by TCMS Staff | Mar 30, 2022 | Penetration Testing
Clients often ask if they should keep the same penetration testing vendor each year or rotate. While we hate to have our clients depart and pride ourselves in cultivating a partnership with them, we always adhere to giving unbiased advice. Unfortunately, it’s...
by Heath Adams | Mar 14, 2022 | Penetration Testing
The majority of our internal penetration tests are at least a week long. While we generally have a drop box sent to the client to enable our access to the network, we have to consider efficiency as well. Ensuring persistent access in a network is vital to that...
by Heath Adams | Aug 13, 2021 | Penetration Testing
Welcome to the second edition of Pentest Tales, a blog series that walks through real-world pentests we’ve performed in the past. The purpose of this blog is not just to share the “owning” of a domain, but to provide education as to why a domain was...
by Heath Adams | Aug 3, 2021 | Exploit Development, Penetration Testing
Trendy vulnerabilities like PrinterNightmare and attacking Active Directory Certificate Services may seem incredible currently (and they are), but they end up being manually patched out and dealt with over time. Systems administrators will consider their risk and...
by Heath Adams | Jul 13, 2021 | Active Directory, Penetration Testing
Any Systems Administrator knows that the task of securing an Active Directory environment is a never-ending task. Since the first Windows AD was released with Server 2000, Microsoft has added countless features. Many of these features are created with connectivity in...
by Heath Adams | May 25, 2021 | Penetration Testing
While working out the details with a client for an upcoming security assessment, whitelisting the penetration testers IP addresses always generates additional conversation. It may seem odd because you wouldn’t whitelist your adversaries to bypass a security control,...
