Explore
Security
Expert analysis on offensive security, incident response, and defensive architectures across cloud, mobile, and web.
More in Security
How Attackers Hack Mobile Devices - Real Scenarios
How Attackers Actually Hack Mobile Devices: Real Scenarios and Defenses
Assumed Breach Methodology: Building the Technical Controls
Before you start: This post is the hands-on technical guide. If you’re new to the Assumed Breach concept, read Assumed...
Mobile App Internals - Lifecycle, Instant App, IPC & Instance Call
Mobile App Internals: Lifecycle, Instant App, IPC & Instance Call
Open Source Intelligence (OSINT)
Technical Deep Dive into OSINT and Dual-Perspective Strategies
OWASP Smart Contract Top 10 - 2025
OWASP Smart Contract Top 10 - 2025
OpenCTI
OpenCTI is best understood as “a knowledge base and hub that organizes threat intelligence so that people and organizations can...
Cyber Kill Chain
All About the Cyber Kill Chain and Attack Infrastructure
Key Roles in Data Governance and System Security
Key Roles in Data Governance and System Security
Assumed Breach
Assumed Breach: A Paradigm Shift in Security Architecture
Social Engineering
Social Engineering: The Art of Hacking the Human OS
EDR Bypass
EDR Bypass Techniques: Understanding Attack Methods and Defense Strategies
Endpoint Detection and Response (EDR)
Understanding EDR: Endpoint Detection and Response
AWS Network ACL (NACL)
Complete Guide to AWS Network Security: VPC, NACL, and Security Groups
Cloud Security Overview
When focusing on cloud security, one must consider securing infrastructure, network, data, applications, and managing identities and access, security operations,...
Security Control Domains and Associated Roles
Understanding Information Security: Key Areas and Practices
Payments Industry and Regulatory Concepts
Key Drivers of Industry and Regulatory Compliance: Core Standards and Concepts
Risk Management Methodology
Risk Management Methodology
Payment Ecosystem
Payment Ecosystem
Diamond Model of Intrustion Analysis
What is the Diamond Model of Intrusion Analysis?
Threat Modeling
Threat Modeling Practical Guide
Security Information and Event Management (SIEM)
What is Security Information and Event Management (SIEM)?
IDS & IPS
What is an Intrusion Detection System (IDS)?
MITRE ATT&CK
MITRE ATT&CK Framework: Understanding Cyber Threats and Defense Strategies
Server-Side Template Injection (SSTI)
Server-Side Template Injection (SSTI) — Practical Attacks and Defenses
Web Application Firewall (WAF)
What is a WAF? A WAF (Web Application Firewall) is a security solution that operates at OSI Layer 7 (the...
Web Shells and Reverse Shells
1. Web Shells: The Master Key to the Web Server
Secure Code Review
Secure Code Review: Reading Code Through an Attacker’s Eyes in JavaScript and Node.js
HTTP Status Codes
HTTP Status Codes
Browser Extension Penetration Test
Browser Extension Security
JWT Penetration Test
Core JWT Vulnerability Analysis and Attack Scenarios
Simple Object Access Protocol (SOAP)
1. Basic Concepts of SOAP
File Upload Feature Penetration Test
When a file upload feature is present, you should check the following items. Fundamentally, from a developer’s perspective, a whitelist...
Dissecting HTTP Headers
Analyzing HTTP Headers in Web Penetration Testing
OWASP Top 10 Mobile- 2024
OWASP Mobile Top 10 Risks: 2024 Edition
Cookie & Seession Security
Differences Between Cookies and Sessions
iOS Sideloading with Xcode
iOS Sideloading with Xcode: A Practical Guide for Mobile Pentesters
Injection Attacks Beyond SQL and XXS
1. Command Injection: The Shell is the Limit
Server-Side Request Forgery (SSRF)
Server-Side Request Forgery (SSRF): When Your Server Becomes an Attacker’s Proxy
Cross-Site Request Forgery (CSRF)
The Cross-Site Request Forgery (CSRF) Attack
Cross-Site Scripting Attack (XSS)
The Cross-Site Scripting Attack
SQL Injection
SQL Injection: When Data Becomes Code
Passkey
Definition and Concept of Passkeys
Fast Identity Online (FIDO) & WebAuthn
The Core Philosophy of FIDO (Fast Identity Online)
Single Sign-On (SSO)
What is SSO (Single Sign-On) and Why is it Important?
Security Assertion Markup Language (SAML)
What is SAML (Security Assertion Markup Language)?
OpenID Connect & OAuth 2.0
OpenID Connect (OIDC) vs. OAuth 2.0
Authentication and Authorization - JWT
Here’s the English translation of the provided text:
Active Directory and LDAP
What is Active Directory (AD)?
