Contact

Company

Service

Product

Media Center

Contact

Company

Service

Product

Media Center

Contact

Company

Service

Product

Media Center

Go to Top

Identify vulnerabilities that could lead to data leaks from the attacker’s perspective,
and strengthen your security posture in advance.

Identify vulnerabilities that could lead to data leaks from the attacker’s perspective, and strengthen your security posture in advance.

Identify vulnerabilities that could lead to data leaks from the attacker’s perspective,and strengthen your security posture in advance.

The choice of security-first
enterprises: Enki WhiteHat.

With extensive project experience across industries,
we provide customized security solutions tailored to your business environment and needs.

With extensive project experience across industries, we provide customized security solutions tailored to your business environment and needs.

Large Enterprises

Financial Institutions

IT & Security Companies

Military / Public Sector Organizations

Large Enterprises

Financial Institutions

IT & Security Companies

Military / Public Sector Organizations

Large Enterprises

Financial Institutions

IT & Security Companies

Military / Public Sector Organizations

Unidentified hacks and relentless breaches

uncertainty keeps building up, while the burden of responsibility falls entirely on security teams.

With data breaches continuing to occur, is your company truly safe?

Uncontrolled IT Assets

Sophisticated Attacks

Frequent Feature Updates

Increasing Vendor Connections

Cloud & Remote Work

AI Service Adoption

Shortage of Security Personnel

Stricter Regulatory Requirements

Stay one step ahead of attackers.

Enterprise security must be meticulous.
Attackers exploit even the smallest 1% of blind sots— It’s time to think like them,
and adopt proactive, preventive security measures.

We uncover critical vulnerabilities that threaten your enterprise.

Ethical white-hat hackers simulate attacks from the attacker’s perspective to
identify issues that could lead to financial loss, data breaches, or service disruptions.

Ethical white-hat hackers simulate attacks from the attacker’s perspective toidentify issues that could lead to financial loss, data breaches, or service disruptions.

Server Takeover &
Privilege Escalation

Validate potential for root-level server access remotely

Identify server takeover scenarios via unused ports and vulnerable services

Detect internal server access paths through service vulnerability analysis

Malicious Activity

Simulate duplication of e-currency/points and fraudulent payments

Prove feasibility of creating and distributing malicious apps

Validate privilege escalation through vulnerabilities (XSS, data exposure, etc.)

Verify potential bypass routes via external staff/employee devices

Data Exfiltration

Confirm risk of sensitive data leaks (customer PII, internal documents, etc.)

Demonstrate external data exfiltration via arbitrary command execution

Validate customer data access after admin privilege hijacking

Assess data extraction risks from bypassing existing security solutions

Reproduce external data transmission via SSH tunneling scenarios

Enki Products

OFFen

No more waiting,
Vulnerability assessments

ASM

Visualize every hidden threat in your asset network—no blind spots.

Checklist/Offensive PT

Optimized for ISMS-P certification
Assess only what you need—specific websites, apps, or systems

Red Team

End-to-End security assessments by professional white-hat hackers through real-world attack scenarios

엔키 제품

CAMP

A security capability growth platform that enhances your team’s practical skills and strengthens internal response—even in critical moments.

Training

Build solid security capabilities from the ground up through practice-driven learning in digital forensics, incident response, malware analysis, web hacking, and security device operations.

Wargame

Strengthen core skills by solving domain-specific challenges, share high-quality write-ups, and boost motivation with a ranking system.

CTF (Capture the Flag)

Easily set up in-house CTF environments using diverse content—even for non-specialists—and assess team-wide security capabilities.

Attack-Defense Exercises

Strengthen organizational collaboration with real-time attack and defense drills in a virtual infrastructure that mirrors the enterprise environment, using real-world cases (TTPs, vulnerabilities, scenarios).

Enki Service

Offensive Security Assessments

Experienced white-hat hackers with advanced technical expertise conduct comprehensive assessments across your IT infrastructure. They identify and validate threats that could lead to financial loss, data breaches, or service disruptions, and provide actionable defense strategies.

Red Teaming

Compliance Audits

Penetration Testing

Remediation Checks

Cyber Threat Intelligence

Backed by the analysis of over 20,000 malware samples from North Korea, China, Russia, and beyond, our experts deliver refined threat intelligence and tailored response strategies. During incidents, we trace attacker behaviors, infiltration paths, and impact scope to eliminate root causes and strengthen defenses.

Malware Analysis

Digital Forensics

Security Training & Exercises

As Korea’s #1 cyber defense competition operator, we provide high-quality, real-world challenges that simulate actual incidents. With extensive penetration testing and global competition experience, we deliver the latest cybersecurity training and customized practice environments designed to equip professionals with immediately applicable skills.

