด์šฉํ•˜์—ฌ Stealth Webshell ๋งŒ๋“ค๊ธฐ(weevely ์„ค์น˜ ๋ฐ ์‚ฌ์šฉ)
4 min read

[WEB HACKING] Weevely๋ฅผ ์ด์šฉํ•˜์—ฌ Stealth Webshell ๋งŒ๋“ค๊ธฐ(weevely ์„ค์น˜ ๋ฐ ์‚ฌ์šฉ)

security
Burp Suite๋ฅผ ํ†ตํ•œ Android SSL Packet ๋ถ„์„(Android Proxy + SSL Certificate)
1 min read

Burp Suite๋ฅผ ํ†ตํ•œ Android SSL Packet ๋ถ„์„(Android Proxy + SSL Certificate)

security
HSTS(Http Strict Transport Security)์™€ ๋ณด์•ˆ/์นจํˆฌ ํ…Œ์ŠคํŠธ
2 min read

HSTS(Http Strict Transport Security)์™€ ๋ณด์•ˆ/์นจํˆฌ ํ…Œ์ŠคํŠธ

security
[SYSTEM HACKING] Peach Fuzzer์˜ GUI ๋ชจ๋“œ - Peach3 Fuzz Bang(Run Peach Fuzzer on GUI Interface)
1 min read

[SYSTEM HACKING] Peach Fuzzer์˜ GUI ๋ชจ๋“œ - Peach3 Fuzz Bang(Run Peach Fuzzer on GUI Interface)

security
[SYSTEM HACKING] Peach Fuzzer๋ฅผ ํ†ตํ•ด Application ๋ถ„์„ 2 - Application Fuzzing for Exploit
8 min read

[SYSTEM HACKING] Peach Fuzzer๋ฅผ ํ†ตํ•ด Application ๋ถ„์„ 2 - Application Fuzzing for Exploit

security
[SYSTEM HACKING] Peach Fuzzer๋ฅผ ํ†ตํ•ด Application ๋ถ„์„ 1 - Install Peach Fuzzer
3 min read

[SYSTEM HACKING] Peach Fuzzer๋ฅผ ํ†ตํ•ด Application ๋ถ„์„ 1 - Install Peach Fuzzer

security
[SYSTEM HACKING] Melkor ELF(Binary) Fuzzer ์„ค์น˜ ๋ฐ ์‚ฌ์šฉ๋ฒ•(Install and Usage)
4 min read

[SYSTEM HACKING] Melkor ELF(Binary) Fuzzer ์„ค์น˜ ๋ฐ ์‚ฌ์šฉ๋ฒ•(Install and Usage)

security
[HACKING] APKInspector๋ฅผ ์ด์šฉํ•œ Android Malware ๋ถ„์„ํ•˜๊ธฐ 2 - APKInspector๋ฅผ ์ด์šฉํ•œ Malware Analysis
3 min read

[HACKING] APKInspector๋ฅผ ์ด์šฉํ•œ Android Malware ๋ถ„์„ํ•˜๊ธฐ 2 - APKInspector๋ฅผ ์ด์šฉํ•œ Malware Analysis

security
[HACKING] APKInspector๋ฅผ ์ด์šฉํ•œ Android Malware ๋ถ„์„ํ•˜๊ธฐ 1 - APKInspector ์„ค์น˜ํ•˜๊ธฐ(Install APKInspector)
2 min read

[HACKING] APKInspector๋ฅผ ์ด์šฉํ•œ Android Malware ๋ถ„์„ํ•˜๊ธฐ 1 - APKInspector ์„ค์น˜ํ•˜๊ธฐ(Install APKInspector)

security
Binary ๋ถ„์„์„ ํ†ตํ•ด ์–ดํ”Œ๋ฆฌ์ผ€์ด์…˜์— ํฌํ•จ๋œ ์ˆจ๊ฒจ์ง„ ๋ฐ์ดํ„ฐ ์ฐพ์•„๋‚ด๊ธฐ
4 min read

Binary ๋ถ„์„์„ ํ†ตํ•ด ์–ดํ”Œ๋ฆฌ์ผ€์ด์…˜์— ํฌํ•จ๋œ ์ˆจ๊ฒจ์ง„ ๋ฐ์ดํ„ฐ ์ฐพ์•„๋‚ด๊ธฐ

security
[WEB HACKING] URL Redirection & URL Forwards ์šฐํšŒ ๊ธฐ๋ฒ•(Bypass Redirection Filtering)
3 min read

