Who I Am

Offensive Security Engineer, Rubyist/Crystalist/Gopher and H4cker
HAHWUL
Hey there! I’m HyunHwan Lee, but you might know me better as HAHWUL. I’m an offensive security engineer and hacker who also loves coding—mostly with Ruby, Crystal, and Go.

'hahwul' is a new word made by remixing my name, and that's me. Feel free to call me HAH-hul or HOWL—whichever you prefer!

Catch me on 𝕏, on Github, and on Instagram.

Offensive security engineer

Online, I’m known as a bug bounty hunter and open-source developer, Offline, I’m a specialist in Offensive Security Engineering (Red Team) and Application Security (AppSec) roles.

Macbook Air Defcon32

I specialize in Red Team ops, breaking into systems, analyzing vulnerabilities, and securing architectures. I also get to build and develop security-related systems like DAST1 and ASM2, which ties me deeply into DevSecOps.

Developer and Software engineer

As mentioned before, I am a security engineer and a developer. I studied Computer Science and Software Engineering in university, and since I currently work as a security engineer designing and developing various systems, services, and applications, I also see myself as a software engineer.

I’m passionate about CICD and enjoy mastering tools like Jenkins, Docker, Kamal, and Kubernetes—both as a developer and a security enthusiast.

I love creating and breaking things—which is why I’m both a security engineer and a developer.

Programming

I started my programming journey with C and C++, and over the years, I have explored various languages. Currently, I primarily use Ruby, Crystal, and Golang. I’ve also dabbled in Python, Java, and others.

I love these three languages for many reasons, but I have a special love for Ruby because of its philosophy.

I hope to see Ruby help every programmer in the world to be productive, and to enjoy programming, and to be happy. Matz

This focus on a programmer’s happiness hits home for me.

Open-Source Projects

I’m passionate about open-source and my primary focus is on developing tools for Offensive Security. Additionally, I find joy in contributing to community-driven open-source projects.

I’ve developed tools like Dalfox and OWASP Noir, and I take great satisfaction in contributing to ZAP and other bug bounty tools.

If you’re curious about my work, Dive into my work on Github or my Projects page!

Dalfox OWASP Noir WebHackerWeapons

Blogging

I’ve been known as “hahwul” since 2016, but my journey into blogging about security and development started back in 2010, during my student days. Since then, my blog has been a significant record of my journey.

Looking back at old posts? Pure nostalgia—and a bit of embarrassment. After a decade, I’m both attached to them and ready to move on.

In September 2024, I overhauled my site—not just for looks, but to refine my journey. While there’s a sense of loss, I believe that, as ‘The end is where we start from,’ clearing out is necessary to make room for what’s next.

I designed my logo around my name’s meaning—’bright flame’—hence the fiery touch! 🔥

  1. DAST (Dynamic Application Security Testing) 

  2. ASM (Attack Surface Management)