Blogs & Articles
Cybersecurity News, Latest Vulnerabilities, Hacking Tutorials
SMB Relay Attacks and How to Prevent Them
0. OverviewMany organizational networks rely on Active Directory (AD) to streamline administrative tasks and enhance efficiency. However, in its default configuration, AD introduces "features" that attackers could exploit. The SMB (Server Message Block) protocols...
Three Ways to Write More Secure Code
Three practices to bolster app security: treat every user as a threat, use static code analysis tools, and consider your tech stack.
Unearthing Secrets in Git Logs
Overview Version control systems, such as Git, are essential tools in software development, enabling seamless collaboration and change tracking. However, their widespread use can sometimes lead to unintended security oversights. While Git excels in managing code...
Cybersecurity Careers: Certifications vs. Learning Paths
Overview Navigating to your first cybersecurity role presents myriad options. Today, we'll dissect the merits and downsides of certifications and then pivot to explore learning paths. While the community often engages in spirited debates about certifications, our...
Projects to Land Your First Cybersecurity Job
Overview Side projects can significantly differentiate you from other candidates when you pursue your first role in Cybersecurity. They not only provide valuable talking points during your interviews but also showcase your genuine interest and dedication to bringing...
Find and Exploit Server-Side Template Injection (SSTI)
Server-Side Template Injection (SSTI) is an attack that allows an attacker to inject malicious input into a templating engine, leading to code execution on the server. While this vulnerability can be quite impactful, understanding and exploiting it requires a good...
Find and Exploit Blind SSRF with Out-of-Band (OOB) Techniques
Server-Side Request Forgery (SSRF) is a vulnerability that let’s an attacker have a server make requests on their behalf. Typically this can allow the attacker to reach internal resources that would otherwise be unavailable. Whilst the typical SSRF is dangerous...
Understanding and Hacking GraphQL: Part 1
GraphQL, a query language for your API and a server-side runtime for executing those queries, is rapidly becoming a prevalent technology in modern web applications. This technology, developed by Facebook in 2012 and released as an open-source project in 2015, provides...
XPath Injection: A Beginners Guide
Overview XPath Injection, akin to other common injection attacks, specifically targets vulnerabilities within an application's user input processing system. But what sets XPath Injection apart is its exploitation of XPath queries. The fallout? Unauthorized access to...
Do I need to learn linux?
Why Linux Skills are Invaluable for Pentesters Linux, an open-source operating system, forms the backbone of modern infrastructure. Being comfortable with Linux thus opens up a vast array of systems and servers for you to better be able to understand, evaluate and...
Penetration Testing - PCI Compliance - Auditing
See How We Can Secure Your Assets
Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.