Blog

Technical Notes and Documentation
Understand the key differences between Penetration testing and Red Team engagements to ensure that you choose right course of action for your organization.

Things to try when your reverse shell fails
Target enumerated, check. Vulnerability identified, check. Tested payload delivery, check. RCE verified, check. Reverse shell...nope. Today we are going to look at some practical ways to troubleshoot your reverse shell. Some of these points come from logical thinking,...

Top Pentest Findings in 2022 from a First Year Pentester
The year 2022 has wrapped up and I find it helpful to share some of the most common findings I have encountered throughout the year. Some of these may not be surprising as they are covered in almost every cybersecurity awareness training course there is. However, it...

So You Want to Be a Hacker: 2023 Edition
Video Version: Introduction The past two years, we've posted blogs on how to become an ethical hacker. Given that these blogs have been well received, we have brought back yet another edition. So, without further ado, let's chat about how you can break into the field...

Linux isn’t Scary
Understand the key differences between Penetration testing and Red Team engagements to ensure that you choose right course of action for your organization.

Getting started with Prototype Pollution
Prototype pollution allows an attacker to modify the prototype of an object. This means we can potentially assign new properties or methods to an object. Furthermore, we may be able to overwrite existing properties. If you’re unfamiliar with prototypes and...

Do You Need a Penetration Test or Red Team Engagement?
Understand the key differences between Penetration testing and Red Team engagements to ensure that you choose right course of action for your organization.

Top 5 Finds from Red Team Lead Joe Helle in 2022
Insecure VNC Server Leads to Unlocked LastPass Vault and Domain Admin Credentials When it comes to finding different vulnerabilities or bugs, everyone has that one finding they will talk about years from now, and the first one I want to share today is mine. While...

Making the Most of Your Winter Solstice
For a lot of us, Winter began as soon as the last trick-or-treater left our porch. Daylight needed saving (for some archaic reason), the new fiscal year began, and we found ourselves indoors wondering how we’ll pass the hours, days, weeks, and months until the sun...

How to Improve Your External Penetration Testing Results
When on the cusp of receiving an external penetration test, clients want to prepare themselves for it. We often get asked what's the easiest way to improve their score before the engagement has begun. Below are the top 3 ways to improve your external penetration...
See How We Can Secure Your Assets
Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.