Security Research

Representative Foreword

After the Code, the Structure Remains

The representative foreword of this blog: security now fails less at finding issues than at absorbing, sustaining, and acting on what has already been found.

This essay frames the entire site first. The posts on technical analysis, method, and governance all start from this same problem statement.

Read the Foreword About This Blog

Detection, Method, Governance

🔥 A Mind That Dissects Systems

Security Controls Aren't Lacking — They're Inconvenient: Why Security Needs Customer Context

Security controls already exist. The real problem is that we cannot decide which customer, at which moment, deserves how much friction. As the closing chapter of the CAPTCHA·ATO series, this post is about moving from quantity of controls to context of controls — adaptive security as an operational discipline.

Why Account Takeover Never Ends — Dismantling the ATO Supply Chain

How Korea's CaaS supply chain reproduces itself through the recycling loop of points, gift cards, and crypto — and why defending against it requires reading the entire behavioral network, not just the login page.

Structure Builders Will Outlast Vulnerability Finders

18 years of vulnerability hunting distilled into one insight: the shift from individual instinct to scalable structure — and what AI means for those left standing.

The CAPTCHA That Became a Free Automatic Door for Hackers — A Bypass PoC and Defense Strategy

A practical look at an audio CAPTCHA bypass PoC built with Playwright, Whisper, and Page-Agent, plus the login defenses that still matter after CAPTCHA falls.

WAF/IPS/IDS Detection Gap Analysis and Remediation Direction

Structural analysis of WAF, IPS, and IDS detection gaps from parsing discrepancies, with a practical remediation taxonomy.

The Gap Between CISO Strategy and Execution: The WAF Debate and Field Leadership Report

A comprehensive report presenting a roadmap for practical security improvement and field leadership, centered around the debate on WAF and the gap between philosophy and execution.

Endpoint Security Evasion (2020–2025): From EDR Bypass to EDR Kill

A technical analysis of how BYOI, BYOVD, DLL hijacking, and service abuse shifted endpoint attacks from EDR bypass to EDR kill between 2020 and 2025.

SPOF in Cybersecurity: From History to Strategy, a Graph-Based Analysis

Graph-based analysis of Single Points of Failure in cybersecurity, using weighted path enumeration to identify critical infrastructure nodes.

Detection Frameworks and Latest Methodologies for eBPF-Based Backdoors

How eBPF-based backdoors evade traditional detection, and modern frameworks like Tracee and LKRG that counter kernel-level threats.

In-Depth Report on Telecommunication Security: SKT Breach and Global Case Studies

In-depth analysis of the 2025 SKT breach, telecom authentication mechanisms, and 5G SA vs NSA security architecture differences.

🔥 Trust and Culture Beyond Technology

Why Security Knowledge Transfer Fails — and What to Design Instead

An organizational design report that reframes the security–DevOps problem from failed knowledge transfer to default design, interfaces, exception handling, and alignment.

Contracts vs Security Governance — Contracts Enforce. Governance Decides.

Why security governance must drive decisions before contracts enforce them—a structural reframing for security leadership.

eIDAS 2.0 vs. Korea’s Digital Identity System: A Comparative Analysis

Comparative analysis of EU eIDAS 2.0 wallet-based identity and Korea's mobile ID system across governance, privacy, and operations.

The Visibility Principle: How Internal Vulnerability Visibility Shapes Remediation Behavior

How transparent internal vulnerability visibility drives remediation through accountability and deterrence without formal punishment.

Attack Surface Management in 2025: Why Continuous Visibility is Essential

Why continuous attack surface management is critical in 2025, covering AI-driven discovery, shadow IT, and zero trust integration.

Is Your Data in the Cat's Paws?

Analysis of the 2025 KakaoPay breach exposing 40M users' data, and why formal consent fails without AI-based DPIA and civic oversight.

There’s No Such Thing as a Free Lunch, But Security Was Free

The CVE system nearly collapsed in 2025. Who should fund public cybersecurity infrastructure when free-riding is no longer sustainable?

Common Security Myths Developers Tell Themselves

Debunking developer security myths around responsibility deflection, tech overconfidence, and risk underestimation with real-world examples.

Common Misconceptions of Security Assessors

Three common misconceptions that weaken security assessments and strategies to build repeatable, effective vulnerability evaluation.

🔥 Code That Fixes, Not Just Runs

How I Turned 228 Endpoints into 5 Clusters

A practical account of applying dataflow-based clustering to a real codebase — reducing 228 endpoints to 5 reviewable clusters, and finding an RCE chain in the cross-section.

Security Diagnostics Reports Die Upon Publication

We point out the limitations of traditional security diagnostic reports and share the necessity and practical application cases of 'Security Testing as Code', managing diagnostic results not as 'documents' but as 'executable code (PoC)'.

How I Managed Unmaintained Open Source with Gmail and Snyk Alerts

Automating Snyk vulnerability alert management with Google Apps Script and Gmail when official API access falls short.

How to Block ECH and Mitigate DoH in Enterprise Networks

A hands-on guide using dnsmasq to filter SVCB and HTTPS records for disabling ECH and enforcing central DNS policies. Notes that DoH requires separate network-layer policies.

Security Controls Aren't Lacking — They're Inconvenient: Why Security Needs Customer Context

How I Turned 228 Endpoints into 5 Clusters

A practical account of applying dataflow-based clustering to a real codebase — reducing 228 endpoints to 5 reviewable clusters, and finding an RCE chain in the cross-section.

Why Account Takeover Never Ends — Dismantling the ATO Supply Chain

How Korea’s CaaS supply chain reproduces itself through the recycling loop of points, gift cards, and crypto — and why defending against it requires reading the entire behavioral network, not just the login page.

Structure Builders Will Outlast Vulnerability Finders

18 years of vulnerability hunting distilled into one insight: the shift from individual instinct to scalable structure — and what AI means for those left standing.

The CAPTCHA That Became a Free Automatic Door for Hackers — A Bypass PoC and Defense Strategy

A practical look at an audio CAPTCHA bypass PoC built with Playwright, Whisper, and Page-Agent, plus the login defenses that still matter after CAPTCHA falls.

Security Diagnostics Reports Die Upon Publication

We point out the limitations of traditional security diagnostic reports and share the necessity and practical application cases of ‘Security Testing as Code’, managing diagnostic results not as ‘documents’ but as ’executable code (PoC)’.

WAF/IPS/IDS Detection Gap Analysis and Remediation Direction

Structural analysis of WAF, IPS, and IDS detection gaps from parsing discrepancies, with a practical remediation taxonomy.

Attack Surface Management in 2025: Why Continuous Visibility is Essential

Why continuous attack surface management is critical in 2025, covering AI-driven discovery, shadow IT, and zero trust integration.

Exception Serialization Patterns in OpenStack Nova: Theoretical RCE Risks and Lessons Learned

Theoretical RCE risks in OpenStack Nova’s exception serialization via oslo.messaging, with PoC scenarios and defense patterns.

In-Depth Report on Telecommunication Security: SKT Breach and Global Case Studies

In-depth analysis of the 2025 SKT breach, telecom authentication mechanisms, and 5G SA vs NSA security architecture differences.