[WEB HACKING] URL Redirection & URL Forwards ์šฐํšŒ ๊ธฐ๋ฒ•(Bypass Redirection Filtering)

security
[EXPLOIT] OpenSSL Alternative Chains Certificate Forgery (CVE-2015-1793) ์ทจ์•ฝ์  ๋ถ„์„
4 min read

[EXPLOIT] OpenSSL Alternative Chains Certificate Forgery (CVE-2015-1793) ์ทจ์•ฝ์  ๋ถ„์„

security
[EXPLOIT] ์‚ผ์„ฑ(Samsung) SecEmailUI.apk ์ทจ์•ฝ์ (Vulnerability SecEmailUI.apk on Android) #edb-38554 / CVE-2015-7893
3 min read

[EXPLOIT] ์‚ผ์„ฑ(Samsung) SecEmailUI.apk ์ทจ์•ฝ์ (Vulnerability SecEmailUI.apk on Android) #edb-38554 / CVE-2015-7893

security
[METASPLOIT] Android Meterpreter Shell ๋ถ„์„ - Part 1 Meterpreter APK Analysis
2 min read

[METASPLOIT] Android Meterpreter Shell ๋ถ„์„ - Part 1 Meterpreter APK Analysis

security metasploit
[METASPLOIT] Metasploit Custom Scanner ๋งŒ๋“ค๊ธฐ(Make Simple Scan Module)
2 min read

[METASPLOIT] Metasploit Custom Scanner ๋งŒ๋“ค๊ธฐ(Make Simple Scan Module)

security metasploit
[METASPLOIT] Metasploit์—์„œ generate ๋ช…๋ น์„ ํ†ตํ•ด payload ์ƒ์„ฑํ•˜๊ธฐ(generate shellcode on metasploit)
3 min read

[METASPLOIT] Metasploit์—์„œ generate ๋ช…๋ น์„ ํ†ตํ•ด payload ์ƒ์„ฑํ•˜๊ธฐ(generate shellcode on metasploit)

security metasploit
ActiveX ์ทจ์•ฝ์  ๋ถ„์„ ๋ฐฉ๋ฒ•(ActiveX Vulnerability Analysis)
4 min read

ActiveX ์ทจ์•ฝ์  ๋ถ„์„ ๋ฐฉ๋ฒ•(ActiveX Vulnerability Analysis)

security
[HACKING] BDF(BackDoor-Factory) ์„ค์น˜ ๋ฐ exe ํŒŒ์ผ์— backdoor ํŒจ์น˜ํ•˜๊ธฐ(patch executable binaries with user desired shellcode)
4 min read

[HACKING] BDF(BackDoor-Factory) ์„ค์น˜ ๋ฐ exe ํŒŒ์ผ์— backdoor ํŒจ์น˜ํ•˜๊ธฐ(patch executable binaries with user desired shellcode)

security
[METASPLOIT] Veil Framework(Payload Generator)๋ฅผ ์ด์šฉํ•œ Antivirus ์šฐํšŒํ•˜๊ธฐ
1 min read

[METASPLOIT] Veil Framework(Payload Generator)๋ฅผ ์ด์šฉํ•œ Antivirus ์šฐํšŒํ•˜๊ธฐ

security metasploit
[Exploit] SSLv3 POODLE Attack ํ™•์ธ ๋ฐ ๋Œ€์‘๋ฐฉ์•ˆ(Check and Modify)
4 min read

[Exploit] SSLv3 POODLE Attack ํ™•์ธ ๋ฐ ๋Œ€์‘๋ฐฉ์•ˆ(Check and Modify)

security
[EXPLOIT] StageFright Exploit Code ๋ถ„์„(StageFrigt Exploit Analysis)
10 min read

[EXPLOIT] StageFright Exploit Code ๋ถ„์„(StageFrigt Exploit Analysis)

security
[EXPLOIT] YESWIKI 2.0 Path Traversal Vulnerability
1 min read

[EXPLOIT] YESWIKI 2.0 Path Traversal Vulnerability

security
/proc/self/maps ํŒŒ์ผ์„ ์ด์šฉํ•˜์—ฌ ์‹คํ–‰์ค‘์ธ ์‹œ์Šคํ…œ ๋ฉ”๋ชจ๋ฆฌ ์ฃผ์†Œ ํ™•์ธํ•˜๊ธฐ
1 min read

/proc/self/maps ํŒŒ์ผ์„ ์ด์šฉํ•˜์—ฌ ์‹คํ–‰์ค‘์ธ ์‹œ์Šคํ…œ ๋ฉ”๋ชจ๋ฆฌ ์ฃผ์†Œ ํ™•์ธํ•˜๊ธฐ

security system
[HACKING] Android UnPacker - APK ๋‚œ๋…ํ™” ํ’€๊ธฐ(APK Deobfuscation)
3 min read

