fbpx

Category: Security

  • Blog
  • Category: Security
Should You Change Penetration Testing Vendors Each Year? 

Should You Change Penetration Testing Vendors Each Year? 

While performing external penetration testing, one of the primary ways to breach the perimeter and Clients often ask if they should keep the same penetration testing vendor each year or rotate. While we hate to depart with our clients and pride ourselves in cultivating a partnership with them, we always adhere to giving unbiased advice.

Read More
Top 4 Reasons Security Assessment Quotes are Different 

Top 4 Reasons Security Assessment Quotes are Different 

The majority of our internal penetration tests are at least a week long.  While we generally have a drop We frequently hear from our clients about the disparity between pricing quotes from multiple vendors. Unfortunately, this often leaves clients lost as they aren’t sure what is a fair price for a quality engagement. It can

Read More
How Hackers Guess Your Passwords 

How Hackers Guess Your Passwords 

While performing external penetration testing, one of the primary ways to breach the perimeter and obtain internal network access is through password spraying login portals such as O365, VPNs, and employee-only sites. Password spraying works by trying one password against multiple users and relies heavily on password guessing from the attacker. Many of our clients

Read More
Top 5 Vulnerabilities We See on Web Apps

Top 5 Vulnerabilities We See on Web Apps

TCM Security regularly conducts web application penetration testing for clients of all shapes and sizes, and these applications are the online face of our enterprises. Being accessible across the Internet as a whole makes websites of any size a potential target, and the necessity of maintaining sound security practices is paramount. Today we will show

Read More
Should I Whitelist A Penetration Tester’s IP?

Should I Whitelist A Penetration Tester’s IP?

While working out the details with a client for an upcoming security assessment, whitelisting the penetration testers IP addresses always generates additional conversation. It may seem odd because you wouldn’t whitelist your adversaries to bypass a security control, so why would you do it during an attack simulation. Depending on your resources, needs, and what

Read More
Should I get a “Re-test” with my penetration assessment?

Should I get a “Re-test” with my penetration assessment?

Something you’ve likely already encountered on your penetration testing service quotes are the inclusion or add-on of a re-test. Some organizations use this as a differentiator by including it with their quotes and some offering it simply as an add-on. It’s something you should determine if its right for your organization and if so, what

Read More
The “Medium Risk” Finding That’s Destroying Your Security Program

The “Medium Risk” Finding That’s Destroying Your Security Program

Many of our clients perform vulnerability scanning on a regular basis but find that they still don’t perform as well as they’d like on penetration tests. Well today we’re going to discuss a finding that’s frequently found on networks, that many vulnerability scanners consider a Medium Risk, and that usually ends in objective achievement. We’re

Read More
The Dangers of LLMNR/NBT-NS

The Dangers of LLMNR/NBT-NS

What is LLMNR/NBT-NS LLMNR (Link Local Multicast Name Resolution) and NBT-NS (NetBIOS Name Service) are alternative methods of host identification that is triggered when DNS fails to resolve a name. In short, if a user were to attempt to connect to a host that DNS does not have stored, the next step would be to

Read More
Do I Need Permission to Test My Cloud Environment?

Do I Need Permission to Test My Cloud Environment?

As organizations continue to move towards cloud computing technology and services, we get this question often. The good news is it’s become much clearer in recent times as both AWS and Microsoft Azure have both relaxed their policies and posted easy to understand guidelines. In short, for the majority of your penetration testing needs are

Read More
Why You Should Be Using Password Filters

Why You Should Be Using Password Filters

Attackers targeting login portals has become common place, so much that many organizations don’t even bother reviewing logs due to the immense number of password spraying campaigns. Adversaries continue this attack path because it’s proved successful The good news is there are many options to assist an organization in defending against this onslaught. You’ve already

Read More