Jason Gillam

Jason Gillam is a Principal Security Consultant with Secure Ideas. If you are in need of a penetration test or other security consulting services you can contact him at jgillam@secureideas.com

Equifax Breach: Why I am not surprised

The Equifax breach, announced in September 2017, is said to potentially impact some 143 million Americans.  At this point in time Equifax has not shared many details about the breach except the numbers and that the information was extracted through a web application vulnerability.  Despite the lack of details, we can make some educated guesses …

Equifax Breach: Why I am not surprised Read More »

Cloud-Base Host Discovery Is Easier Than You Think!

During a recent conversation at DerbyCon it occurred to me that some security folks who are just dipping their toes into AWS are struggling a lot with the idea that cloud (EC2) instances keep popping up spontaneously. Developers and their agile / devops / continuous deployment methodologies are creating a chaotic mess of the network that has …

Cloud-Base Host Discovery Is Easier Than You Think! Read More »

Wireless Attacking EAP-TTLS with Kali 2 and ALFA AWUS051NH

Is your corporate wifi as secure as you think it is? A common configuration for WPA Enterprise wireless networks is to use a combination of PEAP (Protected EAP) and EAP-TTLS (Tunneled Transport Layer Security). Though this configuration solves several issues found in other configurations, it (sometimes) also has its own fatal flaw. If a client …

Wireless Attacking EAP-TTLS with Kali 2 and ALFA AWUS051NH Read More »

five fingers

Five Outdated Security Excuses

The Security Industry as a whole has been known to criticize businesses large and small with respect to how they manage security.   Why does it so often seem like an after-thought?  How is it that today we still frequently find that security teams are understaffed (or not at all), that business decisions involving sensitive information are made without …

Five Outdated Security Excuses Read More »

Introducing Burp Correlator!

This one is for you web penetration testers!  This new Burp extension is designed to help with efficiency when you are testing a complex application full of parameters or a series of applications and just do not have enough time to thoroughly analyze each one.  It analyzes all the parameters in your in-scope traffic and …

Introducing Burp Correlator! Read More »

Practical Pentest Advice from PCI

The PCI Security Standards Council released a Penetration Testing Guidance information supplement in March 2015.  This document, while geared towards the Payment Card Industry, provides a lot of valuable advice to the providers of penetration tests and their clients, regardless of industry.  At 40 pages in length the document might seem a bit heavy, so …

Practical Pentest Advice from PCI Read More »

Scroll to Top