loading...

Whoami
 
 

A programmer turned hacker looking to share his cool hacks at conferences

  • Name: Jesson Soto Ventura
  • Handle: @almostjson
  • City: New York City
  • Job: Senior Security Consultant
  • E-mail: contact@sotoventura.com
 
Experience
 
2022 June
Speaker - Bsides Buffalo
Beyond HTTP: A Crash Course On Hacking IOT's Non-HTTP Attack Surfaces

Hacking smart IOT devices that have a web interface typically depends on the same skill set as web application hacking. Plenty of resources exist that cover web application hacking and these resources largely map 1-to-1 with IOT devices. But what about IOT devices that are missing a web interface, how do you hack those? How do you even get started? Through this talk, we’ll hack a couple of IOT devices (a smart grill and light bulb) along the way, we’ll learn details about common non-HTTP attack surfaces and how to leverage them for your future hacks.

2021 October
Speaker - Thotcon 0XB
Abusing WebViews to steal all the files

 Let's explore the world of Android WebViews through two popular applications -  an Android email client and an advertising platform. Through these case studies, we will learn how insecure WebViews provided remote attackers and advertisers access to user's external storage. 

2020 Jan
Speaker - Shmoocon Lightning Talks
Abusing WebViews to steal all the files

 Let's explore the world of Android WebViews through two popular applications -  an Android email client and an advertising platform. Through these case studies, we will learn how insecure WebViews provided remote attackers and advertisers access to user's external storage. 

2020 - Present
Senior Security Consultant - Carve Systems
  • Lead, planned, and organized multi-week, multi-person engagements assessing the security of complex multi-system projects requiring expiries in multiple areas, including:
    • Web Application Security
    • Mobile Application Security
    • Containerization Security
    • Network and API Security
    • Embedded Device Security
  • Established strong relationships with clients by clearly communicating the risks associated with various security issues, offering guidance on the risks/rewards associated with various potential remediation plans.
  • Performed in-depth research (as an individual and as a team) on various topics ranging from Android to IOT devices, which resulted in multiple public speaking engagements showcasing the resulting work and the creation of multiple internal tooling and technique improvements
  • Created a custom Android testing harness capable of dynamically fuzzing Android system services resulting in an increase in vulnerabilities identified and significant productivity gains
2018 - 2020
Security Consultant - Carve Systems
  • Assessed the security of APIs, Containers, Mobile Application, IOT devices, and Web applications which leveraged a wide spectrum of technology stacks, including but not limited to:
    •  Various Web Technologies (Node, Spring, Flask, ASP.NET, GQL, WebAuthn, and more)
    • Multiple Embedded Operating Systems (OpenWrt, Android IOT, and multiple custom Linux operating systems)
    • Mobile Operating Systems (iOS, Android)
    • Containerization Technologies (Docker, OpenShift, Kubernetes)
  • Thrived in a fast pace environment dictated by ever-changing clients and technology stacks.
  • Developed domain expertise in client technologies to manually identify, exploit, and mitigate complex security vulnerabilities in client products
  • Developed tooling to aid in the discovery and exploitation of security vulnerabilities
  • Aided in the creation of security programs (Security Champions) with multiple medium to large organization

 

2018
Graduated - Berea College
  • Bachelor of Science, Computer Science  completed in 3 years with honors
2016 - 2018
Software Programmer - Berea College