[Debugging the Imposter]
If you've been in InfoSec for long, I'm sure you've heard of imposter syndrome. In this article I'll talk about my personal experiences with it and offer some advice that I've found helpful in addressing it.
If you've been in InfoSec for long, I'm sure you've heard of imposter syndrome. In this article I'll talk about my personal experiences with it and offer some advice that I've found helpful in addressing it.
From Twig and ERB to Jinja2, templates are an essential for modern web development. This week we'll uncover the intricacies of Server-Side Template Injection as we explore what it is, how to identify it, common protection methods, and even examine a Python sandbox escape to bypass those protection!
Even if it doesn’t get a billion LOLs, this week’s article dives into a real classic. XML External Entity attacks are a historic vulnerability that continue to impact modern applications. We’ll be covering how to identify them in the wild, common protections, and even bypasses to said protections!
Howdy hackers! This week we'll be examining Server-Side Request Forgery (SSRF). From what it is, to modern prevention mechanisms, we’ll expand our understanding and develop a methodology on how to test for it in the wild.
Whether you call it “Ess-Cue-Ell”, “Sequel”, or “Squeal”, this week we'll dive into the complexities of SQL Injection. We'll talk about what the vulnerability is and why finding it is such a critical vulnerability, as well as the reasons behind its decline in popularity over recent years.
Curious about Web Application Pentesting? Want to showcase your skills and set yourself apart from your peers? See this weeks BONUS article for my review of the PWPT exam, now officially available from TCM Security!
In this week's article we'll explore the web vulnerability, Cross-Site Request Forgery, more commonly referred to as CSRF (pronounced "Sea Surf"). We'll cover what the vulnerability is and why it matters, as well as common prevention methods and bypasses to these defenses!
In this week's article I deep-dive into how to find Open Redirects in modern web applications, how to manipulate them to bypass validation checks, and briefly touch on the difficulties in preventing them.
In this week's article I deep-dive into how to find Cross-Site Scripting vulnerabilities in modern web applications, as well as briefly touching on how to prevent them.
Vulnish is a newly created THM room made by SecHamza of the TCM Discord. Featuring a blind path traversal and a classic priv-esc, this box was a great refresher on some basic troubleshooting know-how!
In this week's article I discuss ethics and the role they play in conducting security research, as well as how a sense of ethics can sometimes result in having to scrap a write-up you're quite proud of.
Interested in For Fox Sake and want to know what to expect? Check out this post for a breakdown of what I have planned for 2024.