Follow our public account for Java insightsTimely delivery Last week, I made a blunder at the company—my own login module almost became an accomplice to a phishing site. Today, I want to share this thrilling process and how to avoid the “invisible bomb” of HTTP redirection attacks. The Morning That Drove the Tester Crazy It … Read more
1.1 Web Security Vulnerabilities Before discussing web vulnerabilities, let me briefly talk about web security knowledge. Let’s briefly understand the knowledge related to computer networks and protocols. Composition of Computer Communication Networks A computer network consists of a communication subnet and a resource subnet. The communication subnet is responsible for the error-free and orderly transmission … Read more
In the battlefield of cybersecurity, Python is like a multifunctional Swiss Army knife. Today, I want to unveil an impressive cybersecurity toolkit – CyberKit. This is not just an ordinary toolkit, but a powerful tool that catches the attention of security researchers and penetration testing experts. Imagine being able to easily perform port scanning, network … Read more
Introduction Recently, during a penetration test for a client, I discovered a peculiar SQL injection. It was peculiar because the database connection encoding of the system was inconsistent with the actual database encoding, and the database table field names used Chinese characters, making it impossible to retrieve database data through normal means. The Story Begins … Read more
Introduction Since the advent of server virtualization technologies like VMware, the efficiency, operational flexibility, and economic benefits of building enterprise data centers have greatly improved. Looking back a decade ago, when we wanted to deploy a new system, we first needed to apply for the purchase of a server. After it arrived, we had to … Read more
Author / Senior Information Technology Expert at China Postal Savings Bank Software Development Center, Pan Hua China Postal Savings Bank Software Development Center, Wang Qifeng, Li Beichuan, Zhang Guozheng In recent years, with the rapid development of technologies such as artificial intelligence, big data, and cloud computing, emerging technologies have been increasingly integrated with traditional … Read more
About Gallia Gallia is an extensible penetration testing framework focused on automotive security. This tool can perform penetration testing on an entire vehicle and even test individual vehicle ECUs. Currently, Gallia mainly targets the UDS interface and utilizes a modular design to implement logging and archiving functionalities separately. As a general interface, the logging function … Read more
About WEF WEF stands for WiFi Exploitation Framework, a powerful Wi-Fi security testing framework. WEF implements its functionality based on 802.11 networks and protocols and contains numerous security testing components targeting WPA/WPA2 and WEP, helping researchers conduct automated penetration testing for Wi-Fi and Bluetooth. The current version of WEF supports Kali Linux, Parrot OS, Arch … Read more
Click the blue text above to follow us 1 Disclaimer The tools, tutorials, learning paths, and quality articles provided by this public account are either original or collected from the internet, aimed at improving network security technology levels for technical research purposes. Please comply with relevant national laws and regulations, and do not use them … Read more
During penetration testing, the Linux command line is like a Swiss Army knife: compact yet powerful. Today, we will discuss ten particularly useful Linux commands that can make a hacker’s work more efficient and open the eyes of network security enthusiasts. Explore System Information: uname -a Want to know about your target machine? uname -a … Read more