[HACKING] Android UnPacker - APK ๋‚œ๋…ํ™” ํ’€๊ธฐ(APK Deobfuscation)

security
[SYSTEM HACKING] RIPS - Source Code Vulnerability Scanner(์†Œ์Šค์ฝ”๋“œ ์ทจ์•ฝ์  ๋ถ„์„ ํˆด)
1 min read

[SYSTEM HACKING] RIPS - Source Code Vulnerability Scanner(์†Œ์Šค์ฝ”๋“œ ์ทจ์•ฝ์  ๋ถ„์„ ํˆด)

security
[HACKING] TOR๋ฅผ ์ด์šฉํ•˜์—ฌ ์ต๋ช… ๋„คํŠธ์›Œํฌ ์‚ฌ์šฉํ•˜๊ธฐ(Anonymity Network Using Tor) on linux
1 min read

[HACKING] TOR๋ฅผ ์ด์šฉํ•˜์—ฌ ์ต๋ช… ๋„คํŠธ์›Œํฌ ์‚ฌ์šฉํ•˜๊ธฐ(Anonymity Network Using Tor) on linux

security system
Trinity๋ฅผ ํ™œ์šฉํ•œ System call Fuzzing
3 min read

Trinity๋ฅผ ํ™œ์šฉํ•œ System call Fuzzing

security system
[METASPLOIT] Metasploit ์„ค์น˜(bundle install) ์‹œ ๋ฐœ์ƒ ์—๋Ÿฌ ์ฒ˜๋ฆฌ(Install Metasploit troubleshooting)
2 min read

[METASPLOIT] Metasploit ์„ค์น˜(bundle install) ์‹œ ๋ฐœ์ƒ ์—๋Ÿฌ ์ฒ˜๋ฆฌ(Install Metasploit troubleshooting)

security metasploit
[SYSTEM HACKING] ์†Œํ”„ํŠธ์›จ์–ด ๋ฒ„๊ทธ๋ฅผ ์ด์šฉํ•œ ์‹œ์Šคํ…œ ์ทจ์•ฝ์ /ํ•ดํ‚น(System vulnerability&hacking use software bug)
2 min read

[SYSTEM HACKING] ์†Œํ”„ํŠธ์›จ์–ด ๋ฒ„๊ทธ๋ฅผ ์ด์šฉํ•œ ์‹œ์Šคํ…œ ์ทจ์•ฝ์ /ํ•ดํ‚น(System vulnerability&hacking use software bug)

security
[HACKING] katoolin ์„ ์ด์šฉํ•œ Kali Linux Hacking tool ๊ฐ„ํŽธ ์„ค์น˜(Easy Install Kali Linux Hacking Tool)
3 min read

[HACKING] katoolin ์„ ์ด์šฉํ•œ Kali Linux Hacking tool ๊ฐ„ํŽธ ์„ค์น˜(Easy Install Kali Linux Hacking Tool)

security system
[HACKING] BeEF(The Browser Exploitation Framework) ์„ค์น˜ํ•˜๊ธฐ(Install BeEF on Debian)
1 min read

[HACKING] BeEF(The Browser Exploitation Framework) ์„ค์น˜ํ•˜๊ธฐ(Install BeEF on Debian)

security
[METASPLOIT] Metasploit์˜ AutoRunScript๋ฅผ ์ด์šฉํ•œ ์นจํˆฌ ํ›„ ์ž๋™ ํ™˜๊ฒฝ ๊ตฌ์„ฑ
1 min read

[METASPLOIT] Metasploit์˜ AutoRunScript๋ฅผ ์ด์šฉํ•œ ์นจํˆฌ ํ›„ ์ž๋™ ํ™˜๊ฒฝ ๊ตฌ์„ฑ

security metasploit
[METASPLOIT] Metasploit ์„ ์ด์šฉํ•œ HashDump ๋ฐ Password Crack(John the Ripper)
3 min read

[METASPLOIT] Metasploit ์„ ์ด์šฉํ•œ HashDump ๋ฐ Password Crack(John the Ripper)

security metasploit
[METASPLOIT] Metasploit ์—์„œ์˜ WMAP ๋ชจ๋“ˆ ๋กœ๋“œ ๋ฐ ์‚ฌ์šฉ/์Šค์บ”(Web Vulnerability Scan on MSF-WMAP)
2 min read

