Blog
What is MFA? Understanding Multi-Factor Authentication
MFA stands for Multi-Factor Authentication. Microsoft helps clarify MFA as an additional step in the authentication process, "You need a second thing - what we call a second "factor" - to prove who you are." When logging into your online account, you prove who you are...
The Penny, the Match, and the Camera – OSINT
Our last blog post regarding OSINT and Recon briefly discussed some exciting topics. In this blog post, we will continue with that thread and discuss some tradecrafts used by investigators and Pentesters. Only some investigators and pentesters utilize these exact...
How Open-Source Intelligence Impacts You
OSINT & Recon OSINT stands for Open-Source Intelligence. It is the action of gathering information that is publicly available and analyzing it for intelligence purposes. First, let's look at what type of data can be considered Open-Source. Data or information that...
How Hackers Target You
While creating a defensive plan against cyber-attacks, knowing your adversary is paramount. Often after the shock has worn off from a breach, the affected company will ask themselves, "Why us?". It's a valid question that organizations should ask before an incident...
Top 3 Ways I Broke Into Your Business On A Physical Penetration Test
Physical penetration testing is an assessment of the physical security controls of an organization. Much like traditional network penetration testing, you are measuring the security of a system, and in this case, it happens to be in the physical world. The consulting...
How Often Should You Schedule a Penetration Test?
In today's world, massive data breaches and sophisticated malware litter news headlines. Unfortunately, it often feels as though it's more when your organization will fall victim, rather than if. Still, many organizations choose to only meet baseline compliance...
Security Teams Need to Think Like Pentesters
We conduct a wide variety of assessments for a wide range of clients. We provide assessment services for universities, health care companies, law firms, telecommunication providers, and many more. Some of our clients have mature infrastructures, while others are still...
Why Your Organization Needs a Physical Security Policy – At the Home Office
What is Physical Security? Physical security entails the management of organizational information protection in the workplace. This can include the security of your employees, computer systems, customer and client data, software, and much more. Our businesses rely on...
Network Printer Security Best Practices
I have experienced a common theme in internal network penetration testing: organizations rarely secure their printers. You may be asking yourself, “so what”? I’ve always been keen on this finding as it’s how I obtained domain administrator access on my first internal...
Sensitive Information Disclosure
Poking around Have you ever been poking around a website, clicking links, or visiting different directories? If you have, you might have come across something interesting or even a webpage that didn't have a link pointing to it. If you did find sensitive information,...
See How We Can Secure Your Assets
Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.