Explore advanced techniques for external and internal network penetration testing, including web vulnerability scanning, brute force attacks on弱口令 and database

Discover how a simple penetration test led to the discovery of directory traversal vulnerabilities and ultimately gained shell access. Learn about the process a

Explore techniques for system kernel overflow privilege escalation, including methods to check system patches and find vulnerable patches. Learn how to use tool

This article details an emergency response conducted through a post-backend approach. It covers the process of identifying and analyzing web backdoors, logging,

Explore the third challenge of RIPS code audit where you'll encounter file inclusion vulnerabilities and XXE attacks. Discover how attackers can exploit these w

探索如何在无Webshell、仅有数据库可执行权限的情况下，利用MySQL进行Exe文件的导出与执行。本文详细讲解了into dumpfile和echo导出方法，并提供了实战技巧和注意事项。

Learn how to set up Empire with a Tor hidden service for secure command and control in your phishing operations. Discover the steps to maintain anonymity and ke

本文详细介绍了SSF（Secure Socket Funneling）端口转发技术，涵盖正向和反向的TCP及SOCKS代理、反弹Shell等应用场景。

Explore the basics of workgroups and domains in a Windows network environment. Understand key concepts like domain controllers and Active Directory for secure n

Explore a detailed real case study of web penetration testing. Learn about踩点、信息收集、漏洞利用及提权等技术步骤。适合网络安全从业者和技术爱好者参考。

本文详细记录了一次针对JWT的越权渗透测试过程，揭示了未校验签名、禁用Hash及爆破弱秘钥三种常见利用方法。通过实际案例分析，帮助安全从业者了解并防范此类漏洞。