Jason Lang

Team Lead, Targeted Operations

Experience

With over 10 years of industry experience, Jason Lang has worked in both offensive and defensive roles. Before switching to red teaming, he spent 8 years working as a technical Security Architect for a Fortune 500, specializing in Active Directory and .Net/database development.

Education & Certifications

Offensive Security Certified Professional (OSCP), CISSP

Professional Affiliations

Jason is a regular speaker at information security conferences such as DerbyCon and CypherCon, and has released multiple offensive and defensive open source tools.

Passion for Security

While Jason truly enjoys contributing to the infosec community through both public speaking and the development of new tools, his passion manifests itself in helping clients make changes to their systems (and people) in ways that truly improve their security posture. Oh, and shells, he loves getting shellz too. =)

Recent Blog Posts

An Update On Non-Aggressive Reporting

By Kelsey Segrue
In Penetration Testing, Security Testing & Analysis
Reporting is an essential piece of the penetration testing puzzle. It’s the product your client will be reviewing within their organization, representing you and your company to those you may not have worked with directly. With that in mind, it’s important that your product, the report, strikes a balance between professional tone and cold facts....
Read

Weaponizing Group Policy Objects Access

By Jason Lang
In Penetration Testing, Red Team Adversarial Attack Simulation, Security Testing & Analysis
Recently, I was on an engagement where I discovered I had plaintext credentials to an account that could modify Active Directory Group Policy Objects (GPOs). This proved to be a fun challenge, as Group Policy files and properties can be bent to our will even when hacking through a straw (SOCKS only, in this case)....
Read

The Updated Security Pro’s Guide to MDM, MAM, and BYOD

By Kelsey Segrue
In Application Security Assessment
Bring your own device (BYOD) is an accepted convention, most commonly for mobile devices, in corporate environments. Even company-owned devices are treated by employees as personal devices and are often incorporated into the environment in the same way that employee-owned devices are. Our job in information security is to ensure that the business initiatives like...
Read
View all posts from Jason

Recent Webinars

Are You Ready for a Red Team?!

Recorded on October 21st, 2020 Understanding the real-world effectiveness of your security controls is a crucial element in constructing a robust security posture.  Red Team engagements (or “Adversarial Attack Simulations” as they’re known at TrustedSec) are extended, goal-oriented engagements using...
Watch
View all webinars from Jason

Recent Podcasts

TrustedSec Security Podcasts

Opsec is Hard

January 21, 2021
Jason Lang

Want to work with Jason Lang or someone like him?

The TrustedSec team is comprised of experienced and qualified security professionals. Contact us to learn more about our services, our team, and how we can help you.
Contact Us