Skip to Main Content

Jason Ashton

EXPERIENCE
Jason Ashton is a Practice Lead at TrustedSec. He routinely performs internal, external, and wireless penetration tests for a wide range of clients. As a Practice Lead, Jason developed and manages an internal training program focused on bringing new-to-security personnel into TrustedSec. Jason has also built custom devices for capturing and cloning access control credentials, as well as provisioning and field support for red team remote access and NAC bypass devices. He has worked in technology/IT for over 25 years, with a focus on InfoSec for the past decade. Jason’s extensive networking experience was developed over years of help desk support, sysadmin, and PC repair technician, to name a few. As a systems integration engineer, he was responsible for the design and successful implementation of diverse systems, often deployed to varying sizes of client networks.

EDUCATION & CERTIFICATIONS
Associate of Science, Electronic Engineering Technology, The University of Akron

INDUSTRY CONTRIBUTIONS
Volunteered at numerous local and national security conferences to include:

  • DerbyCon, ShmooCon, CircleCityCon, and BSides
  • DerbyCon organizer 2017-2019
  • Created and contributed to open-source tools/projects
  • Black Hat 2016: Red Team vs. Blue
  • BSidesCLE 2017: So You Wanna Be a Pentester
  • Black Hat 2018: Defense and Offense: Understanding Attackers Through Red Team Tactics
  • Black Hat 2019: A Practical Approach to Defense and Offense

PASSION FOR SECURITY
Jason’s passion for security originated with physical security systems, where his duties included engineering, deployment, and programming. While working at TrustedSec, Jason has provided additional perspective on these systems for their circumvention and ultimately better methods for secure installation. These interests carried over into Locksport, where he enjoys the challenge of lockpicking and physical lock bypass.

Featured Blogs And Resources

Discover the blogs, analysis, webinars, and podcasts by this team member.

Blog December 05 2023

The SOCKS We Have at Home

IntroductionWhen performing penetration tests, we sometimes find that the systems or data we are targeting are not directly accessible from the network our…

Read about this article
Blog November 28 2023

What is Hackvertor (and why should I care)?

1.1      What’s Hackvertor and why should I care?Years ago, Gareth Heyes created a Burp Suite (Burp) extension called Hackvertor. It’s an extension with a lot…

Read about this article
Blog November 16 2023

Clickjacking: Not Just for the Clicks

tl;dr versionYou can trick users into "typing" inputs in a clickjacking attack.YouTube demo: https://www.youtube.com/watch?v=VIEZ1aByFvUPoC GitHub Repo:…

Read about this article
Blog November 14 2023

Book Review - The Definitive Guide to PCI DSS Version 4

As a PCI QSA, I have answered numerous questions about the new PC DSS Version 4. With over 500 total controls, and at least 100 of them unique to this version,…

Read about this article
Blog November 07 2023

The Triforce of Initial Access

LootWhile Red Teamers love to discuss and almost poetically describe their C2 feature sets, EDR evasion capabilities, and fast weaponizing of N-day exploits,…

Read about this article
Blog November 02 2023

JS-Tap: Weaponizing JavaScript for Red Teams

How do you use malicious JavaScript to attack an application you know nothing about?Application penetration testers often create custom weaponized JavaScript…

Read about this article
Blog October 17 2023

A Hitch-hacker's Guide to DACL-Based Detections (Part 3)

This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1    IntroductionIn this third and final…

Read about this article
Blog October 12 2023

A Hitch-hacker's Guide to DACL-Based Detections (Part 2)

This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1    IntroductionThis is a continuation of A…

Read about this article
Blog October 11 2023

A Hitch-hacker's Guide to DACL-Based Detections (Part 1B)

This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1    IntroductionIn this continuation to our first…

Read about this article
Blog October 10 2023

A Hitch-hacker's Guide to DACL-Based Detections (Part 1A)

This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1    IntroductionIf you were to collectively ask any…

Read about this article

Empower your business through better security design.

Talk directly with our experienced advisory consultants to learn how we can help.