A penetration test emulates the real-world threats and attack vectors you are likely to encounter. The goal of a penetration test is to identify the weaknesses and demonstrate the impact before an attacker does. TCM Security provides client-tailored and compliance-tailored testing packages, including GDPR, SOX, HIPAA, NIST, PCI-DSS, and the CIS Top 20.
External Penetration Testing
An engineer acts like an attacker hacking in from the outside with an end goal of breaking into your network from the perimeter. TCM Security follows a detailed methodology, including performing reconnaissance, full TCP and UDP port scanning and enumeration, exploitation, credential stuffing and password spraying attacks, and more.
Internal Penetration Testing
An engineer emulates an attacker hacking from inside the network with an end goal of gaining access to sensitive accounts, documents, and obtaining domain admin credentials. Common attacks scenarios include LLMNR/NBT-NS poisoning, SMB relay, kerberoasting, pass-the-hash, pass-the-password, golden and silver ticket attacks, and more.
Web Application Testing
Web application testing measures the security posture of your website and/or custom developed application. TCM Security performs full unauthenticated and authenticated testing based on strict OWASP guidelines. Our engineers focus on identifying weak points across the entire web application to ensure your applications and data stay safe.
Not all companies require a penetration test to successfully evaluate their security posture. Regular vulnerability scans are often an alternative. An engineer performs vulnerability scanning to search systems for known vulnerabilities without exploitation attempts with an end goal of providing a remediation report prioritized on risk.
Wireless Penetration Testing
Wireless testing is the evaluation of your wireless posture. Nearly every business provides wireless access for their employees. Some go as far as allowing guests on the network. Our engineers evaluate WPA password strength, perform evil twin attacks, conduct WPA-Enterprise bypassing attacks, and evaluate network visibility and segmentation.
Humans are often the weakest link in an organization. Our engineers are capable of performing detailed phishing, vishing, whaling, and other advanced social engineering attacks with an end goal of evaluating your company’s social engineering posture as well as gaining access to requested sensitive data, information, PII, and more as determined by the customer.
Physical Penetration Testing
Physical penetration tests evaluate a company’s physical security posture. Our engineers will attempt to gain physical access to sensitive locations such as data centers, server rooms, and network closets through all means possible. Our toolkit includes, but is not limited to: drone reconnaissance, lockpicking, social engineering, sensor bypassing, and RFID/badge cloning.
SOC / Purple Team Testing
Often, the best way to improve the “blue” team is to work hand-in-hand with the “red” team. This turns into a “purple” teaming engagement, where the red team runs common attack scenarios, such as malware uploads, file extractions, network attacks, and much more with the goal of improving blue team baselining and detection capabilities.
Red Team Simulations
Penetration testing is often considered knocking at the front door. It is loud, often detected, and is known when testing is being performed. When your company is up against an Advanced Persistent Threat (APT), the likelihood of knowing their presence is very low. Our engineers will emulate an APT and attempt to exfiltrate sensitive data without anyone noticing.
Contact Us Today
Let us know how we can help you secure your environment.
Know someone who might be interested? We offer generous referral bonuses!