Don’t Treat AI Agents as Chatbots: Understanding AI Agent Security and Defense

When AI Starts to Act, Security Issues Arise I recently attended a lecture on AI security, presented by Dawn Song from Berkeley. I found it quite enlightening; I used to think of AI as just a chatting tool, but now I realize that once AI is tasked with real actions, the security issues become significantly … Read more

API Privilege Escalation Detection Tool Written in Python

API Privilege Escalation Detection Tool #!/usr/bin/env python3 """API Privilege Escalation Detection Tool 功能:检测Web接口的水平越权和垂直越权漏洞 作者:pp 版本:1.0""" import json import requests import time import hashlib import hmac import base64 from typing import Dict, List, Any, Optional from urllib.parse import urlparse, parse_qs import argparse import sys class APIPrivilegeEscalationScanner: """ API Privilege Escalation Detector """ def __init__(self, config: Dict[str, … Read more

Overview of Bluetooth Protocol Stack Architecture

Overview of Bluetooth Protocol Stack Architecture

Author | Fu Dongjie Shanghai Kongan Trusted Software Innovation Research InstituteSource | Jianyuan LaboratoryCommunity | Add WeChat ID “TICPShanghai” to join the “Shanghai Kongan 51fusa Security Community” 01 Introduction The Bluetooth protocol has evolved through multiple versions since its inception in 1999, continuously improving its functionality, and has become one of the most important short-range … Read more

Guide to IC-ID Certification for Bluetooth Products in Canada

Guide to IC-ID Certification for Bluetooth Products in Canada

The Department of Innovation, Science and Economic Development Canada (ISED, formerly IC) is responsible for managing the certification of radio equipment. Bluetooth products, as digital transmission devices, must obtain IC-ID certification to be legally sold in the Canadian market. 1. Core Standards Basis Bluetooth IC-ID products must comply with two categories of standards: Bluetooth Wireless … Read more

Hotspot Observation | Focusing on Power Grid Attack Incidents: Analyzing Vulnerabilities and Security Testing in Industrial Control Systems

Hotspot Observation | Focusing on Power Grid Attack Incidents: Analyzing Vulnerabilities and Security Testing in Industrial Control Systems

As cyber attack methods continue to evolve, industrial control systems, represented by power systems, are gradually shifting from being a “secondary impact area” to a core target in the cyber attack chain. Especially in the context of the ongoing advancement of the industrial internet and the continuous integration of “cloud-edge-end” collaborative systems into key business … Read more

Unauthorized Access and Detection Tools for MQTT

Unauthorized Access and Detection Tools for MQTT

What is MQTT?MQTT is a lightweight communication protocol for the Internet of Things (IoT), based on a publish-subscribe model, widely used for real-time communication between devices. The MQTT Broker is the central hub for messages, responsible for receiving, storing, and distributing messages. Risks of Unauthorized Access to MQTT: Data Leakage: Attackers may subscribe to sensitive … Read more

Summary of Vulnerabilities in HTTP/HTTPS Protocols: How to Check and Prevent Them

Summary of Vulnerabilities in HTTP/HTTPS Protocols: How to Check and Prevent Them

The following is a classification and organization of vulnerabilities in the HTTP/HTTPS protocols based on the perspectives of black box testing、white box testing and gray box testing: 1. Black Box Testing (External Perspective, No Internal Access) Definition: Simulates the attacker’s perspective, testing only through external network interfaces without relying on internal system code or configuration … Read more

HTTP Proxy Injector: A Powerful HTTP Proxy Injection Tool

HTTP Proxy Injector: A Powerful HTTP Proxy Injection Tool

HTTP Proxy Injector: A Powerful HTTP Proxy Injection Tool HTTP Proxy Injector is a powerful tool for HTTP request proxying and injection, helping developers, testers, and security researchers intercept, modify, and redirect HTTP/HTTPS requests. It is widely used in development debugging, security testing, and network analysis. This article will comprehensively introduce the core features, working … Read more

Practical Use of Burpy Plugin – Cracking the Encryption Algorithm of a WeChat Mini Program

Practical Use of Burpy Plugin - Cracking the Encryption Algorithm of a WeChat Mini Program

Author: 0pening 1. Introduction Testing a certain WeChat mini program, without further ado, let’s start using BurpSuite to capture packets. However, upon capturing the packets, I noticed something was off 🤨. This application encrypts the parameters into bizContent and uses a signature parameter sign to prevent man-in-the-middle attacks on the data packets… not very honorable. … Read more

Smod – Modbus/SCADA Industrial Control Security Testing Tool

Smod - Modbus/SCADA Industrial Control Security Testing Tool

Project Address https://github.com/enddo/smod Project Introduction Based on SCADA (Supervisory Control and Data Acquisition) systems, proprietary closed network protocols have developed towards open-source solutions and TCP/IP network protocols in recent years. This makes them vulnerable to the same security flaws as traditional computer networks. The Modbus/TCP protocol is one such solution that provides free public utility … Read more