Welcome to CHW World

A party engineer named CHW (ID: chw41) specializing in Web Security, Penetration Testing, and Red Teaming.

Currently an active member of the CTF teams 竹狐 (TakeKitsune) and i'm downQQ , and a second-cohort Master’s graduate of is1ab (Information Security Laboratory).

Holds OSWA, OSCP+ certifications.

GitHub Contribution Snake

Work Experience

ABP Securite
Solution Engineer
Dec. 2025 – Current
Cymetrics
Security Research Engineer Intern
Sep. 2024 – Jan. 2025
TSMC
Information Technology Security Engineer Intern
Jul. 2024 – Aug. 2024
Yougood tech.
Full-stack Developer (Project)
Sep. 2023 – Mar. 2024
Dynasafe
Cyber Security Engineer
Aug. 2024 – Aug. 2023
Artjoin Gallery
Full-stack Developer (Project)
Feb. 2022 – Jul. 2022

[OSWA, WEB-200] Instructional notes - Part 2

[OSWA, WEB-200] Instructional notes - Part 2 (Server-side template injection, Command Injection, Server-Side Request Forgery, Insecure Direct Object Reference, ..etc)

2026-02-05 · 24 min · 5072 words · CHW

[OSWA, WEB-200] Instructional notes - Part 1

[OSWA, WEB-200] Instructional notes - Part 1 (Web Application Recon, Burp Suite, XSS, CSRF, SQLi, XML ..etc)

2026-01-29 · 25 min · 5325 words · CHW

美國國防部 DOD 5220.22-M 標準 銷毀儲存媒體資料

依據 DOD 5220.22-M 與 NIST 800-88 標準,抹除/銷毀 儲存硬碟方法

2026-01-19 · 3 min · 455 words · CHW

[OSCP, PEN-200] Cheat Sheet

[OSCP, PEN-200] Cheat Sheet - Recon, IP, Nmap, Rustscan, Path, Dirb, Dirsearch, Gobuster, ffuf, Subdomain, windows path traversal ...

2025-12-22 · 14 min · 2890 words · CHW

CYBERSEC 2025 臺灣資安大會 「Operations Security (OPSEC) — 紅隊不被抓到的秘密!」 (Steven Meow)

深入探討如何提升紅隊操作中的隱匿性,確保其行動的隱蔽性及有效性。從網路層面的 DoH、ECH 到 Domain Fronting 等網絡匿名化技術;再到 Payload 管理和 C2 Server 的選擇與配置,涵蓋了使用 Cobalt Strike 以及 Meterpreter 等商業及開源工具...

2025-11-19 · 10 min · 2058 words · CHW
Read more →