Blogs & Articles
Cybersecurity News, Latest Vulnerabilities, Hacking Tutorials
So You Want to Be a Hacker: 2022 Edition
Video Version: https://youtu.be/lhz0-qAQlBM Introduction Last year, I posted a blog (https://tcm-sec.com/so-you-want-to-be-a-hacker-2021-edition/) and video (https://www.youtube.com/watch?v=mdsChhW056A) on how to become an ethical hacker in 2021. Given that it...
Top 5 Vulnerabilities We See on Web Apps
TCM Security conducts web application penetration testing. In this article, we review the top five most common findings we see in client web applications.
Bypassing Defender the Easy Way – Fodhelper
If you’ve ever tried to run a command prompt as administrator on your Windows OS before, you’ve seen a harmless popup appear. This is Windows User Account Control, or UAC. According to Microsoft, UAC “is a fundamental component of Microsoft’s overall security vision....
Pentest Tales #002: Digging Deep
Welcome to the second edition of Pentest Tales, a blog series that walks through real-world pentests we’ve performed in the past.
SMB Relay Attacks – Gift That Keeps on Giving
Trendy vulnerabilities like PrinterNightmare and attacking Active Directory Certificate Services may seem incredible currently (and they are), but they end up being manually patched out and dealt with over time. Systems administrators will consider their risk and...
Kerberoasting Domain Accounts
The Gift That Keeps on Giving Few vulnerabilities in the Windows Active Directory environment have had the long-lasting impact that Service Principal Names (SPN) have. Domain-connected services, such as MSSQL servers, web servers, and more may be connected and issued...
ASREP Roasting & Pre-Authentication in AD Environments
Any Systems Administrator knows that the task of securing an Active Directory environment is a never-ending task. Since the first Windows AD was released with Server 2000, Microsoft has added countless features. Many of these features are created with connectivity in...
Boost Your Security Program for WFH Employees
With communities beginning to open back up, companies are considering the decision to stay remote. And this comes with good reasons. The cost of leasing space might be prohibitive and downsizing to host only necessary business functions could help with expenses....
Should I Whitelist A Penetration Tester’s IP?
While working out the details with a client for an upcoming security assessment, whitelisting the penetration testers IP addresses always generates additional conversation. It may seem odd because you wouldn’t whitelist your adversaries to bypass a security control,...
Should I Get a “Re-test” With My Penetration Assessment?
Should you get a re-test of your penetration test to determine if the findings were properly remediated? The answer depends on your business. Find out more.
Penetration Testing – PCI Compliance – Auditing
See How We Can Secure Your Assets
Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.