Bypassing the Client-Side Authentication Mechanism
Mobile App Penetration Testing: Local Data Storage & Extraction
OWASP Top 10 - 2021
2021 Top 10 Web Application Security Risks
Frida
1. Advanced Frida Scripting: Controlling App Internals and Data Extraction
Obfuscation
A Smokescreen in the Code: Obfuscation and the Art of Lifting the Veil
Bypass pinning by repackaging - Android
Mastering SSL Pinning Bypass: From Package Repackaging to Automated Tools
Certificate Pinning
What is Certificate Pinning?
Rooting & Jailbreak
The Art of Breaking System Locks: Everything About Rooting and Jailbreaking
Android Key Store & iOS Keychain
Fort Knox on Your Phone: Understanding & Pentesting Android KeyStore and iOS Keychain
The Anatomy of Mobile App
The Anatomy of Mobile App and Penetration Testing Common Types of Sensitive Information to Look For
Mobile Platform Security
Mobile Platform Security: A Comparative Analysis of iOS and Android Strategies
Types of Mobile App
The three main approaches to mobile application development are Native, Cross-Platform, and Hybrid apps. Each method has its unique characteristics,...
Proxy Protocols
Understanding ‘Proxy Protocols’: Overcoming the Limitations of Smart Contracts
Decentralized Finance (DeFi)
What is DeFi (Decentralized Finance)?
Smart Contract
Basic Concepts of Smart Contracts
What is Blockchain?
What is Blockchain Technology?
Lightning Network
Bitcoin Bitcoin is based on the premise that you don’t need to trust anyone, recording all transaction details in blocks...
WiFi Pineapple
WiFi Pineapple Analysis: A Threat Exploiting Fundamental Vulnerabilities in Trust-Based Wireless Networks
Address Resolution Protocol (ARP)
How to Find a MAC Address Using an IP Address: A Complete Guide to ARP (Address Resolution Protocol)
Zero Trust Architecture
Zero Trust Architecture: A New Paradigm in Modern Cybersecurity
OSI 7 & TCP/IP
Introduction to the OSI Model
Virtual Private Networks (VPN)
Concepts and Security Mechanisms of VPNs (Virtual Private Networks)
DNS Data Exfiltration
DNS Operating Principles
TCP/UDP
TCP/UDP Protocol Security: Analysis of Vulnerabilities and Attack Techniques
Packet Sniffing and Spoofing
1. The Difference Between Sniffing and Spoofing
Open Network Vulnerabilities
Open Network Vulnerabilities: Risks and Security Measures
Everything about TLS
Everything About TLS (Transport Layer Security)
PGP and S/MIME
1. Core Principles of PGP (Pretty Good Privacy)
Certificate Generation By Using OpenSSL
Certificate Generation: Using OpenSSL to Create CA, Client, and Server Certificates
Encoding And Decoding
The Concepts of Encoding and Decoding
Digital Signatures and Certificates
Everything About Digital Signatures and Certificates: A Complete Guide to PKI
Hash & Encryption
Hash and Encryption: Key Concepts and Differences
Hack the Box Introduction
시작 OpenVPN을 설치합니다. 링크 로그인 후 오른쪽 CONNECT TO HTB를 클릭합니다. 그리고 그 아래 Starting Point 혹은자신이 실행시킬 머신을 클릭합니다....
Metasploit
Metasploit Framework
SolarWinds hack
개요 SolarWinds는 네트워크, 시스템 및 정보 기술 인프라 관리를 지원하는 기업용 소프트웨어 회사이다. 이 회사 제품 중 Solarwinds Orion이라는 제품의...
SSH 취약점
SSH란? Secure Shell의 약자로 원격에 있는 컴퓨터를 shell로 안전하게 제어하기 위한 프로토콜 혹은 이 프로토콜을 사용하는 프로그램을 의미한다. 포트 번호는...
OWASP Top 10 Mobile- 2017
OWASP Top 10 Mobile Risks: A Complete Guide
The Dirty COW Race Condition Attack
Introduction
Race Condition Vulnerability
Introduction
Return to libc Attack
Introduction
Buffer overflow attack
Memory Layout of a Typical C Process
Shellshock Attack
What is a Shell?
SET-UID Program
SET-UID Programs and Privilege Escalation
Evidence
증거품들은 적절한 환경에서 잘 보존되어야 할 것이다.
Crime Investigation
Chain of Custody Chain of Custody에 어떠한 결함이라도 있다면 그것은 trial에서 채택되지 않는다. 증거물품들이 옮겨질때마다 항상 기록해야되는데 첫번째 기록은 when...
Introduction to Forensics
Intoruction Forensics란? the use of science and technology to investigate and establish facts in criminal or civil courts of law....
OWASP Top 10 - 2017
2017 Top 10 Web Application Security Risks A1:Injection