Home

Posts

🔥 A Mind That Dissects Systems

WAF/IPS/IDS Detection Gap Analysis and Remediation Direction

WAF/IPS/IDS Detection Gap Analysis and Remediation Direction

A structural analysis of WAF, IPS, and IDS detection gaps, focused on parsing discrepancies, visibility failures, and practical remediation priorities.

The Gap Between CISO Strategy and Execution: The WAF Debate and Field Leadership Report

The Gap Between CISO Strategy and Execution: The WAF Debate and Field Leadership Report

A comprehensive report presenting a roadmap for practical security improvement and field leadership, centered around the debate on WAF and the gap between philosophy and execution.

Endpoint Evasion Techniques (2020–2025): The Evolution of Attacks Bypassing EDR

Endpoint Evasion Techniques (2020–2025): The Evolution of Attacks Bypassing EDR

This post analyzes the evolution of endpoint evasion techniques from 2020 to 2025. It covers BYOI, BYOVD, DLL hijacking, service tampering, and other sophisticated methods attackers use to bypass EDR and AV. Real-world ransomware cases and vendor impact are discussed, along with defensive insights.

SPOF in Cybersecurity: From History to Strategy, a Graph-Based Analysis

SPOF in Cybersecurity: From History to Strategy, a Graph-Based Analysis

Analyzing the threat of Single Points of Failure (SPOF) through historical examples and graph theory, this piece presents a strategic approach to identifying and mitigating structural weaknesses in cybersecurity infrastructures.

Detection Frameworks and Latest Methodologies for eBPF-Based Backdoors

Detection Frameworks and Latest Methodologies for eBPF-Based Backdoors

This article analyzes the rise of backdoors and rootkits exploiting eBPF, the detection challenges they pose, and comprehensively summarizes the latest countermeasures and research trends (2023–2025), including Tracee, LKRG, bpftool, and hypervisor-based auditing.

In-Depth Report on Telecommunication Security: SKT Breach and Global Case Studies

In-Depth Report on Telecommunication Security: SKT Breach and Global Case Studies

An in-depth analysis focusing on the 2025 SKT breach, the core security structures of telecom infrastructure, and historical global incidents (Gemalto, APT10, Circles). Also covers subscriber authentication (Ki, SUPI/SUCI) and security differences between 5G SA and NSA.

🔥 Trust and Culture Beyond Technology

Contracts vs Security Governance — Contracts Enforce. Governance Decides.

Contracts vs Security Governance — Contracts Enforce. Governance Decides.

Contracts enforce decisions. Governance makes the decisions worth enforcing—a structural reframing for contract-centric security leadership.

eIDAS 2.0 vs. Korea’s Digital Identity System: A Comparative Analysis

eIDAS 2.0 vs. Korea’s Digital Identity System: A Comparative Analysis

A governance, privacy, and operations comparison between the EU’s eIDAS 2.0 (EUDI Wallet) and Korea’s mobile ID plus private identity verification (CI/DI) ecosystem.

The Visibility Principle: How Internal Vulnerability Visibility Shapes Remediation Behavior

The Visibility Principle: How Internal Vulnerability Visibility Shapes Remediation Behavior

A practical, research-informed look at why transparent internal vulnerability visibility can increase remediation participation and improve patch outcomes—through accountability, perceived surveillance, and deterrence mechanisms.

Attack Surface Management in 2025: Why Continuous Visibility is Essential

Attack Surface Management in 2025: Why Continuous Visibility is Essential

Why continuous visibility and attack surface management (ASM) are essential in 2025, with key trends, survey insights, and practical takeaways.

Is Your Data in the Cat's Paws?

Is Your Data in the Cat's Paws?

The 2025 KakaoPay case exposed the limits of formal consent and self-regulation. Data democracy must be achieved through AI-based DPIA verification and civic oversight.

There’s No Such Thing as a Free Lunch, But Security Was Free

There’s No Such Thing as a Free Lunch, But Security Was Free

The global security community has depended on CVE for decades without ever paying a dime. As the system nears collapse, it’s time to ask who should bear the cost of public cybersecurity infrastructure.

Common Security Myths Developers Tell Themselves

Common Security Myths Developers Tell Themselves

This article breaks down common developer security myths—responsibility deflection, overconfidence in technology, and security underestimation—and offers realistic countermeasures.

Common Misconceptions of Security Assessors

Common Misconceptions of Security Assessors

As the cybersecurity landscape constantly evolves, vulnerability assessment has become a critical defense against potential security breaches. However, due to common misconceptions, the effectiveness of these evaluations often diminishes. In this article, we will explore the common misconceptions about security vulnerability assessments and suggest effective strategies to overcome these issues, ultimately supporting the improvement of organizational security levels.

