Blog Counter

CHW cybersecurity blog posts

[OSWE, WEB-300] Instructional notes - Part 1

OSWA WEB-300 筆記 Part 1,涵蓋 Managed .NET Code, Decompiling Java Classes 教學、ManageEngine AMUserResourceSyncServlet servlet SQLi 攻擊。

2026-03-09 · 26 min · 5437 words · CHW

[AI] Penetration Testing Notes: Recon, Web, Privilege Escalation, AD, and Pivoting

Penetration testing notes by CHW covering reconnaissance, enumeration, web exploitation, privilege escalation, Active Directory, tunneling, and practical labs.

2026-02-28 · 3 min · 496 words · CHW

[AI] Red Team Notes: OPSEC, Lateral Movement, AD Persistence, and Operator Workflow

Red team notes by CHW covering OPSEC, lateral movement, Active Directory persistence, credential attacks, pivoting, and operator-focused offensive workflows.

2026-02-28 · 3 min · 445 words · CHW

[AI] Web Security Notes: Web Recon, XSS, SSTI, SSRF, IDOR, and Exploitation Cases

Web security notes by CHW covering web reconnaissance, XSS, SSTI, SSRF, IDOR, exploitation workflows, and practical offensive security labs.

2026-02-28 · 3 min · 555 words · CHW

[OSWA, WEB-200] Instructional notes - Part 2

OSWA WEB-200 筆記 Part 2,聚焦 SSTI、command injection、SSRF、IDOR 與常見 Web 漏洞重點。

2026-02-05 · 24 min · 5072 words · CHW

[OSWA, WEB-200] Instructional notes - Part 1

OSWA WEB-200 筆記 Part 1,涵蓋 web application recon、Burp Suite、XSS、CSRF、SQLi 與 XML 攻擊。

2026-01-29 · 25 min · 5325 words · CHW

美國國防部 DOD 5220.22-M 標準 銷毀儲存媒體資料

說明 DOD 5220.22-M 與 NIST 800-88 的儲存媒體抹除與銷毀方法,比較常見處理原則與差異。

2026-01-19 · 3 min · 455 words · CHW

[OSCP, PEN-200] Cheat Sheet

OSCP PEN-200 cheat sheet covering reconnaissance, scanning, web attacks, enumeration, and commonly used exam commands.

2025-12-22 · 14 min · 2890 words · CHW

CYBERSEC 2025 臺灣資安大會 「Operations Security (OPSEC) — 紅隊不被抓到的秘密!」 (Steven Meow)

CYBERSEC 2025 OPSEC 議程筆記,聚焦紅隊隱匿、C2 管理、網路匿名化與降低偵測風險的實戰重點。

2025-11-19 · 10 min · 2058 words · CHW

DEVCORE CONFERENCE 2024 「牆の調查:致 WAF 前的你」 (Mico)

DEVCORE CONFERENCE 2024 議程筆記,探討 WAF 原理、繞過案例與紅隊實戰中的觀察重點。

2025-11-17 · 8 min · 1505 words · CHW

Github Visitor Counter 安裝指南 |Cloudflare Workers + KV

使用 Cloudflare Workers + KV 建立 GitHub 訪客計數器的繁中安裝指南,包含 SVG 輸出、快取與部署流程。

2025-10-29 · 2 min · 338 words · CHW

Github Visitor Counter Installation Guide|Cloudflare Workers + KV

English setup guide for a GitHub visitor counter using Cloudflare Workers + KV, including SVG output, caching, and deployment notes.

2025-10-21 · 3 min · 448 words · CHW

HackTheBox: EscapeTwo [Active Directory]

Hack The Box EscapeTwo Active Directory writeup covering enumeration, credential abuse, lateral movement, and domain compromise.

2025-08-30 · 21 min · 4336 words · CHW

HackTheBox: Puppy [Active Directory]

Hack The Box Puppy Active Directory writeup covering domain enumeration, credential abuse, privilege escalation, and compromise steps.

2025-08-30 · 12 min · 2397 words · CHW

HackTheBox: TheFrizz [Active Directory]

Hack The Box TheFrizz Active Directory writeup covering domain enumeration, attack chain development, and escalation.

