Introduction Recently, during a penetration test for a client, I discovered a peculiar SQL injection. It was peculiar because the database connection encoding of the system was inconsistent with the actual database encoding, and the database table field names used Chinese characters, making it impossible to retrieve database data through normal means. The Story Begins … Read more
Introduction Since the advent of server virtualization technologies like VMware, the efficiency, operational flexibility, and economic benefits of building enterprise data centers have greatly improved. Looking back a decade ago, when we wanted to deploy a new system, we first needed to apply for the purchase of a server. After it arrived, we had to … Read more
Author / Senior Information Technology Expert at China Postal Savings Bank Software Development Center, Pan Hua China Postal Savings Bank Software Development Center, Wang Qifeng, Li Beichuan, Zhang Guozheng In recent years, with the rapid development of technologies such as artificial intelligence, big data, and cloud computing, emerging technologies have been increasingly integrated with traditional … Read more
About Gallia Gallia is an extensible penetration testing framework focused on automotive security. This tool can perform penetration testing on an entire vehicle and even test individual vehicle ECUs. Currently, Gallia mainly targets the UDS interface and utilizes a modular design to implement logging and archiving functionalities separately. As a general interface, the logging function … Read more
About WEF WEF stands for WiFi Exploitation Framework, a powerful Wi-Fi security testing framework. WEF implements its functionality based on 802.11 networks and protocols and contains numerous security testing components targeting WPA/WPA2 and WEP, helping researchers conduct automated penetration testing for Wi-Fi and Bluetooth. The current version of WEF supports Kali Linux, Parrot OS, Arch … Read more
Click the blue text above to follow us 1 Disclaimer The tools, tutorials, learning paths, and quality articles provided by this public account are either original or collected from the internet, aimed at improving network security technology levels for technical research purposes. Please comply with relevant national laws and regulations, and do not use them … Read more
During penetration testing, the Linux command line is like a Swiss Army knife: compact yet powerful. Today, we will discuss ten particularly useful Linux commands that can make a hacker’s work more efficient and open the eyes of network security enthusiasts. Explore System Information: uname -a Want to know about your target machine? uname -a … Read more
The tools and techniques introduced in this article have a certain level of aggressiveness. Please use them responsibly and legally. Do you want to have your own mobile wireless penetration testing box? If you are interested, the devices introduced below will be very helpful. This box is called the “MiTM (Man-in-the-Middle) WiFi Box”. Using this … Read more
About BlueBunny BlueBunny is a powerful command control framework that enables data communication based on Low Energy Bluetooth, allowing researchers to send control commands directly to the Bash Bunny via Bluetooth. What is Bash Bunny Bash Bunny is a multifunctional USB attack tool similar to USB Rubber Ducky (claimed to be the world’s most advanced … Read more
General Penetration Testing Approaches for AES+SM4 Encryption Article originally published on: Zgao’s blog In a recent penetration testing project, the website’s traffic utilized the AES+SM4 dual-layer encryption algorithm for secure transmission. When encountering a website with encrypted transmission, it is usually impossible to perform vulnerability scanning. Manual testing is inefficient, hence the exploration of general … Read more