New Horizons New Horizons Project Management Academy Project Management Academy Six Sigma Online Six Sigma Online TCM Security TCM Security TRACOM TRACOM Velopi Velopi Watermark Learning Watermark Learning
Contact Sales Contact Support
Educate 360
New Horizons New Horizons Project Management Academy Project Management Academy Six Sigma Online Six Sigma Online TCM Security TCM Security TRACOM TRACOM Velopi Velopi Watermark Learning Watermark Learning
Contact Sales Contact Support
Educate 360
New Horizons New Horizons Project Management Academy Project Management Academy Six Sigma Online Six Sigma Online TCM Security TCM Security TRACOM TRACOM Velopi Velopi Watermark Learning Watermark Learning
Contact Sales Contact Support LMS Login Login
TCM-Sec-Primary-Logo
Get a Free Consultation
1st Annual TCM CTF Web Walkthroughs

1st Annual TCM CTF Web Walkthroughs

Overview On December 16, 2023, TCM Security held our first annual invitational CTF with the help of MetaCTF! Any student holding a current All-Access Membership at TCM Academy could take part in the CTF, which featured plenty of challenges! In this blog post,...
Avoid “OR 1=1” in SQL Injections

Avoid “OR 1=1” in SQL Injections

Overview Despite its popularity as an SQL injection example, we argue that “OR 1=1” presents more risks than rewards. It may work for login bypasses occasionally, but its reliability is questionable, and better alternatives exist. We explore the drawbacks,...
LLMNR Poisoning and How to Prevent It in Active Directory

LLMNR Poisoning and How to Prevent It in Active Directory

0. Overview Active Directory (AD) stands as a foundational piece for many organizational networks, streamlining administrative tasks and enhancing productivity. However, out of the box, AD comes bundled with various features and default settings that can be exploited...
SMB Relay Attacks and How to Prevent Them in Active Directory

SMB Relay Attacks and How to Prevent Them in Active Directory

0. Overview Many organizational networks rely on Active Directory (AD) to streamline administrative tasks and enhance efficiency. However, some of its default configurations are vulnerable to attackers. The SMB (Server Message Block) protocols stand out as...
Unearthing Secrets in Git Logs

Unearthing Secrets in Git Logs

Overview Version control systems, such as Git, are essential tools in software development, enabling seamless collaboration and change tracking. However, their widespread use can sometimes lead to unintended security oversights. While Git excels in managing code...
Find and Exploit Server-Side Template Injection (SSTI)

Find and Exploit Server-Side Template Injection (SSTI)

Server-Side Template Injection (SSTI) is an attack that allows an attacker to inject malicious input into a templating engine, leading to code execution on the server. While this vulnerability can be quite impactful, understanding and exploiting it requires a good...