How I got my first CVE published โ CVE-2024โ39248
It first started with a little exploration of a CMS software titled SimpCMS 0.1, which had its last release in October 2010 on SourceForge.
Jason is a Cybersecurity Engineer and Dark Web Researcher who specializes in Offensive Security, Incident Response, and Open Source Intelligence for government and corporate cyber situations.
Jason is a cybersecurity professional specializing in Offensive Security, Incident Response, and Open Source Intelligence for both government and corporate environments. His work combines hands-on penetration testing depth, including web application exploitation, defensive security, and OSINT tradecraft, with academic research focusing on Dark Web operations and threat intelligence.
INE eLearnSecurity Junior Penetration Tester (eJPT)
INE eLearnSecurity Certified Professional Penetration Tester (eCPPT)
INE eLearnSecurity Web Application Penetration Tester (eWPT) Explore the proficiencies that enable me to excel in cybersecurity and software development.
Experienced in conducting comprehensive cybersecurity assessments to identify and mitigate potential threats.
Skilled in gathering and analyzing data from various sources to identify emerging cybersecurity threats.
Proficient in assessing and enhancing the security of WordPress-based websites and applications.
Experienced in reviewing and optimizing security configurations for network devices, including Fortinet products.
Capable of assessing and improving security posture within Office 365 environments.
Experienced with EC2, Route 53, and AWS IAM services for cloud-based solutions.
Proficient in developing and securing applications using Linux, Apache, MySQL, and PHP.
Skilled in managing and securing Linux-based systems and environments.
Well-versed in implementing and maintaining strong cybersecurity measures across various platforms.
It first started with a little exploration of a CMS software titled SimpCMS 0.1, which had its last release in October 2010 on SourceForge.
Learn comprehensive techniques for subdomain enumeration, covering both passive and active approaches for penetration testing scenarios.
FAQs
Common questions about my cybersecurity consultancy services, assessments, and technical expertise.
A VAPT engagement involves a comprehensive review of your network and applications to identify vulnerabilities. I simulate real-world attacks to evaluate your security posture and provide a detailed report with actionable remediation steps to fortify your defenses.
My OSINT methodology involves gathering and analyzing publicly available data to identify potential threat vectors, data leaks, and exposed assets. This intelligence helps organizations proactively defend against emerging threats before they can be exploited.
I conduct in-depth reviews of WordPress installations, examining plugins, themes, and core configurations. This includes vulnerability scanning, malware detection, enforcing principle of least privilege, and implementing robust security headers to protect against common web exploits.
I audit your Office 365 tenant against industry best practices to prevent unauthorized access. This covers enforcing Multi-Factor Authentication (MFA), reviewing conditional access policies, analyzing mail flow rules for data exfiltration risks, and securing SharePoint/OneDrive permissions.
Yes, I assess AWS environments focusing on Identity and Access Management (IAM), EC2 hardening, VPC configurations, and S3 bucket security. I ensure your cloud infrastructure adheres to the AWS Well-Architected Framework and CIS benchmarks.
Absolutely. I specialize in Linux administration and securing the LAMP stack (Linux, Apache, MySQL, PHP). I implement strict firewall rules, disable unnecessary services, secure database configurations, and establish secure SSH access policies to minimize the attack surface.