This article provides a detailed guide on code auditing Yonyou NC65 to obtain a CNVD high-risk certificate. It covers environment setup, debug configuration, an

Explore the detailed reverse engineering process of a fraudulent app that deceives users with unnecessary permissions and unencrypted data transmission. Learn a

This article discusses the process and details of analyzing a remote command execution vulnerability in a security management platform. It covers the token auth

This article explores the use of automation tools for identifying SQL injection vulnerabilities in a content management system (CMS). It covers techniques for d

本文深入探讨了.NET应用程序中Web.config配置文件的审计，特别是HttpHandlers元素和NeedLoginAttribute特性的使用。通过案例解析，帮助你更好地理解SQL注入攻击和防御策略。

Discover the dangers of BingoMod, a new Android malware that not only steals bank accounts but also clears device data. Learn how it spreads and operates to pro

本文详细记录了一次对NginxWebUI进行RCE测试的学习过程，分析了3.4.7版本之前存在的未授权命令执行漏洞，并提供了具体的复现与修复方法。

Learn how to perform a penetration test on a foreign website by targeting a Weblogic server with the CVE-2017-10271 vulnerability. This detailed guide covers st

本文详细介绍APP逆向全过程，包括环境设置、常用工具如Charles和JADX的使用方法，以及如何进行网络流量分析等关键步骤。

本文详细解析了某人力系统的权限绕过漏洞，包括通过特定路径和过滤器规则进行的攻击。了解如何识别并修复此类安全问题，提高系统安全性。

本篇文章详细介绍了使用Cobalt Strike进行内网渗透的信息收集方法，涵盖判断域存在、探测存活主机及基础信息收集等内容。

Explore how to efficiently perform penetration testing on encrypted HTTP requests using a custom Burp plugin. This article discusses the implementation of reque