Security services in attack and defense exercises aim to simulate real cyber attack scenarios to help enterprises discover and resolve potential security issues. By simulating hackers' attack methods, the attack team carried out comprehensive penetration tests on the enterprise's network systems, applications, data, etc. In the information gathering stage, the attack team will use various technical means to gather various information on the target system. For example, for mobile apps, reverse analysis is carried out to extract hardcoded API keys, which are closely related to the field of mobile application security; sensitive information is also scanned on code hosting platforms such as GitHub to discover database credentials or cloud access keys. In the border-breaking phase, the attack team will use various vulnerabilities to carry out attacks. For example, for APIs, operations such as OAuth2.0 abuse, GraphQL injection, and detection of unauthorized endpoints may be carried out; for mobile applications, the app will be decompiled, especially for applications that are resistant to confusion, and Hook injection technology, such as the Frida toolchain, will also be used. At the same time, some common bugs are also exploited, such as Shiro and Fastjson deserialization bugs, SQL injection to bypass WAF, etc. Entering the intranet expansion stage, the attack team will use Windows log removal technology to bypass traceability. This involves knowledge of system security investigation and Windows log investigation. It will also obtain database permissions through SQL injection, using this as a springboard to enter the core business system. At the target achievement stage, the attack team will steal sensitive data, simulate scenarios such as ransomware attacks, and finally submit a detailed attack report, which includes a visual map of the exploit chain, making it easy for enterprises to understand attack paths and security vulnerabilities. Attack team service deliverables are also valuable, including attack path analysis reports, which can reveal the root cause of the failure of the defense system, such as pointing out the path of data leakage due to incorrect API gateway configuration; vulnerability weaponization POC, which provides reproducible exploit code, such as the JNDI injection and utilization chain for the FastJSON deserialization vulnerability; a list of defense bypass techniques to reveal defects in detection rules, such as the Shiro memory injection technology that bypasses Raspberry; a threat index (IOCS) library to facilitate enterprises to accelerate threat hunting; security hardening manuals to provide targeted fixes Solutions, such as anti-decompilation and hardening solutions for Android apps.