Welcome to CHW World
█
A party engineer named CHW (ID: chw41) specializing in
Web Security, Penetration Testing, and
Red Teaming.
Currently an active member of the CTF teams 竹狐 (TakeKitsune) and i'm downQQ , and a second-cohort Master’s graduate of is1ab (Information Security Laboratory).
Holds OSWA, OSCP+ certifications.
Work Experience
[OSWA, WEB-200] Instructional notes - Part 2
[OSWA, WEB-200] Instructional notes - Part 2 (Server-side template injection, Command Injection, Server-Side Request Forgery, Insecure Direct Object Reference, ..etc)
[OSWA, WEB-200] Instructional notes - Part 1
[OSWA, WEB-200] Instructional notes - Part 1 (Web Application Recon, Burp Suite, XSS, CSRF, SQLi, XML ..etc)
美國國防部 DOD 5220.22-M 標準 銷毀儲存媒體資料
依據 DOD 5220.22-M 與 NIST 800-88 標準,抹除/銷毀 儲存硬碟方法
[OSCP, PEN-200] Cheat Sheet
[OSCP, PEN-200] Cheat Sheet - Recon, IP, Nmap, Rustscan, Path, Dirb, Dirsearch, Gobuster, ffuf, Subdomain, windows path traversal ...
CYBERSEC 2025 臺灣資安大會 「Operations Security (OPSEC) — 紅隊不被抓到的秘密!」 (Steven Meow)
深入探討如何提升紅隊操作中的隱匿性,確保其行動的隱蔽性及有效性。從網路層面的 DoH、ECH 到 Domain Fronting 等網絡匿名化技術;再到 Payload 管理和 C2 Server 的選擇與配置,涵蓋了使用 Cobalt Strike 以及 Meterpreter 等商業及開源工具...