TCM Security Courses
These completion certificates from TCM Security reflect the in-depth skills I’ve developed in offensive security. I’ve gained hands-on experience in areas such as web and mobile application exploitation, network penetration testing, API hacking, and vulnerability discovery.
Through real-world simulation labs, I’ve learned how to identify security gaps, execute attacks, and provide actionable remediation strategies. These certifications demonstrate my readiness to apply these offensive security techniques as a penetration tester, with a strong focus on practical skills to protect and secure systems. Additionally, these skills have been beneficial in contributing to my attempt at vulnerability disclosure programs (VDPs), reinforcing my capability to deliver effective solutions in real-world environments.
Click here to view the TCM Security Academy website
All Courses Completed
Mobile Penetration Testing: Techniques for testing Android and iOS applications.
Sensitive Data Extraction: Methods to extract API keys, stored secrets, and databases.
Lab Setup: Configuring environments for testing mobile apps.
Manual & Automated Analysis: Using tools like MobSF for in-depth analysis.
SSL Pinning Bypass: Techniques using Objection and Frida.
OWASP Top Ten for Mobile: Understanding key mobile security vulnerabilities.
Jailbreaking: Steps to jailbreak iOS devices for testing.
Web Application Mechanics: Understanding how web applications function and their components.
Advanced Attacks: Techniques for authentication attacks, broken access control, SSRF, advanced SQL and NoSQL injection, file inclusion, XXE, and XSS.
Payload Crafting: Developing custom payloads to exploit identified vulnerabilities.
Security Testing: Identifying weaknesses, attacking JSON Web Tokens, mass assignment, open redirects, and race conditions.
API Fundamentals: Understanding how APIs operate and their structures.
Endpoint Enumeration: Techniques to identify and list API endpoints.
Vulnerability Identification: Recognizing common security issues in API-driven applications.
Exploitation Skills: Performing successful attacks on vulnerable API endpoints.
Phishing Simulations: Setting up and managing simulations with tools like GoPhish and Evilginx.
Multi-Factor Authentication Bypass: Techniques for bypassing MFA and spoofing domains.
Advanced Phishing Methods: Implementing SMS phishing (smishing) and vishing strategies.
Setup and Configuration: Configuring AWS EC2 instances, domain, and email registration.
Reporting and Ethics: Emphasizing clean-up practices, event logging, and ethical considerations in cybersecurity.
Web Application Architecture: Understanding essential web technologies and OWASP Top 10.
Tools and Techniques: Mastering Burp Suite, distinguishing Bug Bounty Hunting from Penetration Testing, and applying advanced evasion techniques.
Vulnerability Exploitation: Techniques for exploiting vulnerabilities and bypassing Web Application Firewalls (WAF).
Ethical Reporting: Crafting comprehensive reports and practicing responsible disclosure.
Career Development: Building a career in Bug Bounty Hunting, including strategies for selecting programs and securing invites.
Program Fundamentals: Steps to understand problems and devise solutions.
Development Environment Setup: Setting up coding tools and environments.
Initial Coding: Writing and refining code with AI assistance.
Debugging Skills: Identifying and fixing bugs effectively.
Code Refinement: Enhancing code performance and readability.
Deployment: Managing code deployment and post-launch.
System Enumeration: Techniques for manual and tool-based enumeration of Linux systems.
Privilege Escalation Techniques: Methods including kernel exploits, password hunting, file permissions, and sudo attacks.
Advanced Techniques: Shell escaping, LD_PRELOAD, CVE-2019-14287, CVE-2019-18634, SUID attacks, and more.
Practical Experience: Hands-on skills from working with 11 vulnerable machines and a capstone challenge.
System Enumeration: Techniques for manual and tool-based enumeration of Windows systems.
Privilege Escalation Techniques: Methods including kernel exploits, password hunting, impersonation, and registry attacks.
Executable and Scheduled Tasks: Exploiting executable files, scheduled tasks, and startup applications.
DLL Hijacking and Service Permissions: Techniques for DLL hijacking and exploiting service permissions.
Windows Subsystem for Linux: Privilege escalation in Windows Subsystem for Linux.
Hands-On Experience: Practical skills from working with 13 vulnerable machines and a capstone challenge.
OSINT Overview: Understanding the basics of OSINT techniques.
Effective Notekeeping: Best practices for organizing OSINT findings.
Creating Sock Puppet Accounts: Techniques for creating and using fake identities.
Search Engine OSINT: Advanced search engine techniques for information gathering.
Image and Email OSINT: Methods for extracting data from images and email addresses.
Breached Data and People OSINT: Finding and analyzing breached data and information about individuals.
Phone Number and Username OSINT: Techniques for investigating phone numbers and usernames.
Website and Social Media OSINT: Gathering intelligence from websites and social media platforms.
Wireless Network OSINT: Identifying and analyzing wireless network information.
OSINT Tools and Automation: Using tools and automation for efficient OSINT.
Report Writing: Documenting and presenting OSINT findings effectively.
External Pentest Objectives: Understanding the goals and scope of external penetration tests.
Documents and Procedures: Key documents and procedures for conducting external pentests.
Scope Verification: Techniques for verifying scope and communicating with clients.
Attack Strategies: Effective strategies for external attacks.
Vulnerability Scanning: Methods for identifying vulnerabilities.
OSINT Techniques: Using OSINT for information gathering.
Attacking O365/OWA and Login Portals: Tactics for exploiting O365/OWA and login portals.
Bypassing MFA: Techniques for bypassing multi-factor authentication.
Report Writing: Crafting detailed and effective penetration test reports.
Pentest Findings: Identifying and addressing common pentest findings.
Client Interaction: Managing client debriefs, retests, and attestations.
Ethical Hacking Overview: Understanding the daily tasks and responsibilities of an ethical hacker, including assessment types and potential earnings.
Effective Notekeeping: Techniques for maintaining detailed and organized notes, essential for success in the field.
Networking Fundamentals: Refresher on networking concepts, including common ports, protocols, and network building.
Linux and Python Basics: Introduction to Linux and Python, including scripting for automation and tool development.
Hacking Methodology: Overview of the five stages of hacking, from reconnaissance to post-exploitation.
Reconnaissance and Scanning: Techniques for gathering information, performing scans, and identifying vulnerabilities.
Exploitation: Hands-on experience with Metasploit, manual exploitation, and attack strategies.
Active Directory Penetration: Building and exploiting Active Directory environments, learning tools like mimikatz and Bloodhound.
Post-Exploitation: Techniques for maintaining access, file transfer, and pivoting.
Web Application Testing: Penetration testing practices, including OWASP Top 10 vulnerabilities and tool automation.
Wireless Attacks: Performing attacks on WPA2 networks.
Legal and Reporting Skills: Understanding legal documentation, report writing, and career advice for penetration testers.
Last updated