penetration testing

Exploring Business Security Automation Penetration Testing Frameworks

by
Exploring Business Security Automation Penetration Testing Frameworks

Author / Senior Information Technology Expert at China Postal Savings Bank Software Development Center, Pan Hua China Postal Savings Bank Software Development Center, Wang Qifeng, Li Beichuan, Zhang Guozheng In recent years, with the rapid development of technologies such as artificial intelligence, big data, and cloud computing, emerging technologies have been increasingly integrated with traditional … Read more

Gallia: An Extensible Penetration Testing Framework for Automotive Security

by
Gallia: An Extensible Penetration Testing Framework for Automotive Security

About Gallia Gallia is an extensible penetration testing framework focused on automotive security. This tool can perform penetration testing on an entire vehicle and even test individual vehicle ECUs. Currently, Gallia mainly targets the UDS interface and utilizes a modular design to implement logging and archiving functionalities separately. As a general interface, the logging function … Read more

WEF: A Powerful Wi-Fi Security Testing Framework

by
WEF: A Powerful Wi-Fi Security Testing Framework

About WEF WEF stands for WiFi Exploitation Framework, a powerful Wi-Fi security testing framework. WEF implements its functionality based on 802.11 networks and protocols and contains numerous security testing components targeting WPA/WPA2 and WEP, helping researchers conduct automated penetration testing for Wi-Fi and Bluetooth. The current version of WEF supports Kali Linux, Parrot OS, Arch … Read more

Essential Linux Commands for Information Gathering and Penetration Testing

by
Essential Linux Commands for Information Gathering and Penetration Testing

Click the blue text above to follow us 1 Disclaimer The tools, tutorials, learning paths, and quality articles provided by this public account are either original or collected from the internet, aimed at improving network security technology levels for technical research purposes. Please comply with relevant national laws and regulations, and do not use them … Read more

Essential Linux Commands for Hackers: 10 Practical Tips

by
Essential Linux Commands for Hackers: 10 Practical Tips

During penetration testing, the Linux command line is like a Swiss Army knife: compact yet powerful. Today, we will discuss ten particularly useful Linux commands that can make a hacker’s work more efficient and open the eyes of network security enthusiasts. Explore System Information: uname -a Want to know about your target machine? uname -a … Read more

DIY Guide: Build Your Own Wireless Penetration Testing Box

by
DIY Guide: Build Your Own Wireless Penetration Testing Box

The tools and techniques introduced in this article have a certain level of aggressiveness. Please use them responsibly and legally. Do you want to have your own mobile wireless penetration testing box? If you are interested, the devices introduced below will be very helpful. This box is called the “MiTM (Man-in-the-Middle) WiFi Box”. Using this … Read more

BlueBunny: Command Control C2 Framework Based on BLE

by
BlueBunny: Command Control C2 Framework Based on BLE

About BlueBunny BlueBunny is a powerful command control framework that enables data communication based on Low Energy Bluetooth, allowing researchers to send control commands directly to the Bash Bunny via Bluetooth. What is Bash Bunny Bash Bunny is a multifunctional USB attack tool similar to USB Rubber Ducky (claimed to be the world’s most advanced … Read more

General Penetration Testing Approaches for AES+SM4 Encryption

by
General Penetration Testing Approaches for AES+SM4 Encryption

General Penetration Testing Approaches for AES+SM4 Encryption Article originally published on: Zgao’s blog In a recent penetration testing project, the website’s traffic utilized the AES+SM4 dual-layer encryption algorithm for secure transmission. When encountering a website with encrypted transmission, it is usually impossible to perform vulnerability scanning. Manual testing is inefficient, hence the exploration of general … Read more

The Art of Chain Attacks in Internal Network Penetration

by
The Art of Chain Attacks in Internal Network Penetration

The Art of Chain Attacks in Internal Network Penetration This article is based on a simulated practical environment assessment conducted by Master Z for his apprentice 007, aimed at evaluating his thought process and capabilities in penetrating entry-level environments. The content is derived from 007’s retelling and records the entire chain attack path he took … Read more

ESP32 WiFi Penetration Testing Tool Tutorial

by
ESP32 WiFi Penetration Testing Tool Tutorial

DJI drones, Fluke multimeters, Xiaomi phones, Huawei watches, and more await you! 👆 The breadboard community DIY event is ongoing! (1) Introduction Recently, while learning about the ESP32, I came across a project on GitHub called the ESP32 Wi-Fi Penetration Tool. This tool reminded me of the WiFi killer I used to play with on … Read more