Hands-on Training

CTF Operations

Phishing Simulations

Offensive Security Assessments

Red Teaming

Compliance Audits

Penetration Testing

Remediation Checks

Cyber Threat Intelligence

Malware Analysis

Digital Forensics

Security Training & Exercises

Hands-on Training

CTF Operations

Phishing Simulations

Offensive Security Assessments

Red Teaming

Compliance Audits

Penetration Testing

Remediation Checks

Cyber Threat Intelligence

Malware Analysis

Digital Forensics

Security Training & Exercises

Hands-on Training

CTF Operations

Phishing Simulations

Check out the latest
threat insights and reports.

Threat Intelligence

Analysis of the Formbook payload applied with PureCrypter distributed from domestic IPs.

In May 2025, a number of RAR and EXE files associated with the domestic IP 158.247.250[.]251 were discovered. This IP was identified in past DNS records as being related to a phishing infrastructure associated with Naver, and there are query records related to Naver login URLs in VirusTotal.

caption - URL query records of 158.247.250[.]251

Among them, the relevant email files and the attached RAR and EXE files were reported from South Korea, and the email account that received the emails also belongs to a domain of an energy company in South Korea. Malware associated with this IP has been distributed under different file names in various countries besides South Korea. Analysis revealed that the distributed files were packed Formbook malware identified as being packed with PureCrypter.

EnkiWhiteHat

Aug 29, 2025

Threat Intelligence

Analysis of the Formbook payload applied with PureCrypter distributed from domestic IPs.

caption - URL query records of 158.247.250[.]251

EnkiWhiteHat

Aug 29, 2025

Threat Intelligence

Analysis of the Formbook payload applied with PureCrypter distributed from domestic IPs.

caption - URL query records of 158.247.250[.]251

EnkiWhiteHat

Aug 29, 2025

ClickFix, EtherHidng 기법을 사용하는 ClearFake캠페인 분석

Threat Intelligence

Analysis of the ClearFake Campaign Using ClickFix and EtherHiding Techniques

While analyzing JavaScript files collected using VirusTotal's hunting feature, we noticed that a specific smart contract address appeared in multiple files. Further analysis revealed that this smart contract address is associated with the EtherHiding technique used in the ClearFake campaign.

The ClearFake campaign is a sophisticated attack that utilizes both the EtherHiding and ClickFix techniques to conceal and distribute malware to a wide range of users. EtherHiding involves hiding malicious content within Ethereum smart contracts to evade detection. ClickFix is a technique designed to lure users into clicking, thereby triggering the execution of malicious code.

This report details an analysis of the ClearFake campaign, which leverages both the EtherHiding and ClickFix techniques to distribute malware to a large number of users.

EnkiWhiteHat

Jul 16, 2025

Threat Intelligence

Analysis of the ClearFake Campaign Using ClickFix and EtherHiding Techniques

This report details an analysis of the ClearFake campaign, which leverages both the EtherHiding and ClickFix techniques to distribute malware to a large number of users.

EnkiWhiteHat

Jul 16, 2025

Threat Intelligence

Analysis of the ClearFake Campaign Using ClickFix and EtherHiding Techniques

This report details an analysis of the ClearFake campaign, which leverages both the EtherHiding and ClickFix techniques to distribute malware to a large number of users.

EnkiWhiteHat

Jul 16, 2025

Threat Intelligence

Dissecting Kimsuky’s Attacks on South Korea: In-Depth Analysis of GitHub-Based Malicious Infrastructure

During analysis of malicious powershell script posted on X, a Github account that had been leveraged for attacks since March 2025 was discovered.

The malware contained a valid Github Personal Access Token (PAT) hardcoded by the attacker. We confirmed that this token was used to download malware from a private repository and upload information collected from victim systems.

The files present in the repository were identified as malware, decoy files, and information from infected systems, demonstrating that the attacker abused Github as attack infrastructure.

This report details the process of identifying attack infrastructure, analyzes the attack flow, and discusses its connection to the DPRK-nexus threat actor Kimsuky.

EnkiWhiteHat

Jun 19, 2025

Threat Intelligence

Dissecting Kimsuky’s Attacks on South Korea: In-Depth Analysis of GitHub-Based Malicious Infrastructure

During analysis of malicious powershell script posted on X, a Github account that had been leveraged for attacks since March 2025 was discovered.

The files present in the repository were identified as malware, decoy files, and information from infected systems, demonstrating that the attacker abused Github as attack infrastructure.

This report details the process of identifying attack infrastructure, analyzes the attack flow, and discusses its connection to the DPRK-nexus threat actor Kimsuky.

EnkiWhiteHat

Jun 19, 2025

Threat Intelligence

Dissecting Kimsuky’s Attacks on South Korea: In-Depth Analysis of GitHub-Based Malicious Infrastructure

During analysis of malicious powershell script posted on X, a Github account that had been leveraged for attacks since March 2025 was discovered.

The files present in the repository were identified as malware, decoy files, and information from infected systems, demonstrating that the attacker abused Github as attack infrastructure.

This report details the process of identifying attack infrastructure, analyzes the attack flow, and discusses its connection to the DPRK-nexus threat actor Kimsuky.