排序
记一次flutter框架的App渗透日记
This article details the process of testing a Flutter framework app for vulnerabilities. The author encountered challenges in capturing packets and eventually d
11个月前红队技术 | 隐藏上传的程序木马
了解如何使用任务计划程序隐藏恶意软件并伪装成正常文件。本文探讨了 SigThief 与 BeCyIconGrabber 的技术细节,以及如何通过图标替换和签名伪造来规避检测。
2年前针对一个有意思的钓鱼免杀样本的详细分析
This article provides a detailed analysis of an interesting fishing sample that evades sandbox detection. It explores the techniques used in the sample and its
2年前一次失败的SQL注入经历
分享一次针对某Cloud WAF的SQL注入Bypass经历,详细记录了如何证明漏洞的存在并尝试绕过WAF的过程。
3年前实战几个比较有意思的SQL注入
分享最近遇到的几个有意思的SQL注入案例,探讨注入方法和闭合技巧。
6个月前通过监控js获得18000奖金
Learn how to identify high-reward vulnerabilities through JavaScript monitoring. This article details a Google Docs link leak and its potential impact on user d
3年前小米路由器管理员密码爆破分析
本文详细分析了小米路由器管理员密码爆破的过程,并提供了使用burpsuite和Python3.7+的解决方案。
6个月前企业管理类系统常见漏洞挖掘指北
Explore the typical vulnerabilities in enterprise management systems like ERP, including SMS forgery, registration abuse, privilege escalation, and more. This g
6个月前干货 | 红队渗透中钓鱼tips总结
This article summarizes key tips on executing phishing attacks during red team penetration tests. It covers various scenarios like OA users with weak passwords
4年前通过大量垃圾字符绕过WAF上传文件
Learn how to bypass Web Application Firewall (WAF) by using junk characters when uploading files. This article details a successful method used in penetration t
4年前警惕新型安卓恶意软件,掏空银行账户后设备数据也将不保
Discover the dangers of BingoMod, a new Android malware that not only steals bank accounts but also clears device data. Learn how it spreads and operates to pro
2年前从对抗到出洞:某金融APP 实战渗透与 Frida 反检测绕过(Rpc + Flask + AutoDecoder)
本文深入探讨了针对某金融应用的实战渗透测试,包括如何使用Frida进行反检测绕过以及解决Java.use导致的程序闪退问题。
5个月前