SEC588: Cloud Penetration Testing
SANS Cyber Defense Initiative 2021 Washington, DC
Upcoming Courses
Profile
Jason has used his extensive experience to help clients solve a variety of security problems impacting their respective businesses. He helped a solution manufacturer raise their DoD STIG metrics to above 95% for all assessed products, including development of Python hardening scripts that protected federal assets. He coded a Python vulnerability management program that automatically provided remediation timeliness and metrics for closing security issues. In a client-authorized penetration test, he found a 0-day vulnerability (CVE-2016-2783) in a networking platform that was ethically disclosed to the vendor. He is the author of the "VoIP Hopper" network infrastructure pen testing tool, which is included in the popular Kali Linux distribution.
Jason has extensive experience distilling security issues and presenting them to target audiences, including C-Suite and board, and has been quoted in media outlets such as Network World and Wired Magazine. Jason has spoken at many high-profile security events such as DefCon and ShmooCon. He has been invited by federal agencies, SANS Institute (Pentest Summit) and Forrester Research to speak on application security. Jason holds several certifications, including Cisco CCIE #15239, AWS Certified Solution Architect Associate, GPEN, GCIH, GCFA, AWS Certified Security Specialty, and Azure Security Engineer Associate. He earned an M.S. in Information Security from James Madison University, and his B.A. from the University of Michigan.
Here is a presentation by Jason Ostrom:
The End of the PSTN As You Know It | DEF CON 20
ADDITIONAL CONTRIBUTIONS BY JASON OSTROM:
TALKS
VoIP Hopping the Hotel: Attacking the Crown Jewels through VoIP, DEF CON 19
Advancing Video Application Attacks with Video Interception, Recording, and Replay, DEF CON 17
TOOLS
- Aria Cloud - A remote penetration testing Docker container, with a focus on including cloud penetration testing tools for Azure, AWS, and GCP.
- Purple Cloud - Deploys a small Active Directory domain in Azure IaaS, using Terraform + Ansible. Joins three Windows 10 endpoints to a domain and includes a Linux Adversary.
- VoIP hopper - VoIP Hopper is a network infrastructure penetration testing tool to test the (in)security of VLANS as well as mimic the behavior of IP Phones to automatically VLAN Hop and demonstrate risks within IP Telephony network infrastructures.
- Azure Velociraptor - Deploys the Velociraptor live response DFIR agent in Azure IaaS, using Terraform + Ansible. Deploys one Velociraptor server and one Windows 10 endpoint configured to register the Velociraptor agent to the server.
- HELK_Azure - Deploys Hunting ELK (HELK) hunting SIEM into Azure IaaS, using Terraform + Ansible. Deploys one HELK server and one Windows 10 endpoint. The endpoint is auto-configured to ship SwiftOnSecurity Sysmon logs via Winlogbeat using Kafka transport. Default support for Mordor.
- Hammer - A learning demo example of a vulnerable Ruby on Rails application found in the wild. It leaks cloud API keys through a vulnerable middleware component. Docker container support as well as build instructions.