2025-08-30 · 12 min · 2476 words · CHW

HackTheBox: Heal

Hack The Box Heal writeup covering reconnaissance, application analysis, exploitation, foothold, and privilege escalation.

2025-04-24 · 11 min · 2197 words · CHW

HackTheBox: Titanic

Hack The Box Titanic writeup covering reconnaissance, web exploitation, foothold, and privilege escalation steps.

2025-04-23 · 3 min · 551 words · CHW

HackTheBox: Dog

Hack The Box Dog writeup covering reconnaissance, exploitation path, foothold, and privilege escalation workflow.

2025-04-20 · 6 min · 1137 words · CHW

HackTheBox: Code

Hack The Box Code writeup covering enumeration, foothold, exploitation, and post-exploitation notes for the target machine.

2025-04-19 · 8 min · 1644 words · CHW

HackTheBox: Codify

Hack The Box Codify writeup covering enumeration, initial access, exploitation, and privilege escalation steps.

2025-04-11 · 4 min · 750 words · CHW

HackTheBox: LinkVortex

Hack The Box LinkVortex writeup covering enumeration, attack surface analysis, exploitation, and escalation steps.

2025-04-11 · 7 min · 1378 words · CHW

HackTheBox: UnderPass

Hack The Box UnderPass writeup covering enumeration, foothold, exploitation path, and privilege escalation.

2025-04-11 · 7 min · 1371 words · CHW

[OSCP, PEN-200] Instructional notes - Part 8

OSCP PEN-200 筆記 Part 8,涵蓋 cloud infrastructure attacks、Gitea、Jenkins 與模擬滲透測試流程。

2025-03-20 · 34 min · 7191 words · CHW

[OSCP, PEN-200] Instructional notes - Part 7

OSCP PEN-200 筆記 Part 7,涵蓋 lateral movement、PtH/PtT/PtK、AD persistence 與 AWS recon。

2025-03-19 · 36 min · 7500 words · CHW

[OSCP, PEN-200] Instructional notes - Part 6

OSCP PEN-200 筆記 Part 6,涵蓋 AD enumeration、PowerView、object permissions 與 NTLM、Kerberos 攻擊。

2025-03-18 · 39 min · 8302 words · CHW

[OSCP, PEN-200] Instructional notes - Part 5

OSCP PEN-200 筆記 Part 5,涵蓋 SSH tunneling、DNS/HTTP tunneling 與 Metasploit Framework 重點。

2025-03-17 · 44 min · 9339 words · CHW

[OSCP, PEN-200] Instructional notes - Part 4

OSCP PEN-200 筆記 Part 4,聚焦 Linux privilege escalation、port redirection 與 tunneling 技術。

2025-03-16 · 47 min · 9924 words · CHW

Apache SSL 憑證更換

Apache SSL 憑證更換教學,說明舊憑證替換、新憑證安裝、設定更新與服務重啟的實作流程。

2025-03-13 · 7 min · 1392 words · CHW

Apache SSL 憑證申請安裝

Apache SSL 憑證申請與安裝筆記,涵蓋私鑰建立、CSR 產生、憑證部署與基本設定流程。

2025-03-12 · 6 min · 1109 words · CHW

[OSCP, PEN-200] Instructional notes - Part 3

OSCP PEN-200 筆記 Part 3,聚焦 Windows privilege escalation、credential attacks 與相關實作重點。

2025-02-17 · 36 min · 7557 words · CHW

CYBERSEC 2024 臺灣資安大會 「AD 已經防不完了,怎麼還有個 Azure AD?」(Steven Meow)

CYBERSEC 2024 議程筆記,分析 Active Directory 與 Azure AD(Entra ID)的差異、攻擊面與紅隊觀點。

2025-02-10 · 6 min · 1223 words · CHW

Elastic stack(ELK) 安裝 on docker [一鍵安裝]

