Do you find networking overwhelming? You’re not alone - it’s a skill that doesn’t come easy to everyone. But knowing how to network effectively can pay off well, especially when you attend major conferences like #DEFCON. Here are some tips from Alex Olsen to get you started!

In today’s video, Alex Olsen talks to Andrew Prince, Joe Hudson, Angela Brown, & Andrew Bellini about how to fail a cybersecurity job interview (and how to avoid doing just that). 😱 Got #interview stories? Share them with us! youtu.be/nk9L66KwZXw

I really like the workflows >.<

🚨 Uncover hidden vulnerabilities with our URL Validation Bypass Cheat Sheet 👾 The URL Validation Bypass Cheat Sheet helps you address SSRF, CORS misconfiguration and open redirection - save the Cheat Sheet below: portswigger.net/web-security/s…

Join Alex Olsen today for a lightning-fast dive into regex! Understanding Regular Expressions (regex) is essential for any cybersecurity professional. Whether you're analyzing log files, bypassing flawed filters, or automating tedious tasks, learning #regex can help you: ✔️

Missed our workshop at Hackfest? The full presentation and the exercises are available on Github 💪 We go in depth about Workflows, Plugins and the GraphQL API 👀 github.com/caido/workshop…

Prototype pollution is a JavaScript vulnerability that can lead to serious security issues like XSS, arbitrary code execution, denial of service, and even bypassing security controls. It occurs when we manipulate the prototype of an object, allowing attackers to inject or modify

In our latest video, we’re diving deep into Keeper Connection Manager and Keeper Vault—two essential features for securing secrets and managing connections. Whether you're an individual or part of a team, Keeper’s flexibility and features make it easy to set up and even easier to

Crash course on Prototype Pollution LIVE on our YT Channel now 📽️ by Alex Olsen youtube.com/watch?v=BKXfrN…

A new Advanced Web Hacking module appears! The course adds Module #2 GraphQL this Wednesday. An early holiday gift from our team to you - happy hacking <3 tcm.rocks/awh-x Like this course so far? 🤔 Consider checking out the PWPP (previously the PWPT), the Practical Web

Have you explored the new modules in the Advanced Web Hacking course by Alex Olsen yet? So far, we’ve released Prototype Pollution and GraphQL—let us know your thoughts and experiences in the comments below! 🔥 Next module drops in January 2025! TL;DR of the released

Have you heard of Cookie Jar Overflows? This classic yet under-discussed technique allows attackers to remove cookies from a target user and replace them with their own. Combined with vulnerabilities like session fixation, it can have serious impacts, including account takeovers.

Roses are red, violets are blue. We have a new cert coming out in the next few weeks - what is it, do you have a clue? 💝 See our existing (and well-loved) certifications here! tcm.rocks/certs-x

Cybersecurity professionals face constant stress, high expectations, and endless demands. This is a toxic mix that can lead to burnout. But burnout isn’t simply about feeling stressed or overworked; it's a chronic condition that can leave you feeling drained, disengaged, and

Developers, tired of DOM XSS in your web applications? 😩 We were too. See how we refactored our code to solve Trusted Types violations in Gmail & AppSheet. Your guide to a safer web is here! bughunters.google.com/blog/585078655…

𝗪𝗮𝗻𝘁 𝗮 𝗺𝗼𝗿𝗲 𝘀𝗲𝗰𝘂𝗿𝗲 𝗪𝗼𝗿𝗱𝗣𝗿𝗲𝘀𝘀 𝘀𝗶𝘁𝗲? Alex's got you! Today we are covering something different: How to build a secure WordPress site. A few of you have asked about this, and we hope this video helps! Discover how to keep things up to date with hardening

If you are bored you can always: - Build your own operating system - Build your own game engine - Build your database - Build your compiler - Build your virtual machine - Build your web server

Alex (Alex Olsen) is in Portugal as part of the "Hack the Planet" series from Matosinhos.tech, taking the conversation from livestream to real life! He'll be tackling AI & Web App pentesting at this event. We're very proud when TCM Security members step into the

Blind CSS exfiltration attacks recently got a lot easier! Full details in this thread:

𝗣𝗶𝗰𝘁𝘂𝗿𝗲 𝘁𝗵𝗶𝘀: You’re installing a popular #JavaScript library. Shortly after installation, you discover it has been stealing your secrets, mining crypto, or opening a backdoor on your machine.  This is just how supply chain attacks often unfold in the Node.js