Blogs & Articles
Cybersecurity News, Latest Vulnerabilities, Hacking Tutorials
Top Pentest Findings in 2022 from a First Year Pentester
The year 2022 has wrapped up and I find it helpful to share some of the most common findings I have encountered throughout the year. Some of these may not be surprising as they are covered in almost every cybersecurity awareness training course there is. However, it...
So You Want to Be a Hacker: 2023 Edition
Video Version: Introduction The past two years, we've posted blogs on how to become an ethical hacker. Given that these blogs have been well received, we have brought back yet another edition. So, without further ado, let's chat about how you can break into the field...
Linux Isn’t Scary
Learning Linux is essential for aspiring ethical hackers. Start learning the fundamentals today and you will be well on your way to a career in cybersecurity.
Getting Started with Prototype Pollution
Prototype pollution allows an attacker to modify the prototype of an object. This means we can potentially assign new properties or methods to an object. Furthermore, we may be able to overwrite existing properties. If you’re unfamiliar with prototypes and...
Do You Need a Penetration Test or Red Team Engagement?
Understand the key differences between Penetration testing and Red Team engagements to ensure that you choose right course of action for your organization.
How to Improve Your External Penetration Testing Results
When on the cusp of receiving an external penetration test, clients want to prepare themselves for it. We often get asked what's the easiest way to improve their score before the engagement has begun. Below are the top 3 ways to improve your external penetration...
What is MFA? Understanding Multi-Factor Authentication
MFA stands for Multi-Factor Authentication. Microsoft helps clarify MFA as an additional step in the authentication process, "You need a second thing - what we call a second "factor" - to prove who you are." When logging into your online account, you prove who you are...
The Penny, the Match, and the Camera – OSINT
Our last blog post regarding OSINT and Recon briefly discussed some exciting topics. In this blog post, we will continue with that thread and discuss some tradecrafts used by investigators and Pentesters. Only some investigators and pentesters utilize these exact...
How Open-Source Intelligence Impacts You
OSINT OSINT stands for Open-Source Intelligence. It is the action of gathering information that is publicly available and analyzing it for intelligence purposes. First, let's look at what type of data can be considered Open-Source. Data or information that is...
How Hackers Target You
When creating a defensive plan against cyber-attacks, knowing your adversary is paramount. Often after the shock has worn off from a breach, the affected company will ask themselves, "Why us?". It's a valid question that organizations should ask before an incident...
Penetration Testing – PCI Compliance – Auditing
See How We Can Secure Your Assets
Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.