Jason A Goss

Exsilium Security's founder Jason A Goss is a Red Team operator that performs continuous assessments of client networks utilizing Tactics, Techniques, and Procedures (TTPs) that emulate real world adversaries to help mature the security posture of client networks and enhance their operational readiness. For the last 6 years Jason has been performing red teaming, penetration testing, and software security assessments.

Jason has 14 years of experience in the cybersecurity industry where he has followed his passions and interests throughout his career. Jason has performed and led endeavors in programming, systems administration, penetration testing, software security, auditing, and even the less sexy cybersecurity management and policy development. He has a M.S. and B.S. in computer science along with a variety of certifications.

Services

Along with general cybersecurity consulting, Exsilium Security proivides the the following services.

Red Teaming: Exsilium Security emulates potential adversary's attacks or exploitation capabilities against an enterprise’s security posture. Our objective is to improve enterprise cybersecurity by demonstrating the impacts of successful attacks and by demonstrating what works for the defenders (i.e., Blue Team) in an operational environment.

Penetration Testing: Exsilium Security performs penetration testing using a methodology that includes reconnaissance, vulnerability analysis, and exploitation to identify security weaknesses and measure real business risk.

Software Security: Exsilium Security performs software security assessments on a wide variety of applications (e.g., desktop, web application) utilizing static code analysis (e.g., whitebox) and dynamic runtime analysis to identify security flaws and vulnerabilities.

Qualifications

In addition to Exsilium Security's 14 years of experiance, a wide variety of industry accepted certifications are held by our personnel:

  • Offensive Security Certified Professional (OSCP)
  • GIAC Certified Web Defender (GWEB)
  • System Certifiers NSTISSI (4015 & 4011)
  • GIAC Exploit Researcher & Adv Pen Tester (GXPN)
  • GIAC Cloud Penetration Tester (GCPN)
  • GIAC Web Application Penetration Tester (GWAPT)
  • GIAC Secure Software Programmer- .NET (GSSP-.NET)
  • GIAC Penetration Tester (GPEN)
  • GIAC Certified Incident Handler (GCIH)
  • Certified Ethical Hacker (CEH)
  • Certified Information Systems Security Professional (CISSP)
  • NSA ISSE Graduate Certificate
  • SANS Penetration Testing Graduate Certificate

Vulnerabilities discovered by our team:

  • EXOS Privilege Escalation from Guest to Root (RCE) (CVE-2024-27453)
  • Unauthenticated RCE in Active Directory Resource Administration Software (UNDISCLOSED)
  • Unauthenticated RCE in Mammogram System (UNDISCLOSED)

Elements