New Horizons New Horizons Project Management Academy Project Management Academy Six Sigma Online Six Sigma Online TCM Security TCM Security TRACOM TRACOM Velopi Velopi Watermark Learning Watermark Learning
Contact Sales Contact Support
Educate 360
New Horizons New Horizons Project Management Academy Project Management Academy Six Sigma Online Six Sigma Online TCM Security TCM Security TRACOM TRACOM Velopi Velopi Watermark Learning Watermark Learning
Contact Sales Contact Support
Educate 360
New Horizons New Horizons Project Management Academy Project Management Academy Six Sigma Online Six Sigma Online TCM Security TCM Security TRACOM TRACOM Velopi Velopi Watermark Learning Watermark Learning
Contact Sales Contact Support LMS Login Login
TCM-Sec-Primary-Logo
Get a Free Consultation
Find and Exploit Blind SSRF with Out-of-Band (OOB) Techniques

Find and Exploit Blind SSRF with Out-of-Band (OOB) Techniques

Server-Side Request Forgery (SSRF) is a vulnerability that let’s an attacker have a server make requests on their behalf. Typically this can allow the attacker to reach internal resources that would otherwise be unavailable. Whilst the typical SSRF is dangerous...
XPath Injection: A Beginners Guide

XPath Injection: A Beginners Guide

Overview XPath Injection, akin to other common injection attacks, specifically targets vulnerabilities within an application’s user input processing system. But what sets XPath Injection apart is its exploitation of XPath queries. The fallout? Unauthorized...
Start your Journey with Bug Bounty

Start your Journey with Bug Bounty

Bug bounty programs have been a popular phenomenon in the tech industry for the last decade or so. They’re an opportunity for anyone to identify vulnerabilities in a company’s software or infrastructure and get rewarded for their discoveries. But, how do...
Should a Company Provide Credentials for Their Penetration Test?

Should a Company Provide Credentials for Their Penetration Test?

On occasion, we get clients who are concerned about some of the stereotypes that they may read about or hear when it comes to a penetration test. While a penetration test may be us attacking your infrastructure, we are not your adversaries. Your company made the...
Encoding and Decoding Primer

Encoding and Decoding Primer

When testing web applications, the understanding and use of various encoding schemes is a fundamental skill. In particular, we often see Base64, URL encoding, and HTML encoding used across many applications both as part of the application’s general functionality and...
The Best Apps for Keeping Notes: Pros & Cons

The Best Apps for Keeping Notes: Pros & Cons

What is the best note-taking application for pentesters? It’s a hot debate, and if you prefer to watch than read then we recently compared many of the popular options in this video. Otherwise, let’s take a look at what each app has on offer to help you decide what’s...