Monthly Archives: March 2013

Who are We: James Jardine

To continue on with the series of “who we are” here at secure ideas, here is the second profile post.

Please feel free to reach out to each of us with any comments or questions you may have!

Who am I:

James Jardine, Principal Security Consultant at Secure Ideas.

What do I do at Secure Ideas:

I get to do a little bit, scratch that, a lot of everything at Secure Ideas.   Most of my time is spent performing consulting work for our many clients.  In addition, I spend a lot of time helping define and improve internal processes for Secure Ideas.   I enjoy creating blog posts, videos, and most recently, the Professionally Evil Perspective podcast. 

What is my security background in a nutshell:

I come from a development background, which I think helps in my security consulting experience.  I first got my taste of security back in 2001 when a client I was contracting for needed someone to look into a possible network breach.  From that point, I started focusing more on application security in my development roles.  I really enjoy the challenge of security and am always looking to learn more.  About two years ago I became an instructor for SANS teaching their Dev544: Secure Coding in .Net course. 

What is my favorite attack:

While I enjoy a wide range of the attacks I get to perform, my favorite is the phishing attacks, or social engineering.  I really enjoy the challenge of trying to craft an exploit that I am going to then use to target another user to see if I can gain the advantage.  Every user is different and the back story and technique used can very a lot. These types of attacks allow for the most freedom and can be really fun.ssh

What am I learning about now:

I am really trying to dig into MVC development.  It is a very popular programming paradigm and I am trying to do much more with it.  I am also learning a lot about SEO which is quite interesting.

Reaching me:

There are a ton of ways to reach me directly:


GSA Database May Have Leaked Information: Kevin Johnson was Interviewed

Recently it was announced that there was a security flaw found in one of the GSA systems that could have allowed for vendors to see other vendor information.  The original article, which you can read in its entirety, can be found at GSA Database May Have Leaked Contractor Banking and Proprietary Information.  Kevin Johnson, CEO,… Continue Reading

Mobile Security: Upcoming Events

Mobile security is a very hot topic and there are some pretty cool events just around the corner.  If you are looking for great information, check these events out. No, This is not an April Fools Joke,  James Jardine and Kevin Johnson will be doing a webcast on April 1st “Ask the Expert Webcast: Mobile… Continue Reading

Tactical Security Ops at Black Hat 2013

Kevin Johnson and John Strand recently gave a presentation at RSA 2013 titled “Tactical Sec Ops: A Guide to Precision Security Operations.”  Not surprisingly, this has been something that we’ve been talking quite a bit about internally.  So much so that Secure Ideas will be teaching Tactical Security Ops at Black Hat USA.  We initially… Continue Reading

Who are We: Kevin Johnson

So here at Secure Ideas we have decided to do a small series of posts.  The purpose of these posts is to provide a quick introduction to each of the consultants on staff.  Its kind of a fun and quick post. Please feel free to reach out to each of us with any comments or… Continue Reading

Looking for Malicious PHP Files

A while back I had to deal with a compromised web server for some folks.  They had some WordPress sites with a vulnerable plugin and found that attackers were putting up malicious web pages for other victims to view.  The owners of the sites were understandably upset. The malicious files names didn’t follow much of… Continue Reading

Admin Consoles, Default Creds, and Sweet Pwnage

Admin Consoles, Default Creds, and Sweet Pwnage

When performing internal network penetration tests, one thing that really gets us excited is finding administrative consoles.  Tomcat and PHPMyAdmin are two of the most common that I’ve found from my experience.  The reason we get excited is that many of these consoles have never had the default credentials changed.  Why?  Because they’re on the… Continue Reading

Ninja Developers Webcast Trilogy Overview

Over the past three months, James Jardine and Kevin Johnson were featured in a webcast trilogy titled “Ninja Developers.”  The series was presented through the SANS Institute and an archive of each episode can be found on the SANS website (links provided below).  The purpose of the presentations is to reach out to developers and… Continue Reading