Explore the detailed steps of a recent penetration test in an educational institution's OA system. Discover password recovery methods, logical flaws, SQL inject

本文详细探讨了如何使用Burp Suite Turbo插件进行SRC并发漏洞挖掘，包括点赞、验证码和代金券测试等场景。通过实际案例分析，帮助理解并发漏洞的危害与绕过方法。

本文详细介绍了在获得MySQL root权限后如何进行深入渗透，包括获取密码、读取敏感文件和尝试外连等实用技巧。

This article explores the process of decoding encrypted data in a website and exploiting password reset vulnerabilities. Learn about DES encryption modes, ECN p

探索一个未公开的XSS 0day漏洞，详细记录了从发现到绕过的全过程。了解ZLMediaKit服务中的安全风险及应对策略。

本文通过实战案例详细解析了BC站的XSS漏洞及登录流程，揭示了博彩平台背后的杀猪盘骗局。了解如何检测和防范此类安全威胁，保护个人资产安全。

Discover the intricate puzzle of Cicada 3301 and how it has captivated the internet with its complex challenges and mysterious clues. Explore the history and de

Explore comprehensive strategies and tools used by red teams to attack large-scale assets. Learn about effective asset collection methods, advanced vulnerabilit

Explore the Evil QR tool for simulating dynamic QR code phishing and QRLJacking attacks. Learn how to conduct security research on QR codes using this PoC desig

Analyze a deserialization vulnerability in the /ServiceDispatcherServlet of a Cloud system and discover why standard payload generation fails. Learn about the u

本文详细记录了一次攻防演练中的资产获取、指纹识别、漏洞发现及利用过程，特别关注了Fastjson与Log4j漏洞的探测和权限维持技术。