Sunggwan Choi - Noob to !Noob

WinAPI, Covenant, Donut, and Custom Dropper

SummaryCovenant dropper in actionFor the past couple of days, I have finally decided to dive deeper into the world of custom payload generation. So I have created a very simple custom dropper utilizing WinAPI through C++, Covenant agent, and Donut. This was a fun

트위터

[KOR] 트위터 URL Redirection/Hijacking

If you are an English speaker, please check out the english version of this blog post here! (link TBD). <Note: 이 프로젝트를 진행하는데 있어 실제 트위터 URL Redirection 및 도메인 구입/등록은 하지 않았습니다. 어디까지나 이런 일이 가능하다라는 것을 보여주기 위한 글입니다.>

I Created a Fake Company Infrastructure for Student Club Members to Hack

< This post have been updated with a new URL because me and my colleague decided to change some content. > Please go here, sorry! - https://blog.sunggwanchoi.com/we-created-a-fake-company-infrastructure/ Summary As current leaders of Rochester Institute of Technology's Penetration Testing group (RVAPT)

RVAPT

시나리오 기반의 모의침투테스트 대회를 진행하며

요약(영어가 편하신 분들 or If you are an English speaker, please read the english version of this article here - https://blog.sunggwanchoi.com/we-created-a-fake-company-infrastructure/) 이번 봄학기 1월 초, 나와 내 친구는 학교의 취약점 진단 및 모의침투테스트 그룹의 공동리더가 됐다. 이 기회를 살려

RVAPT

We Created a Fake Company Infrastructure for Student Club Members to Hack

Summary As current leaders of Rochester Institute of Technology's Penetration Testing group (RVAPT), my colleague and I created a mini-competition that simulated a fake organization's IT infrastructure for the students to do a penetration testing on. With the help of my colleague and co-leader

RVAPT - 6 - Post Exploitation

Note - Where's RVAPT 2~5 ?!The RVAPT blog series were suppose to be updated over the spring break (3/9~3/16). However, due to the corona virus outbreak, my entire schedule and to-do lists have gone through rapid changes. RVAPT education schedule

RVAPT

RVAPT - 1 - Pre Engagement

Slides Link BackgroundIn week 1 of RVAPT, the group have went over the Pre-Engagement phase of the penetration testing. There was a clear reason why RVAPT started off with non-technical, a bit "boring" side of Offensive Security. This is because Pre-Engagement is essential in

RVAPT

RVAPT 0 - Introduction

SlidesRVAPT 0 - Introduction Slides DemoN/A - For introduction week, there was no demo The BackgroundIn my school, Rochester Institute of Technology (RIT), Computing Security (CSEC) is one of a big computing major. One aspect that I absolutely love about RIT and CSEC

CPTC

[Kor] CPTC 대회 소개와 리뷰

2019 International CPTC 2위를 수상한 우리팀2019년 11월 24일, 최근 내가 속해있는 팀이 국제 CPTC (Collegiate Penetration Testing Competition) 대회에서 60개팀 중 2등을 수상했다. CPTC 자체가 상당히 특이한 대회이고, 또 내가 개인적으로 재미있게 준비하고 참가한 대회라서 이렇게 블로그 글을 남겨본다. CPTC가 어떤 형태의 대회인지, 어떻게

OSCP

OSCP Review as a Normal Student

< Note: This post was written in August 2019, and has been ported to this new blog of mine > I became an OSCP at 07/28/2019! During my preparation, I've read through multiple OSCP Reviews, only to find most of them were