TCM Security

SOC Analysts are critical to an organization’s ability to detect and respond to security incidents. Their effectiveness relies on understanding a wide array of evidence sources, from network traffic to system logs, disk images, and memory artifacts. Mastering these tools and techniques takes time, but the right experience is key. While each SOC may have its own tech stack, there are core tools that every SOC Analyst should be familiar with. In today’s edition of The Cyber Mentor Newsletter, we highlight these essential tools and methodologies. To gain hands-on experience with these tools, join our SOC Level 1 Live Training from January 21-24, 2025. Spaces are limited, so reserve your spot soon! https://lnkd.in/g9x5YK3W 

A penetration testing report is the key deliverable from an ethical hacker or penetration tester. But did you know these reports can vary greatly in format and detail? Some firms may provide just raw scan results, while others offer comprehensive reports that can exceed 100 pages—detailing everything from vulnerabilities to remediation advice. The right level of detail depends on your needs and the goals of the test. At TCM Security, we provide clear, actionable penetration testing reports to help organizations strengthen their security posture. Want to see an example? Download a sample penetration testing report from us today and get a closer look at how thorough, impactful, and valuable a detailed report can be. https://lnkd.in/gD-7iCyJ

Our popular “How to Be an Ethical Hacker” series is updated for 2025! Explore essential resources to master foundational skills like programming, networking, and Linux, plus dive into hacking basics and specialized topics like web app hacking and wireless hacking. This updated guide also highlights communities to join and creators to follow as you make progress in your security journey. Catch the video from Heath Adams for a detailed look and check out the comments for a link to the accompanying blog post! https://lnkd.in/g75dDMQ3

We wish you all a very Happy New Year. May your year be filled with laughter, learning, and loved ones! <3 The TCMS Family

If you’ve been job hunting in cybersecurity this year, you know how tough it can be. But remember— consistency is key! Success might not come immediately, but every application, networking effort, and even rejection is helping you grow. In this blog post, we break down how to approach your job search with conviction, patience, and a smart strategy. Here are a few highlights: 🔑 𝗚𝗲𝘁 𝗬𝗼𝘂𝗿 𝗠𝗶𝗻𝗱 𝗥𝗶𝗴𝗵𝘁 – Your mindset can make all the difference. Stay confident that every step forward, even the small ones, is progress toward your goal. 💡 𝗧𝗿𝗮𝗰𝗸 𝗬𝗼𝘂𝗿 𝗝𝗼𝗯 𝗦𝗲𝗮𝗿𝗰𝗵 𝗗𝗮𝘁𝗮 – Don’t just apply and hope for the best. Track what’s working, what’s not, and refine your strategy based on real data. The more you learn about what works, the easier it gets! 🤝 𝗡𝗲𝘁𝘄𝗼𝗿𝗸𝗶𝗻𝗴 𝗼𝗻 𝗬𝗼𝘂𝗿 𝗧𝗲𝗿𝗺𝘀 – Not everyone loves cold messaging strangers, and that’s okay! The key to successful networking is finding approaches that feel right for you. If you’re introverted, focus on building deeper, more personal connections rather than forcing yourself to be everywhere at once. Ready for more tips on how to make your job search more effective and less stressful? Check out the full blog post and get the insight you need to keep pushing forward! https://lnkd.in/geZakacK

Whether you’re an experienced Pen Tester, a Bug Bounty Hunter, or just starting out, mobile security opens up exciting new opportunities. Here’s a roadmap to help you build the skills you need: 1️⃣ 𝗦𝘁𝗮𝗿𝘁 𝘄𝗶𝘁𝗵 𝘁𝗵𝗲 𝗕𝗮𝘀𝗶𝗰𝘀: Get familiar with the OWASP Mobile Top 10 — a comprehensive resource for understanding vulnerabilities in both iOS and Android apps. 2️⃣ 𝗚𝗲𝘁 𝗛𝗮𝗻𝗱𝘀-𝗢𝗻: TryHackMe’s Mobile Malware Analysis room offers a fantastic interactive experience to sharpen your skills in analyzing Android malware. 👾 3️⃣ 𝗠𝗮𝘀𝘁𝗲𝗿 𝗶𝗢𝗦 𝗝𝗮𝗶𝗹𝗯𝗿𝗲𝗮𝗸𝗶𝗻𝗴: Dive into our iOS Jailbreak Guide for detailed insights into iOS exploitation. Essential reading for anyone serious about mobile security. 🔓 Want to take your skills to the next level? Consider the Practical Mobile Pentest Associate (PMPA) certification. This hands-on training is designed to help you master mobile app penetration testing and build real-world skills for mobile security. Start your mobile journey today! https://lnkd.in/gZh4iw7g

Where are we today? Give your OSINT skills a test and try to determine the location of today's challenge - the closest mountain will work!

Looking to stand out in today’s competitive job market? Our FREE course, Soft Skills for the Job Market, is designed to equip you with the essential skills to succeed. In Soft Skills for the Job Market, you’ll learn to: 💬 Communicate effectively and master professional etiquette in both phone and email conversations. ✍️ Write a resume that captures attention and highlights your strengths. 🔍 Navigate the job market with proven strategies for finding the right opportunities. 🤝 Prepare for interviews with expert advice on handling behavioral and technical questions. 🌐 Build a professional online presence through a personal website and strategic networking. Don’t miss out on this valuable free resource — take the next step toward landing your ideal cybersecurity job today! https://tcm.rocks/ss-li

We’re thrilled to announce that the Practical Network Penetration Tester (PNPT) is now featured in a Microsoft job posting! This is a major recognition and an exciting validation of the value and skills PNPT holders bring to the cybersecurity industry. 🙌 If you’re looking to level up your penetration testing skills and prove your real-world expertise, the PNPT is the cert you need! Learn more about the PNPT and how it can boost your career: https://lnkd.in/gsPWPnfX

Have you heard of Cookie Jar Overflows? This classic yet under-discussed technique allows attackers to remove cookies from a target user and replace them with their own. Combined with vulnerabilities like session fixation, it can have serious impacts, including account takeovers. In our latest video, we: ✅ Break down the theory behind cookie jar behavior and browser quirks. ✅ Explore how this attack manipulates session cookies. ✅ Demonstrate the technique in action with a lab. Browsers have cookie limits (e.g., ~160-165 cookies in Chrome/Firefox). By flooding the cookie jar, we can push out critical cookies (like session cookies) and set our own. If the app doesn’t validate properly, we’re in. This attack is especially potent when paired with XSS vulnerabilities. Beyond session fixation, this technique has other use cases, like cache poisoning with malicious cache keys and manipulating application state via cookie-stored flags. Have you had success with this technique? Share your stories in the comments! https://lnkd.in/gjjZC7XW