🔥 Code That Fixes, Not Just Runs

Security Diagnostics Reports Die Upon Publication

Security Diagnostics Reports Die Upon Publication

We point out the limitations of traditional security diagnostic reports and share the necessity and practical application cases of 'Security Testing as Code', managing diagnostic results not as 'documents' but as 'executable code (PoC)'.

How I Managed Unmaintained Open Source with Gmail and Snyk Alerts

How I Managed Unmaintained Open Source with Gmail and Snyk Alerts

When API access falls short, automation through Gmail and Apps Script becomes essential. Here’s how I used Google Apps Script to collect Snyk vulnerability alerts and patch data automatically.

How to Block ECH and Mitigate DoH in Enterprise Networks

How to Block ECH and Mitigate DoH in Enterprise Networks

A hands-on guide using dnsmasq to filter SVCB and HTTPS records for disabling ECH and enforcing central DNS policies. Notes that DoH requires separate network-layer policies.

Security Diagnostics Reports Die Upon Publication

Related Video PDF Open (new tab): /pdf/Security_Testing_as_Code_en.pdf If you can’t view the PDF, open it here: /pdf/Security_Testing_as_Code_en.pdf ...

March 17, 2026 · 6 min · 1158 words

WAF/IPS/IDS Detection Gap Analysis and Remediation Direction

A structural analysis of WAF, IPS, and IDS detection gaps, focused on parsing discrepancies, visibility failures, and practical remediation priorities.

March 13, 2026 · 43 min · 9085 words

Contracts vs Security Governance — Contracts Enforce. Governance Decides.

Contracts enforce decisions. Governance makes the decisions worth enforcing—a structural reframing for contract-centric security leadership.

February 13, 2026 · 4 min · 784 words

eIDAS 2.0 vs. Korea’s Digital Identity System: A Comparative Analysis

A governance, privacy, and operations comparison between the EU’s eIDAS 2.0 (EUDI Wallet) and Korea’s mobile ID plus private identity verification (CI/DI) ecosystem.

January 19, 2026 · 8 min · 1657 words

Amadey Malware: A Comparative Study of Static Detection vs Memory-Based Detection

Using Amadey as a case study, this post compares static signature detection and memory-based detection through structure, evasion difficulty, and YARA usage.

January 7, 2026 · 11 min · 2310 words

The Visibility Principle: How Internal Vulnerability Visibility Shapes Remediation Behavior

A practical, research-informed look at why transparent internal vulnerability visibility can increase remediation participation and improve patch outcomes—through accountability, perceived surveillance, and deterrence mechanisms.

December 29, 2025 · 6 min · 1080 words

Attack Surface Management in 2025: Why Continuous Visibility is Essential

Why continuous visibility and attack surface management (ASM) are essential in 2025, with key trends, survey insights, and practical takeaways.

December 22, 2025 · 11 min · 2330 words

The Gap Between CISO Strategy and Execution: The WAF Debate and Field Leadership Report

Preface: The Crack Between Philosophy and Execution First half of 202x. When the group’s penetration test report stated, “SQL Injection possible in WAF-unprotected section,” the CISO was silent for a while. The report was blunt, the attack was classic, and there was no defense. “Was I wrong? Or did they misunderstand my intention…?” The CISO was a leader of strong conviction. He believed that with a strategy of “IPS + security by design,” it was possible to build a system robust enough to forgo WAF deployment. In fact, for years, this strategy contributed to the organization’s threat detection and incident prevention. ...

June 30, 2025 · 13 min · 2756 words

The Limitations of 'Secure' SSRF Patches: Advanced Bypasses and Defense-in-Depth

No Silver Bullet: Folklore & Modern Meaning The phrase “no silver bullet” originated in European folklore, where silver bullets were believed to be uniquely effective against supernatural creatures like werewolves or vampires. The earliest documented use appears in Walter Scott’s 1816 Tales of My Landlord, and historical cases such as the 1765 Beast of Gévaudan reference silver bullets as a last resort against mysterious threats. Over time, the expression evolved: today, “no silver bullet” means there is no single, simple solution to complex problems—a message popularized in software engineering by Fred Brooks’ 1986 essay. This post applies that lesson to SSRF defense: beware of one-size-fits-all fixes, and look deeper than folklore or quick patches. ...

June 25, 2025 · 20 min · 4260 words

Exception Serialization Patterns in OpenStack Nova: Theoretical RCE Risks and Lessons Learned

Analysis of potential Remote Code Execution vulnerability in OpenStack Nova’s exception serialization mechanism, including multiple PoC scenarios and defense recommendations.

June 10, 2025 · 8 min · 1615 words