Blogs & Articles
Cybersecurity News, Latest Vulnerabilities, Hacking Tutorials
What is Threat Modeling and Why You Should Use it
Threat modeling is a process used to identify potential threats and weaknesses in a system. Learn more about how to use it to protect your business.
How to Get Started with Code Review
Code review is an essential part of the web application penetration testing process but is often overlooked. We’re going to look at why it’s important and how to get started. There are a number of reasons why we might decide to review the source code of an application...
What is CORS (Cross-Origin Resource Sharing) and Why You Should Care About It
CORS is a security feature that prevents unauthorized access to web resources. This article looks at CORS and then how CORS attacks work.
Penetration Testing – From Adversary to Partner
While penetration testing can be considered “adversarial” testing, it should be anything but that. Your penetration test, no matter who you do it with, should be a partnership. In every partnership, communication is key. Settling for a pentest company that merely...
The Science of Learning for Hackers
The science behind learning is a fascinating field that’s constantly evolving. There is no single, definitive answer to what the most effective learning technique is, and if there was, it would likely vary from person to person. However, there are a number of...
Getting Started with Offensive JavaScript
JavaScript is a bit like Marmite, you either love it or hate it. Regardless of how it makes us feel, it is a powerful tool for attacking users and exploitation. Often, popping alert(1) is proof enough to get a fix but doesn’t demonstrate the full impact an attacker...
The Fundamentals of HTTP for Hackers
Hypertext Transfer Protocol (HTTP) is an application layer protocol. On the surface, HTTP can appear quite simple, but there are a lot of quirks considering its use across inconsistent browsers and servers. Check out a video version of this article:Breaking Down An...
Security Testing Requirements for PCI-DSS
Companies handling credit card data must adhere to the Payment Card Industry Data Security Standard. Learn which PCI-DSS requirements require security testing.
Technical Notes and Documentation
Understand the key differences between Penetration testing and Red Team engagements to ensure that you choose right course of action for your organization.
Things to Try When your Reverse Shell Fails
Target enumerated, check.Vulnerability identified, check.Tested payload delivery, check.RCE verified, check.Reverse shell...nope. Today we are going to look at some practical ways to troubleshoot your reverse shell. Some of these points come from logical thinking,...
Penetration Testing – PCI Compliance – Auditing
See How We Can Secure Your Assets
Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.