fbpx
TCM Security is offering free Active Directory Health Checks to any company with 10 or more employees. To inquire, please contact us.

Burp Extension Dev Part 4: GUI Design

  Overview In part 4 of our series on creating extensions for Burp Suite using the Montoya API, we will learn about designing an interactive GUI for our extension. If you haven’t read the previous installments of this blog post series yet, we highly recommend you do...
Understanding and Finding Open Redirects

Understanding and Finding Open Redirects

An Open Redirect is a vulnerability in a web application that allows an attacker to redirect a user to an arbitrary website. At first glance, this might not seem harmful, but with a malicious intent, it can be used as part of phishing attacks, malware distribution, or...
Local File Inclusion: A Practical Guide

Local File Inclusion: A Practical Guide

Local File Inclusion (LFI) is a vulnerability that allows an attacker to read files from a server they should not have access to. This can lead to to the exposure of sensitive information and often enables the attacker to progress further towards their goals. It’s...
API Discovery with Kiterunner

API Discovery with Kiterunner

Content discovery is often focussed on finding files and folders. However, modern applications not longer conform to this hierarchical approach and specifically applications that use APIs. Kiterunner is a tool that can be used to discover routes and endpoints used in...
BFLA: Broken Function Level Authorization

BFLA: Broken Function Level Authorization

Application Programming Interfaces (APIs) are at the heart of modern applications, enabling functionality, communication and acting as a bridge between different software components. A common issue that’s found though is Broken Function Level Authorization (BFLA), and...