![[Debugging the Imposter]](/content/images/size/w600/2024/08/feature-image.jpg)
[Debugging the Imposter]
If you've been in InfoSec for long, I'm sure you've heard of imposter syndrome. In this article I'll talk about my personal experiences with it and offer some advice that I've found helpful in addressing it.
Blame the Temp{{late}}
From Twig and ERB to Jinja2, templates are an essential for modern web development. This week we'll uncover the intricacies of Server-Side Template Injection as we explore what it is, how to identify it, common protection methods, and even examine a Python sandbox escape to bypass those protection!
&XMLol;
Even if it doesn’t get a billion LOLs, this week’s article dives into a real classic. XML External Entity attacks are a historic vulnerability that continue to impact modern applications. We’ll be covering how to identify them in the wild, common protections, and even bypasses to said protections!
An SSRFing Mess
Howdy hackers! This week we'll be examining Server-Side Request Forgery (SSRF). From what it is, to modern prevention mechanisms, we’ll expand our understanding and develop a methodology on how to test for it in the wild.
Ess-Cue-Hell
Whether you call it “Ess-Cue-Ell”, “Sequel”, or “Squeal”, this week we'll dive into the complexities of SQL Injection. We'll talk about what the vulnerability is and why finding it is such a critical vulnerability, as well as the reasons behind its decline in popularity over recent years.
![[PWPT Acquired]](/content/images/size/w600/2024/06/PWPT-logo-1.webp){kind=logo}
[PWPT Acquired]
Curious about Web Application Pentesting? Want to showcase your skills and set yourself apart from your peers? See this weeks BONUS article for my review of the PWPT exam, now officially available from TCM Security!
C-SuRFing
In this week's article we'll explore the web vulnerability, Cross-Site Request Forgery, more commonly referred to as CSRF (pronounced "Sea Surf"). We'll cover what the vulnerability is and why it matters, as well as common prevention methods and bypasses to these defenses!
Redirect Roulette
In this week's article I deep-dive into how to find Open Redirects in modern web applications, how to manipulate them to bypass validation checks, and briefly touch on the difficulties in preventing them.
Cross-Site Shenanigans
In this week's article I deep-dive into how to find Cross-Site Scripting vulnerabilities in modern web applications, as well as briefly touching on how to prevent them.
Vulnish
Vulnish is a newly created THM room made by SecHamza of the TCM Discord. Featuring a blind path traversal and a classic priv-esc, this box was a great refresher on some basic troubleshooting know-how!
![[The Moral Dilemma]](/content/images/size/w600/2024/05/Under-Construction-3-1.jpg)
[The Moral Dilemma]
In this week's article I discuss ethics and the role they play in conducting security research, as well as how a sense of ethics can sometimes result in having to scrap a write-up you're quite proud of.
![[The Story Begins]](/content/images/size/w600/2024/05/The-Story-Begins-1.png)
[The Story Begins]
Interested in For Fox Sake and want to know what to expect? Check out this post for a breakdown of what I have planned for 2024.