Jason Ostrom

Jason Ostrom

Leaking Secrets in Web Applications

Information disclosure is a type of vulnerability in which a system inadvertently exposes confidential information. This post walks through an example of this flaw by looking at how environment variables can be misunderstood and misused in web applications. This post…

Build, Hack, and Defend Azure Identity

Overview Attacking Identity Systems is an attack vector growing in visibility. Look no further than the Golden SAML tactic [1] used in the SolarWinds campaign. We are seeing an explosion of Cyber Security tools [2, 3], techniques [4, 5], and…

Tools

Cloud Edge Summary: A reconnaissance tool for cloud provider attribution. Website: Github Code PurpleCloud Summary: A terraform lab generator for different Azure labs. Website: Github Docs BlueCloud Summary: A set of terraform templates for building AWS simulation labs for adversary…

Presentations

SANS Pen Test Hackfest 2022: Purple Teaming Cloud Identity: Simulation Labs for Red and Blue teams Links: Slides (PDF) | Slideshare | Video BSides DFW 2022: Purple Teaming Cloud Identity: Simulation Labs for Red and Blue teams Links: Slides (PDF)…