New Horizons New Horizons Project Management Academy Project Management Academy Six Sigma Online Six Sigma Online TCM Security TCM Security TRACOM TRACOM Velopi Velopi Watermark Learning Watermark Learning
Contact Sales Contact Support
Educate 360
New Horizons New Horizons Project Management Academy Project Management Academy Six Sigma Online Six Sigma Online TCM Security TCM Security TRACOM TRACOM Velopi Velopi Watermark Learning Watermark Learning
Contact Sales Contact Support
Educate 360
New Horizons New Horizons Project Management Academy Project Management Academy Six Sigma Online Six Sigma Online TCM Security TCM Security TRACOM TRACOM Velopi Velopi Watermark Learning Watermark Learning
Contact Sales Contact Support LMS Login Login
TCM-Sec-Primary-Logo
Get a Free Consultation
Find and Exploit Server-Side Template Injection (SSTI)

Find and Exploit Server-Side Template Injection (SSTI)

Server-Side Template Injection (SSTI) is an attack that allows an attacker to inject malicious input into a templating engine, leading to code execution on the server. While this vulnerability can be quite impactful, understanding and exploiting it requires a good...
Find and Exploit Blind SSRF with Out-of-Band (OOB) Techniques

Find and Exploit Blind SSRF with Out-of-Band (OOB) Techniques

Server-Side Request Forgery (SSRF) is a vulnerability that let’s an attacker have a server make requests on their behalf. Typically this can allow the attacker to reach internal resources that would otherwise be unavailable. Whilst the typical SSRF is dangerous...
Understanding and Hacking GraphQL: Part 1

Understanding and Hacking GraphQL: Part 1

GraphQL, a query language for your API and a server-side runtime for executing those queries, is rapidly becoming a prevalent technology in modern web applications. This technology, developed by Facebook in 2012 and released as an open-source project in 2015, provides...
XPath Injection: A Beginners Guide

XPath Injection: A Beginners Guide

Overview XPath Injection, akin to other common injection attacks, specifically targets vulnerabilities within an application’s user input processing system. But what sets XPath Injection apart is its exploitation of XPath queries. The fallout? Unauthorized...
Start your Journey with Bug Bounty

Start your Journey with Bug Bounty

Bug bounty programs have been a popular phenomenon in the tech industry for the last decade or so. They’re an opportunity for anyone to identify vulnerabilities in a company’s software or infrastructure and get rewarded for their discoveries. But, how do...
Should a Company Provide Credentials for Their Penetration Test?

Should a Company Provide Credentials for Their Penetration Test?

On occasion, we get clients who are concerned about some of the stereotypes that they may read about or hear when it comes to a penetration test. While a penetration test may be us attacking your infrastructure, we are not your adversaries. Your company made the...