深入了解Monteverde在域渗透中的实战案例，包括SMB未授权访问、RPC会话获取及WebShell利用等关键步骤。

Learn how psychological analysis can be used to predict malicious internal behaviors before they occur. This article discusses the challenges of detecting and m

This article provides a detailed guide on how to perform penetration testing on WeChat mini programs using Burp Suite and Nightly Emulator. Learn about setting

了解JumpServer堡垒机的两个关键未授权漏洞利用方法：CVE-2023-42820和CVE-2023-42442。学习如何使用Python脚本进行未授权用户密码重置及操作录像下载，确保网络安全与防护技术交流。

本文详细记录了通过运气找到hw系统的上传路径并成功利用任意文件上传漏洞的过程。文章分享了从目标页面到最终绕过黑名单的方法，适合安全研究人员学习参考。

本文详细记录了一次利用XSS读取源码和NoSQL注入进行渗透测试的过程，包括XSS漏洞发现、XMLRequest发起ajax请求以及NoSQL注入的应用。了解如何通过这些技术突破安全防线，提高网络安全防护能力。

Explore the process of identifying RCE vulnerabilities during a code audit and learn how to craft proof-of-concept (POC) scripts. This article discusses templat

本文详细记录了一次针对校内获奖提交申报平台的渗透测试过程，揭示了多个安全漏洞如越权、任意文件上传以及任意权限用户添加等。

Okfafu渗透虚拟机公开版，包含常用渗透工具及基本工具。适用于安全学习交流。下载地址：https://github.com/mrl64/okfafu-pentestVM-public

This article explores the concept of Listener memory horse in Java web applications. It includes code implementation, attack analysis, and prevention strategies

Explore a detailed account of a successful penetration test on xx company’s domain control system. Learn about asset recognition, tunnel establishment, and key

Discover how to bypass various verification methods such as client-side validation and auxiliary verification mechanisms. Learn about the risks of unsecure impl