Finding Hidden Parameters: Advanced Enumeration Guide
Reconnaissance plays an integral part in bug bounty hunting, with hidden parameter discovery an even more crucial role as they...
Read more →Category: Mix
Hive Five 226 – Mastery vs. Management
I took my laptop on the road and outside several times this week while it was sunny, and it made...
Read more →
How I See AI Affecting Education
By default AI will magnify gaps between good and bad students June 1, 2025 I’ve got a one-liner for what...
Read more →
I Have Two Groups of AI Friends
I have two groups of very smart cybersecurity friends, and they see AI completely differently. The first group thinks AI...
Read more →
Caido | HAHWUL
How to make plugin Create a new repository using the Caido’s starterkit-plugin GitHub template feature. Then, you can install dependencies...
Read more →
ZAP 2.15 Review | HAHWUL
ZAP 2.15가 릴리즈되었습니다. OWASP를 나오는 이슈로 인해 2.14가 빠르게 출시됬던 상태라 2.15까지의 기간 또한 짧았네요. 오늘은 2.15 버전에 대해 빠르게...
Read more →
Placeholder Trick for Security Testing
Optimizing Security Tests with Match and Replace in Burp/Caido/ZAP 최근에 저는 Burpsuite, Caido, ZAP을 모두 사용하고 있습니다. 기존 환경에서 Caido가...
Read more →LunarVim + Warp + Tokyo Night
Harmoniously Combining Warp Themes and Vim Themes Warp에서 lunarvim, lazyvim 또는 neovim에 직접 테마를 적용하여 사용하다 보면 아래와 같이 여백이...
Read more →
Revive ZAP with a Java Swap
Resolving ZAP 2.15 Crashes on macOS with Java Version Issues Recently, I encountered persistent crashes while running ZAP 2.15 on...
Read more →
XSS Bypass: alert_?_(45) | HAHWUL
Something Between Function Name and Parentheses and XSS, Shazzer 최근 @Gareth Heyes가 또 재미있는 브라우저 엔진의 규칙을 찾고 있습니다. X...
Read more →
Hidden XSS? No User Interaction!
input-hidden + oncontentvisibilityautostatechange = XSS @kinugawamasato가 정말 멋진 페이로드를 가지고 왔습니다. 최근 글 XSS Bypass: alert_?_(45)에서 이야기 드렸듯이 요즘 XSS...
Read more →
History of OWASP Top 10
History of OWASP Top 10 | HAHWUL 2021 A1 Broken Access Control A2 Cryptographic Failures A3 Injection A4 Insecure Design...
Read more →