In the landscape of cybersecurity confrontation, Endpoint Detection and Response (EDR) tools remain a critical line of defense for defenders. They monitor key behaviors such as process creation, thread activity, and registry modifications to detect and block malicious attacks in a timely manner,Last time we discussed process creation and thread notifications in ‘How Does Windows…

In the Windows security field, many developers and security researchers encounter a common issue: the programs they write (even test samples) get blocked by EDR (Endpoint Detection and Response) tools as soon as they launch. Behind this, EDR’s “sharp eyes” don’t come out of nowhere—they rely on a special privilege granted by the Windows system:…

In the field of Windows security offense and defense, Function Hooking is a core technology for EDR (Endpoint Detection and Response) to monitor process behavior and for attackers to bypass protections. To counter modern EDR interception, the first step is to master the operating mechanism of function hooking in user mode. Centered on the framework of “FUNCTION-HOOKING…

In penetration testing, XXL-Job vulnerabilities are often highlighted for their convenience in direct reverse shell attacks. However, real-world scenarios frequently involve “non-outbound networks” or “missing scheduler panels,” which pose greater challenges. This article breaks down the version detection, command execution, and multiple memory shell injection methods for the XXL-Job Executor default token vulnerability, using practical…

This article will start with the working principles of MCP, take the STDIO transmission mode as an example, and provide a comprehensive walkthrough of building a local MCP service, testing it, and integrating it with an LLM (using Cursor as an example), helping developers quickly master the practical application of the MCP protocol. We’ve already…

In the fast-paced world of AI development, building applications based on Large Language Models (LLMs) has become an industry focus. However, before the advent of MCP (Model Context Protocol), developers faced a host of tricky challenges when building LLM applications. These issues not only slowed down development efficiency but also limited the practical implementation of…

This article provides a comprehensive breakdown of the Kalman Filter algorithm, covering everything from its core concepts to practical applications, and serves as a complete reference for both engineering development and theoretical learning. It first clarifies the recursive nature of the Kalman Filter—centered on the “fusion of prediction and observation”—then analyzes its key advantages in…

A complete guide to integrating Google OAuth login with Next.js + NextAuth.js. Learn step-by-step Google Cloud Console setup, fix common errors like redirect_uri_mismatch and access_denied, and avoid deployment pitfalls on Vercel. Essential for developers building one-click Google login. Recently, I integrated Google OAuth login functionality into a project and encountered numerous pitfalls from configuration to deployment. I’ve organized…

Tired of users spamming buttons and causing duplicate submissions—like 5 identical orders cluttering your database or 2 AM emergency rollbacks? This guide breaks down how to build a full anti-duplicate system with Spring Boot, from simple local locks for single servers to Redis distributed locks for clusters. Packed with practical code snippets, pitfall warnings, and…

This article details the “interrupt service routine variable not updating” issue in embedded ARM development, which stems from compiler optimization and missing volatile modifiers. It uses examples to explain errors caused by compiler “redundant load elimination”, illustrates how the volatile keyword prohibits register caching and maintains instruction order, and compares optimization differences at the ARM…