Blogs & Articles
Cybersecurity News, Latest Vulnerabilities, Hacking Tutorials
Top 3 Ways I Broke Into Your Business On A Physical Penetration Test
Physical penetration testing is an assessment of the physical security controls of an organization. Much like traditional network penetration testing, you are measuring the security of a system, and in this case, it happens to be in the physical world. The consulting...
How Often Should You Schedule a Penetration Test?
In today's world, massive data breaches and sophisticated malware litter news headlines. Unfortunately, it often feels as though it's more when your organization will fall victim, rather than if. Still, many organizations choose to only meet baseline compliance...
Security Teams Need to Think Like Pentesters
We conduct a wide variety of assessments for a wide range of clients. We provide assessment services for universities, health care companies, law firms, telecommunication providers, and many more. Some of our clients have mature infrastructures, while others are still...
Why Your Organization Needs a Physical Security Policy – At the Home Office
What is Physical Security? Physical security entails the management of organizational information protection in the workplace. This can include the security of your employees, computer systems, customer and client data, software, and much more. Our businesses rely on...
Network Printer Security Best Practices
I have experienced a common theme in internal network penetration testing: organizations rarely secure their printers. You may be asking yourself, “so what”? I’ve always been keen on this finding as it’s how I obtained domain administrator access on my first internal...
Sensitive Information Disclosure
Poking Around Have you ever been poking around a website, clicking links, or visiting different directories? If you have, you might have come across something interesting or even a webpage that didn't have a link pointing to it. If you did find sensitive information,...
Follina RCE Exploitation – CVE-2022-30190
Introduction It was reported on May 30th by Microsoft that the Microsoft Support Diagnostic Tool (MSDT) was being actively exploited to obtain RCE on systems. The vulnerability, which can be executed through malicious Office documents, can be used to access remote...
Should You Change Penetration Testing Vendors Each Year?
Learn more about the pros and cons of switching penetration testing vendors. There’s no one right answer, but we discuss the pros and cons of changing it up.
Top 4 Reasons Security Assessment Quotes are Different
Learn more about what factors cause pricing differences between similar security engagements to ensure you get exactly what you need.
Internal Persistence Techniques
Ensuring persistent access in a network is vital when conducting an internal penetration test. Learn about some of the most common tactics we use.
Penetration Testing – PCI Compliance – Auditing
See How We Can Secure Your Assets
Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.