Elastic Stack(ELK)Docker 一鍵安裝筆記,說明 Elasticsearch、Logstash、Kibana 的快速部署流程。

2025-01-30 · 3 min · 497 words · CHW

Elastic stack(ELK) 安裝與教學

Elastic Stack(ELK)安裝與教學筆記,介紹元件用途、部署步驟與基本操作觀念。

2025-01-29 · 3 min · 503 words · CHW

[OSCP, PEN-200] Instructional notes - Part 2

OSCP PEN-200 筆記 Part 2,說明 exploit 開發、antivirus evasion、password attacks 與 NTLM 攻擊重點。

2025-01-02 · 44 min · 9241 words · CHW

Calibre CVE: CVE-2024-6782

Calibre CVE-2024-6782 漏洞筆記,說明受影響版本、風險重點、漏洞背景與相關參考資訊。

2024-12-10 · 10 min · 2031 words · CHW

[OSCP, PEN-200] Instructional notes - Part 1

OSCP PEN-200 筆記 Part 1,涵蓋 recon、enumeration、vulnerability scanning、web attacks 與 client-side exploits。

2024-11-03 · 43 min · 9046 words · CHW

AIS3 Pre-exam CTF 2024 writeup

AIS3 Pre-exam CTF 2024 writeup covering misc, web, crypto, reverse, and final-stage challenge solutions with concise attack notes.

2024-07-25 · 10 min · 2077 words · CHW

picoCTF: caas Writeup & Patch

picoCTF caas writeup and patch notes covering the vulnerability, exploitation steps, and remediation approach.

2024-06-25 · 2 min · 266 words · CHW

Cyber Apocalypse 2024: Hacker Royale

Cyber Apocalypse 2024: Hacker Royale writeup,記錄比賽過程中的關鍵題目與解題重點。

2024-06-18 · 7 min · 1329 words · CHW

GDB & Binary Exploitation

GDB 與 Binary Exploitation 筆記,介紹除錯基礎、常見指令與二進位漏洞分析入門觀念。

2024-05-20 · 3 min · 501 words · CHW

HackTheBox: RenderQuest

Hack The Box RenderQuest challenge writeup covering enumeration, web exploitation, and key attack steps.

2024-04-29 · 2 min · 249 words · CHW

HackTheBox: Neonify

Hack The Box Neonify challenge writeup covering reconnaissance, vulnerability analysis, and exploitation workflow.

2024-04-24 · 2 min · 247 words · CHW

HackTheBox: jscalc

Hack The Box jscalc challenge writeup covering code review, vulnerability discovery, and exploitation steps.

2024-04-19 · 2 min · 312 words · CHW

HackTheBox: LoveTok

Hack The Box LoveTok challenge writeup covering initial enumeration, vulnerability discovery, and exploitation steps.

2024-04-11 · 1 min · 128 words · CHW

HackTheBox: Pilgrimage

Hack The Box Pilgrimage writeup covering enumeration, foothold, file analysis, and privilege escalation notes.

2024-04-11 · 4 min · 780 words · CHW

Conflict CTF writeup

Conflict CTF writeup,記錄比賽題目的解題流程、關鍵觀察與利用思路。

2024-04-10 · 2 min · 317 words · CHW

Git 介紹 & 常用操作

Git 介紹與常用操作指南,涵蓋版本控制基礎、常見指令與日常協作流程。

2024-04-10 · 5 min · 969 words · CHW

picoCTF 2024 writeup

picoCTF 2024 writeup covering general skills, web exploitation, cryptography, forensics, and binary exploitation challenges.

2024-03-27 · 12 min · 2433 words · CHW

LNMP (Linux + Nginx + MySQL + PHP) 架設伺服器

LNMP 伺服器架設筆記,說明 Linux、Nginx、MySQL 與 PHP 的安裝與基礎設定流程。

2024-01-26 · 2 min · 315 words · CHW

HackTheBox: Topology

Hack The Box Topology writeup covering enumeration, exploitation, user access, and root privilege escalation.

2023-11-22 · 2 min · 399 words · CHW

HackTheBox: Sau

Hack The Box Sau writeup covering service enumeration, exploitation path, foothold, and privilege escalation.

2023-10-19 · 2 min · 351 words · CHW