Blogs & Articles
Cybersecurity News, Latest Vulnerabilities, Hacking Tutorials
What is CORS (Cross-Origin Resource Sharing) and Why You Should Care About It
CORS is a security feature that prevents unauthorized access to web resources. This article looks at CORS and then how CORS attacks work.
Penetration Testing – From Adversary to Partner
While penetration testing can be considered “adversarial” testing, it should be anything but that. Your penetration test, no matter who you do it with, should be a partnership. In every partnership, communication is key. Settling for a pentest company that merely...
The Science of Learning for Hackers
The science behind learning is a fascinating field that’s constantly evolving. There is no single, definitive answer to what the most effective learning technique is, and if there was, it would likely vary from person to person. However, there are a number of...
Getting Started with Offensive JavaScript
JavaScript is a bit like Marmite, you either love it or hate it. Regardless of how it makes us feel, it is a powerful tool for attacking users and exploitation. Often, popping alert(1) is proof enough to get a fix but doesn’t demonstrate the full impact an attacker...
The Fundamentals of HTTP for Hackers
Hypertext Transfer Protocol (HTTP) is an application layer protocol. On the surface, HTTP can appear quite simple, but there are a lot of quirks considering its use across inconsistent browsers and servers. Breaking down an HTTP request For each request, we generally...
Security Testing Requirements for PCI-DSS
Overview Organizations handling credit card data must adhere to the Payment Card Industry Data Security Standard (PCI DSS). Understanding the specifications and what an organization must do specifically to comply with the standard might be challenging. This article...
Technical Notes and Documentation
Understand the key differences between Penetration testing and Red Team engagements to ensure that you choose right course of action for your organization.
Things to Try When your Reverse Shell Fails
Target enumerated, check.Vulnerability identified, check.Tested payload delivery, check.RCE verified, check.Reverse shell...nope. Today we are going to look at some practical ways to troubleshoot your reverse shell. Some of these points come from logical thinking,...
Top Pentest Findings in 2022 from a First Year Pentester
The year 2022 has wrapped up and I find it helpful to share some of the most common findings I have encountered throughout the year. Some of these may not be surprising as they are covered in almost every cybersecurity awareness training course there is. However, it...
So You Want to Be a Hacker: 2023 Edition
Video Version: Introduction The past two years, we've posted blogs on how to become an ethical hacker. Given that these blogs have been well received, we have brought back yet another edition. So, without further ado, let's chat about how you can break into the field...
Penetration Testing - PCI Compliance - Auditing
See How We Can Secure Your Assets
Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.