[METASPLOIT] Metasploit ์—์„œ์˜ WMAP ๋ชจ๋“ˆ ๋กœ๋“œ ๋ฐ ์‚ฌ์šฉ/์Šค์บ”(Web Vulnerability Scan on MSF-WMAP)

security metasploit
[Android] aapt ๋ฅผ ์ด์šฉํ•˜์—ฌ AndroidManifest.xml ๋ฐ ํผ๋ฏธ์…˜(perm) ํ™•์ธํ•˜๊ธฐ(malware analysis)
6 min read

[Android] aapt ๋ฅผ ์ด์šฉํ•˜์—ฌ AndroidManifest.xml ๋ฐ ํผ๋ฏธ์…˜(perm) ํ™•์ธํ•˜๊ธฐ(malware analysis)

security
[LAIKABOSS]๋กํžˆ๋“œ๋งˆํ‹ด(Lockheed Martin)์˜ ๋ผ์ด์ปค๋ณด์Šค(LAIKABOSS) ์„ค์น˜ ๋ฐ ์‚ฌ์šฉ/๊ฐ„๋‹จ๋ถ„์„
2 min read

[LAIKABOSS]๋กํžˆ๋“œ๋งˆํ‹ด(Lockheed Martin)์˜ ๋ผ์ด์ปค๋ณด์Šค(LAIKABOSS) ์„ค์น˜ ๋ฐ ์‚ฌ์šฉ/๊ฐ„๋‹จ๋ถ„์„

security
[HACKING] WEBSPLOIT - MITM Attack Framework ์„ค์น˜ ๋ฐ ์‚ฌ์šฉ
3 min read

[HACKING] WEBSPLOIT - MITM Attack Framework ์„ค์น˜ ๋ฐ ์‚ฌ์šฉ

security
[WEB HACKING] PHP Injection(code injection) ๋ฐ ๊ณต๊ฒฉ์ž ๋ถ„์„(Attack/Check Point/after Action)
3 min read

[WEB HACKING] PHP Injection(code injection) ๋ฐ ๊ณต๊ฒฉ์ž ๋ถ„์„(Attack/Check Point/after Action)

security
OpenVAS Debian Linux ์— ์„ค์น˜ํ•˜๊ธฐ(Install OpenVAS Scanner on debian)
1 min read

OpenVAS Debian Linux ์— ์„ค์น˜ํ•˜๊ธฐ(Install OpenVAS Scanner on debian)

security system
[METASPLOIT] MSF์—์„œ workspace๋ฅผ ์ด์šฉํ•œ ํšจ์œจ์ ์ธ Target ๊ด€๋ฆฌ(workspace management)
1 min read

[METASPLOIT] MSF์—์„œ workspace๋ฅผ ์ด์šฉํ•œ ํšจ์œจ์ ์ธ Target ๊ด€๋ฆฌ(workspace management)

security metasploit
[METASPLOIT] MSF์—์„œ Postgres DB ์—ฐ๊ฒฐ ๋ฐ ์‚ฌ์šฉํ•˜๊ธฐ
2 min read

[METASPLOIT] MSF์—์„œ Postgres DB ์—ฐ๊ฒฐ ๋ฐ ์‚ฌ์šฉํ•˜๊ธฐ

security metasploit
MSFVENOM์„ ์ด์šฉํ•œ Android ์นจํˆฌ ๋ฐ Meterpreter Shell ์‚ฌ์šฉ
3 min read

MSFVENOM์„ ์ด์šฉํ•œ Android ์นจํˆฌ ๋ฐ Meterpreter Shell ์‚ฌ์šฉ

security metasploit
XSS(Cross Site Script)์™€ XFS(Cross Frame Script)์˜ ์ฐจ์ด
2 min read

XSS(Cross Site Script)์™€ XFS(Cross Frame Script)์˜ ์ฐจ์ด

security
HEX Encoding์„ ์ด์šฉํ•œ XSS ํ•„ํ„ฐ๋ง ์šฐํšŒ
2 min read

HEX Encoding์„ ์ด์šฉํ•œ XSS ํ•„ํ„ฐ๋ง ์šฐํšŒ

security
์•ˆ๋“œ๋กœ์ด๋“œ ์ฝ”๋“œ๋‹จ์—์„œ ๋ฃจํŒ… ๊ธฐ๊ธฐ๋ฅผ ํ™•์ธํ•˜๋Š” ๋ฐฉ๋ฒ•๋“ค
1 min read

