My Profile Photo

Jason Lazerus


“Beware the quiet man. For while others speak, he watches. And while others act, he plans. And when they finally rest… he strikes.” - Anonymous


  1. Microsoft Flow - Alert Bot

    In this walkthrough, I’ll describe how I used Microsoft Flow to perform several security related tasks saving time for our security teams when responding to alerts. We’ll be re-using a lot of the items referenced in my previous post about Starting Tenable scans with a Code-Less Slack Bot. One notable difference in this flow is that we’ll be creating numerous empty variables up front. The reason for this is because we’ll be using a lot of Condition actions and you cannot initialize a new variable within a Condition. …


  2. Start a Tenable Scan with a Code-less Slack Bot

    I recently came across the need to quickly access some Tenable data from my mobile device, which if you’ve ever attempted it, know that it isn’t mobile browser friendly. So I thought to myself, sure, I could write a python script and run it in pythonista, but then I would still need to log onto a VPN before I ran it and I also want to make this usable for others. Then I remembered that I could use Microsoft Flow to help facilitate this and the great part is that it would require minimal to no code. …


  3. Multi-factor Authentication for All

    Multi-factor authentication is used repeatedly on a daily basis by most people who don’t even know that they are using it. The act of authentication is used to establish your identity to someone or something. Authentication is based upon three factors: something you know, something you have, and something you are. Using those three simple factors, the identity of an individual can be securely determined while preventing or reducing fraud. However, with technology that never stops advancing and businesses moving more and more towards paperless environments, identity theft and security vulnerabilities will always be a concern. In fact, identity theft and cyber-crime are expected to become more prevalent and poor economic performance is only projected to spur the trend. (Siciliano, 2010) As a result, authentication will have to continuously evolve to stay ahead of changing technology and security risks. …


  4. Getting Started with Lastpass

    Passwords are used every day in one way or another. You create passwords to protect the information you hold dear such as your home and work computer, e-mail, and bank account. But how much is your password protecting you? As an ethical hacker, I can tell you that I have cracked ten character passwords in just minutes. It’s very important for you to understand how to make a complex password and why it should be different for all of your accounts. …


  5. Password Cracking with Hashcat

    Weak passwords are a very easy way for a hacker to gain access to your systems. Passwords can be cracked very quickly these days with increased computer speeds and the use of GPUs for hash calculations. Recently, I’ve begun checking service accounts for weak passwords. Service accounts are generally used when an application requires authenticated access to systems without an interactive login (we hope). This brief tutorial assumes that you already have access to a Linux system. I’m writing it because when I first began password cracking, it took me a while to find the best and most efficient to do this. I performed these steps on Ubuntu 14.04 LTS. …


  6. Jason S. Lazerus

    Experienced VP, Manager of Infrastructure & Security with a demonstrated track record of leading engineering teams and implementing highly functional and secure operating environments. Skilled in developing and executing infrastructure and support strategies for the entire infrastructure stack, as well as collaborating with business unit and technology constituents to select and implement software and services. Proficient in managing technical professionals to develop and implement strategic solutions and leading complex projects with multiple resources across the organization. Adept at developing and executing remediation plans for regulatory, audit, and risk-based technology reviews and leading response efforts for significant system and application outages or issues. …