Search Article
Popular Articles
XXL-Job Executor Default AccessToken Vulnerability: Exploitation and Memory Shell Injection in Non-Outbound Scenarios
In penetration testing, XXL-Job vulnerabilities are often highlighted for their convenience in direct reverse shell attacks. However, real-world scenarios frequently involve “non-outbound networks” or “missing scheduler panels,” which pose greater challenges. This article breaks down the version detection, command execution, and multiple memory shell injection methods for the XXL-Job Executor default token vulnerability, using practical...
Building a Local MCP Service from Scratch: A Complete Guide to STDIO Mode Implementation and LLM Integration
This article will start with the working principles of MCP, take the STDIO transmission mode as an example, and provide a comprehensive walkthrough of building a local MCP service, testing it, and integrating it with an LLM (using Cursor as an example), helping developers quickly master the practical application of the MCP protocol. We’ve already...
MCP (Model Context Protocol): A Complete Guide to Solving LLM Application Development Pain Points
In the fast-paced world of AI development, building applications based on Large Language Models (LLMs) has become an industry focus. However, before the advent of MCP (Model Context Protocol), developers faced a host of tricky challenges when building LLM applications. These issues not only slowed down development efficiency but also limited the practical implementation of...
Mousefood Embedded UI Development Guide: From Beginner to Pro, Solving Graphics Challenges in No-Std Environments
Technical Dilemmas in Embedded UI Development: From Requirements to Bottlenecks [Essential for Embedded UI Development] In the development of IoT, industrial control, and portable smart devices, how to build efficient graphical UIs in no-std, OS-less environments? Traditional terminal UI libraries are limited by resource constraints and hardware compatibility, becoming a major development pain point. This...
A Deep Dive into Gorm: Architecture, Workflow, Tips, and Troubleshooting for Go’s ORM Framework
This article details the internal architecture and SQL execution workflow of Gorm, the popular ORM framework for Go. It shares practical techniques for model definition, querying, and updating, while solving common issues like time zone discrepancies, soft deletion, and transactions. It is tailored for advanced Gorm developers. As the most widely used ORM (Object-Relational Mapping) framework...
Cloudflare Custom Domain Email Tutorial: 3 Steps to Build a Professional Brand Email (with DNS Setup)
Zero-cost Cloudflare Custom Domain Email Tutorial: Build professional brand emails like [email protected] in 3 steps. Includes DNS setup guide, takes 10 mins for beginners, boosts trust for indie sites, blogs & SaaS products. When running an independent website, personal blog, or SaaS product, are you still using personal email accounts like Gmail or Outlook for...
How Does Windows EDR Block Programs via Callback Mechanisms? A Detailed Guide to 3 Evasion Methods & Defense Strategies
In the Windows security field, many developers and security researchers encounter a common issue: the programs they write (even test samples) get blocked by EDR (Endpoint Detection and Response) tools as soon as they launch. Behind this, EDR’s “sharp eyes” don’t come out of nowhere—they rely on a special privilege granted by the Windows system:...
In-depth Analysis of Core EDR Evasion Techniques: From Image Loading to Driver Callback Hijacking
In the landscape of cybersecurity confrontation, Endpoint Detection and Response (EDR) tools remain a critical line of defense for defenders. They monitor key behaviors such as process creation, thread activity, and registry modifications to detect and block malicious attacks in a timely manner,Last time we discussed process creation and thread notifications in ‘How Does Windows...