์•ˆ๋“œ๋กœ์ด๋“œ ์ฝ”๋“œ๋‹จ์—์„œ ๋ฃจํŒ… ๊ธฐ๊ธฐ๋ฅผ ํ™•์ธํ•˜๋Š” ๋ฐฉ๋ฒ•๋“ค

security
JAD(Java Decompiler)๋ฅผ ์ด์šฉํ•œ Android APK Decompile
4 min read

JAD(Java Decompiler)๋ฅผ ์ด์šฉํ•œ Android APK Decompile

security
[CVE-2015-1328] overlayfs local root exploit
5 min read

[CVE-2015-1328] overlayfs local root exploit

security
Javascript ์ฝ”๋“œ ๋‚œ๋…ํ™”(Code Obfuscation)์™€ JS Packing
3 min read

Javascript ์ฝ”๋“œ ๋‚œ๋…ํ™”(Code Obfuscation)์™€ JS Packing

security develop
Linux System hooking using LD_PRELOAD
5 min read

Linux System hooking using LD_PRELOAD

security system
MSFVENOM์„ ์ด์šฉํ•˜์—ฌ Application์— Exploit Code ์ฃผ์ž…ํ•˜๊ธฐ
1 min read

MSFVENOM์„ ์ด์šฉํ•˜์—ฌ Application์— Exploit Code ์ฃผ์ž…ํ•˜๊ธฐ

security metasploit
Android ๋””๋ฐ”์ด์Šค์—์„œ ์„ค์น˜๋œ APK ํŒŒ์ผ ์ถ”์ถœํ•˜๊ธฐ (adb x pm)
1 min read

Android ๋””๋ฐ”์ด์Šค์—์„œ ์„ค์น˜๋œ APK ํŒŒ์ผ ์ถ”์ถœํ•˜๊ธฐ (adb x pm)

security
HTTP.sys Remote Code Exploit(CVE-2015-1635/MS15-034) ์ทจ์•ฝ์ 
2 min read

HTTP.sys Remote Code Exploit(CVE-2015-1635/MS15-034) ์ทจ์•ฝ์ 

security
SWF ๋””์ปดํŒŒ์ผ๋Ÿฌ FFDEC (JPEX Free Flash Decompiler)
1 min read

SWF ๋””์ปดํŒŒ์ผ๋Ÿฌ FFDEC (JPEX Free Flash Decompiler)

security
HTML Event Handler๋ฅผ ์ด์šฉํ•œ XSS
10 min read

HTML Event Handler๋ฅผ ์ด์šฉํ•œ XSS

security
NTFS File System ์˜ ์ˆจ๊ฒจ์ง„ ์˜์—ญ ADS(Alternate Data Stream)
2 min read

NTFS File System ์˜ ์ˆจ๊ฒจ์ง„ ์˜์—ญ ADS(Alternate Data Stream)

security system
iOS์—์„œ usb ํ„ฐ๋„์„ ํ†ตํ•œ SSH ์—ฐ๊ฒฐ ๋ฐฉ๋ฒ•
1 min read

iOS์—์„œ usb ํ„ฐ๋„์„ ํ†ตํ•œ SSH ์—ฐ๊ฒฐ ๋ฐฉ๋ฒ•

security
Short XSS! ๊ณต๊ฒฉ๊ตฌ๋ฌธ ์‚ฝ์ž…๋ถ€๋ถ„์ด ์ž‘์„๋•Œ XSS๋ฅผ ์‚ฝ์ž…ํ•˜๋Š” ๋ฐฉ๋ฒ•๋“ค
1 min read

Short XSS! ๊ณต๊ฒฉ๊ตฌ๋ฌธ ์‚ฝ์ž…๋ถ€๋ถ„์ด ์ž‘์„๋•Œ XSS๋ฅผ ์‚ฝ์ž…ํ•˜๋Š” ๋ฐฉ๋ฒ•๋“ค

security
OpenSSL์„ ์ด์šฉํ•œ RSA ๊ณต๊ฐœํ‚ค, ๊ฐœ์ธํ‚ค ์ƒ์„ฑ
1 min read

OpenSSL์„ ์ด์šฉํ•œ RSA ๊ณต๊ฐœํ‚ค, ๊ฐœ์ธํ‚ค ์ƒ์„ฑ

security

Latest Posts

Hello Caido ๐Ÿ‘‹๐Ÿผ
2 min read

Hello Caido ๐Ÿ‘‹๐Ÿผ

HAHWUL's Picture
HAHWUL
CORS Bypass via dot
2 min read

CORS Bypass via dot

HAHWUL's Picture
HAHWUL

Explore Tags

cullinan develop go jekyll metasploit oast rails ruby security system zap