Jason Gillam

Jason Gillam is a Principal Security Consultant with Secure Ideas. If you are in need of a penetration test or other security consulting services you can contact him at jason@secureideas.com

Cooking up Better Security Incident Communications

I am fond of meal kits. I enjoy the entire experience: the scrolling through delicious-looking meal descriptions, the excitement of receiving a package full of ingredients, the smells while learning how to make the recipe, and of course tasting that first bite of the new things you created with your own hands. I have not …

Cooking up Better Security Incident Communications Read More »

Equifax Breach: Why I am not surprised

The Equifax breach, announced in September 2017, is said to potentially impact some 143 million Americans.  At this point in time Equifax has not shared many details about the breach except the numbers and that the information was extracted through a web application vulnerability.  Despite the lack of details, we can make some educated guesses …

Equifax Breach: Why I am not surprised Read More »

Cloud-Base Host Discovery Is Easier Than You Think!

During a recent conversation at DerbyCon it occurred to me that some security folks who are just dipping their toes into AWS are struggling a lot with the idea that cloud (EC2) instances keep popping up spontaneously. Developers and their agile / devops / continuous deployment methodologies are creating a chaotic mess of the network that has …

Cloud-Base Host Discovery Is Easier Than You Think! Read More »

Wireless Attacking EAP-TTLS with Kali 2 and ALFA AWUS051NH

Is your corporate wifi as secure as you think it is? A common configuration for WPA Enterprise wireless networks is to use a combination of PEAP (Protected EAP) and EAP-TTLS (Tunneled Transport Layer Security). Though this configuration solves several issues found in other configurations, it (sometimes) also has its own fatal flaw. If a client …

Wireless Attacking EAP-TTLS with Kali 2 and ALFA AWUS051NH Read More »

five fingers

Five Outdated Security Excuses

The Security Industry as a whole has been known to criticize businesses large and small with respect to how they manage security.   Why does it so often seem like an after-thought?  How is it that today we still frequently find that security teams are understaffed (or not at all), that business decisions involving sensitive information are made without …

Five Outdated Security Excuses Read More »

Introducing Burp Correlator!

This one is for you web penetration testers!  This new Burp extension is designed to help with efficiency when you are testing a complex application full of parameters or a series of applications and just do not have enough time to thoroughly analyze each one.  It analyzes all the parameters in your in-scope traffic and …

Introducing Burp Correlator! Read More »

Scroll to Top