*Disclaimer:This article is for technical discussion and sharing only, and is strictly prohibited for illegal purposes. As enterprise security devices become more prevalent and border security measures improve, phishing attacks have gradually become a primary method in red-blue team exercises. With the updates to email server WAFs and the increasing security awareness among enterprise personnel, … Read more
The 20 Kali Linux penetration tools discussed in this article are selected based on the <span>most commonly used</span> and <span>most favored</span> criteria. Therefore, some excellent tools may not be included. If you have better suggestions, please leave a comment for us to make corrections! Kali-Linux-tools Information Gathering Tools 01 traceroute <span>traceroute</span> is a tool used … Read more
An energy company operates multiple oil and gas transportation pipelines and remote monitoring systems. With the deep integration of industrial control systems and IT networks, the exposure of these systems has significantly increased. To prevent threats from cyberattacks on critical infrastructure, the company introduced NetEye for penetration testing. Technicians used NetEye’s “Proxy Interception“ feature to … Read more
Part01 Chatbot “Xbow” Ranks First on HackerOne The performance of artificial intelligence (AI) has surpassed that of human red team members. On the HackerOne platform, an AI chatbot named “Xbow” currently ranks first in the reputation leaderboard of the US security industry. The platform connects businesses with ethical hackers through a bug bounty program, and … Read more
Follow our public account for Java insightsTimely delivery Last week, I made a blunder at the company—my own login module almost became an accomplice to a phishing site. Today, I want to share this thrilling process and how to avoid the “invisible bomb” of HTTP redirection attacks. The Morning That Drove the Tester Crazy It … Read more
1.1 Web Security Vulnerabilities Before discussing web vulnerabilities, let me briefly talk about web security knowledge. Let’s briefly understand the knowledge related to computer networks and protocols. Composition of Computer Communication Networks A computer network consists of a communication subnet and a resource subnet. The communication subnet is responsible for the error-free and orderly transmission … Read more
In the battlefield of cybersecurity, Python is like a multifunctional Swiss Army knife. Today, I want to unveil an impressive cybersecurity toolkit – CyberKit. This is not just an ordinary toolkit, but a powerful tool that catches the attention of security researchers and penetration testing experts. Imagine being able to easily perform port scanning, network … Read more
Introduction Recently, during a penetration test for a client, I discovered a peculiar SQL injection. It was peculiar because the database connection encoding of the system was inconsistent with the actual database encoding, and the database table field names used Chinese characters, making it impossible to retrieve database data through normal means. The Story Begins … Read more
Introduction Since the advent of server virtualization technologies like VMware, the efficiency, operational flexibility, and economic benefits of building enterprise data centers have greatly improved. Looking back a decade ago, when we wanted to deploy a new system, we first needed to apply for the purchase of a server. After it arrived, we had to … Read more
Author / Senior Information Technology Expert at China Postal Savings Bank Software Development Center, Pan Hua China Postal Savings Bank Software Development Center, Wang Qifeng, Li Beichuan, Zhang Guozheng In recent years, with the rapid development of technologies such as artificial intelligence, big data, and cloud computing, emerging technologies have been increasingly integrated with traditional … Read more