Tagged articles

Vulnerability Exploitation

11 articles · Page 1 of 1
Black & White Path
Black & White Path
Jun 23, 2026 · Information Security

How to Exploit a University WeChat Mini‑Program and Student Information System

This article details step‑by‑step packet‑capture techniques using Fiddler, Burp and Clash, Google‑hacking for credentials, and then demonstrates extracting and abusing sensitive student data from a university WeChat mini‑program and its backend information system, including enumeration, XSS and data modification.

Burp SuiteClashGoogle Hacking
0 likes · 5 min read
How to Exploit a University WeChat Mini‑Program and Student Information System
Black & White Path
Black & White Path
Jun 18, 2026 · Information Security

Inside the AI‑Powered Hack: Full Claude & Codex Attack Log Exposed

OALABS recovered over 1,000 Claude and Codex session logs from a compromised server, revealing how the attackers duplicated AI agents, used them for reconnaissance, vulnerability exploitation, data theft, and even attempted cryptocurrency cracking across at least 14 companies, demonstrating that AI agents can dramatically lower the technical barrier for sophisticated cyber‑attacks.

AI securityClaudeCodex
0 likes · 49 min read
Inside the AI‑Powered Hack: Full Claude & Codex Attack Log Exposed
Black & White Path
Black & White Path
Mar 28, 2026 · Information Security

Network Security Red Book: 700+ Tools from Recon to Internal Penetration

This article compiles over 700 high‑quality open‑source security projects from GitHub, categorised by functional scenarios such as automated reconnaissance, information gathering, vulnerability exploitation, internal network penetration, evasion, and incident response, providing a comprehensive practical toolkit for red‑team, blue‑team and security researchers.

Vulnerability Exploitationnetwork securityopen source
0 likes · 18 min read
Network Security Red Book: 700+ Tools from Recon to Internal Penetration
Black & White Path
Black & White Path
Mar 28, 2026 · Information Security

Shannon AI Penetration Tester Delivers 96% Exploit Success Rate

Shannon is an AI‑driven penetration testing agent that automatically discovers, exploits, and reports vulnerabilities with zero false positives, achieving a 96.15% exploit success rate across OWASP Juice Shop and other benchmarks, while offering fully autonomous operation, code‑aware attacks, and parallel processing.

AIAutomationVulnerability Exploitation
0 likes · 6 min read
Shannon AI Penetration Tester Delivers 96% Exploit Success Rate
Black & White Path
Black & White Path
Mar 13, 2026 · Information Security

Beware: Generative AI as a New Cybercrime Ally—13 Enterprise Attack Vectors

The article analyzes how generative AI is transforming cybercrime by enabling 13 distinct attack methods—from highly personalized phishing emails and AI‑assisted malware creation to automated vulnerability hunting, deep‑fake social engineering, malicious LLMs, and attacks on AI infrastructure—highlighting recent research data and real‑world examples that illustrate the heightened speed, stealth, and accessibility of modern threats.

AI InfrastructureGenerative AILLM security
0 likes · 13 min read
Beware: Generative AI as a New Cybercrime Ally—13 Enterprise Attack Vectors
Black & White Path
Black & White Path
Feb 22, 2026 · Information Security

30 Practical Web Penetration Testing Techniques You Must Know

This guide walks through 30 hands‑on web penetration testing techniques covering the full workflow—from information gathering and vulnerability discovery to privilege escalation, internal network pivoting, and defense evasion—providing concrete commands, tool recommendations, and real‑world tips for security engineers and testers.

Vulnerability Exploitationdefense evasioninformation gathering
0 likes · 26 min read
30 Practical Web Penetration Testing Techniques You Must Know
Rare Earth Juejin Tech Community
Rare Earth Juejin Tech Community
Jul 14, 2024 · Information Security

The Dangers of Host Header Abuse Illustrated by a NextJS SSRF Vulnerability (CVE-2024-34351)

This article demonstrates how a NextJS SSRF vulnerability (CVE‑2024‑34351) can be exploited by abusing the HTTP Host header, walks through the underlying code, reproduces the attack to retrieve a protected flag file, and discusses mitigation strategies for developers.

CVE-2024-34351Vulnerability Exploitationhost-header
0 likes · 11 min read
The Dangers of Host Header Abuse Illustrated by a NextJS SSRF Vulnerability (CVE-2024-34351)
MaGe Linux Operations
MaGe Linux Operations
Aug 4, 2023 · Information Security

How to Detect and Exploit Cloud Access Key (AK/SK) Leaks

This article explains why cloud platforms rely on access keys, describes common scenarios where AK/SK credentials are exposed, provides practical examples such as heapdump and JavaScript leaks, and shows how attackers can hijack storage buckets or execute commands on compromised cloud hosts.

AK/SKVulnerability Exploitationaccess key leakage
0 likes · 7 min read
How to Detect and Exploit Cloud Access Key (AK/SK) Leaks
IT Services Circle
IT Services Circle
Jul 25, 2023 · Information Security

Exploiting XSS Vulnerabilities and Same‑Origin Policy to Upgrade Risk Levels

This article explains how to combine reflected and stored cross‑site scripting attacks with same‑origin policy abuse to turn a low‑severity XSS vulnerability into a high‑severity issue, detailing discovery, exploitation steps, and a JavaScript payload that harvests user data.

Cross-site scriptingSame-Origin PolicyVulnerability Exploitation
0 likes · 8 min read
Exploiting XSS Vulnerabilities and Same‑Origin Policy to Upgrade Risk Levels
Open Source Linux
Open Source Linux
Nov 24, 2021 · Information Security

Mastering Port Penetration: From Scanning to Exploitation

This comprehensive guide explains how to improve penetration testing efficiency by focusing on port enumeration, banner grabbing, service identification, default port knowledge, and a variety of attack techniques—including brute‑force, exploitation of known vulnerabilities, and protocol‑specific tricks—across common network services and applications.

Brute ForceNmapVulnerability Exploitation
0 likes · 19 min read
Mastering Port Penetration: From Scanning to Exploitation
Tencent Cloud Developer
Tencent Cloud Developer
Mar 10, 2017 · Information Security

Automated Exploitation of Common Vulnerabilities: MongoDB Ransomware, Struts2, Redis, and ElasticSearch Cases

The article shows how attackers automate mass exploitation of widely‑known flaws—scanning the Internet for open MongoDB, Redis, ElasticSearch or Struts2 services, using unauthenticated access or public PoCs to encrypt data, execute code, or build botnets, and stresses that timely patching and secure defaults are essential to stop such N‑day attacks.

ElasticsearchMongoDBRedis
0 likes · 11 min read
Automated Exploitation of Common Vulnerabilities: MongoDB Ransomware, Struts2, Redis, and ElasticSearch Cases