7/23/2020

Observe new subdomain using findomain + monitor flag (지속적으로 서브도메인 모니터링하기)

Hi hackers and bugbounty hunters. today I'm going to talk about findomain monitor options. Since the config option has been added, it is very simple to configure the monitoring environment. Speed, usability, everything => findomain 찾다보니 findomain에 monitor 옵션이 있어서.. 한번 적용해볼꼄 테스트하고 글로 작성합니다. findomain...
Share: | Coffee Me:

7/18/2020

pet and hack-pet. managing command snippets for security testing

Hi, hackers and bugbounty hunters :D Today, I'd like to talk about how to easily manage your command snippet, and even more about a project that can share and use snippets together. 오늘은 여러분들의 command snippet을 쉽게 관리하는 방법, 그리고 더 나아가 snippet을 같이 공유하고 사용할 수 있는 프로젝트에 대한 이야기를 하려고 합니다.   What is pet? Recently,...
Share: | Coffee Me:

7/04/2020

One custom certificate, Using all tools and your devices (for bug bounty/pentesting)

I use both Burp pro/ZAP/Cli base proxy. When it comes to simply testing the web, it doesn't come as big, but when testing mobile, the certificate is quite annoying. (Especially the test phones that are temporarily used..) So, starting this year, we have created a custom certificate rather than the default...
Share: | Coffee Me:

6/20/2020

Bypassing string base XSS protection with Optional chaining

Hi hackers and bugbounty hunters :D Today, I share very very very simple tip for xss.I found an interesting XSS code while reading your tweet. 트윗을 보다가 재미있어 보이는 XSS 페이로드를 봤습니다. void''??globalThis?.alert?.(...[0b1_0_1_0_0_1_1_1_0_0_1,],)  Sometimes, shared from hunters, payload certainly contains...
Share: | Coffee Me:

6/16/2020

E-mail 포맷을 이용한 여러가지 Exploiting 기법들 (You've got email pwned korean review)

Recently, the nahamcon2020 was in over. I difficult to watching it in my time zone, so I just looked at the documents after it's over. They were all very interesting and I learned a lot of new things. Today I'm going to talk about the email attack that I saw the most interesting among them. Of course,...
Share: | Coffee Me:

5/31/2020

Setup bugbounty hunting env on termux :D

The termux in my memory was Linux on Android, which was only available with some Linux commands. So I usually remember using it on rooting device. Recently, I found out that packages such as rust and golang can be used on termux among tweets from 1ndianl33t, so I finally set them up on the test phone...
Share: | Coffee Me: