Blogs & Articles
Cybersecurity News, Latest Vulnerabilities, Hacking Tutorials
Unearthing Secrets in Git Logs
Overview Version control systems, such as Git, are essential tools in software development, enabling seamless collaboration and change tracking. However, their widespread use can sometimes lead to unintended security oversights. While Git excels in managing code...
Cybersecurity Careers: Certifications vs. Learning Paths
Navigate your cybersecurity career: Dive into the merits of certifications vs. learning paths, and discover the most effective route to expertise.
Projects to Land Your First Cybersecurity Job
Gaining experience in cybersecurity before landing a job can be tricky. However, side projects are an excellent way to gain experience and impress recruiters.
Find and Exploit Server-Side Template Injection (SSTI)
Server-Side Template Injection (SSTI) is an attack that allows an attacker to inject malicious input into a templating engine, leading to code execution on the server. While this vulnerability can be quite impactful, understanding and exploiting it requires a good...
Find and Exploit Blind SSRF with Out-of-Band (OOB) Techniques
Server-Side Request Forgery (SSRF) is a vulnerability that let’s an attacker have a server make requests on their behalf. Typically this can allow the attacker to reach internal resources that would otherwise be unavailable. Whilst the typical SSRF is dangerous...
Understanding and Hacking GraphQL: Part 1
GraphQL, a query language for your API and a server-side runtime for executing those queries, is rapidly becoming a prevalent technology in modern web applications. This technology, developed by Facebook in 2012 and released as an open-source project in 2015, provides...
XPath Injection: A Beginners Guide
Overview XPath Injection, akin to other common injection attacks, specifically targets vulnerabilities within an application's user input processing system. But what sets XPath Injection apart is its exploitation of XPath queries. The fallout? Unauthorized access to...
Do I Need to Learn Linux?
Learning Linux can be valuable for individuals who want to become ethical hackers or offensive security specialists. Find out why Linux is good to learn.
Understanding, Detecting, and Exploiting SSRF
SSRF has emerged as a significant threat to web security. We discuss how to identify it, verify its presence, and responsibly exploit it for security testing.
Start your Journey with Bug Bounty
Bug bounty programs are an opportunity for anyone to identify vulnerabilities in a company’s software or infrastructure and get rewarded for their discoveries.
Penetration Testing – PCI Compliance – Auditing
See How We Can Secure Your Assets
Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.