Ochaun Marshall – WindowsTechs.com

3 Reasons to Pentest with Brave

Posted on November 30, 2020 by Ochaun Marshall

Penetration testing is a race against the clock. Often, we only have a few days to examine all the functionality of a web application or an API. That is why we spend a lot of time refining and modifying our pentesting workflow to shave off any ineffici… Continue reading 3 Reasons to Pentest with Brave→

The OPSEC of Protesting

Posted on August 12, 2020 by Ochaun Marshall

For the past three months thousands of people have been protesting in the United States due to the deaths of George Floyd, Breonna Taylor, Tony McDade, and others. Many of the protesters are posting, recording, and streaming live while demonstrating. T… Continue reading The OPSEC of Protesting→

Using Components with Known Vulnerabilities

Posted on April 13, 2020 by Ochaun Marshall

When an organization has a breach, you would like to imagine that the attacker crafted a new exploit, leveraging a zero-day vulnerability that no one has any protection against. However, It is far more likely that the attacker exploited well-known vuln… Continue reading Using Components with Known Vulnerabilities→

Fiddling with Windows: Proxy tools for Win10

Posted on February 21, 2020 by Ochaun Marshall

If you have been following along with us, you know how to set up a Windows 10 Virtual Machine (VM) for web app pentesting. But now we have run into another problem. Let’s say that same client throws in a Windows 10 desktop app in scope. (You know… Continue reading Fiddling with Windows: Proxy tools for Win10→

In Case of Fire: Break Windows

Posted on January 14, 2020 by Ochaun Marshall

When a client calls us to pentest a web application that is only available in Internet Explorer. I cringe. I don’t know if it’s flashbacks from the countless hours spent getting a website compatible with IE, or the trauma from bad UX growin… Continue reading In Case of Fire: Break Windows→

IAM Access Analyzer Review

Posted on December 5, 2019 by Ochaun Marshall

TL;DR – This is a free tool that helps solve one of the biggest security problems when working in AWS. Turn it on. Turn it on now! Instructions are here. AWS misconfigurations are costly and difficult problems to solve. A lot of what goes w… Continue reading IAM Access Analyzer Review→

Taming the Jungle: Hardening your AWS infrastructure

Posted on May 28, 2019 by Ochaun Marshall

After nine tutorials, sixteen posts on stack overflow, and several hours or workweeks of effort you’ve finally done it. You’ve finally got something in Amazon Web Services (AWS) to work as expected. It could have been something as simple as… Continue reading Taming the Jungle: Hardening your AWS infrastructure→

Welcome to the New Secureideas.com

Posted on April 19, 2019 by Ochaun Marshall

We are excited to announce the launch of the new Secure Ideas website. It is located at the same url: https://www.secureideas.com. We hope you like our new look, designed to help you learn more about us and find the services that you need. Our performa… Continue reading Welcome to the New Secureideas.com→

Cave of Broken Mirrors: 3 Issues with AWS Cognito

Posted on February 1, 2019 by Ochaun Marshall

Secure Ideas is currently working on a revamp and redesign of our website and client portal, to promote a better user experience for our clients. Since a lot of our infrastructure is in AWS, we started to consider Cognito for authentication. On paper i… Continue reading Cave of Broken Mirrors: 3 Issues with AWS Cognito→

A Brief Introduction to MFA

Posted on October 1, 2018 by Ochaun Marshall

If you are reading this, then you are becoming a cybersecurity geek, or you already are one and you just can’t get enough. You wake up at four in the morning wondering if you should use 2048 or 4096 bit RSA Encryption for your SMS messages…. Continue reading A Brief Introduction to MFA→