Blake Grosskopf

About

Blake Grosskopf

Cloud & Identity Offensive Security Researcher.

I'm an independent offensive-security researcher working the seam where cloud and identity meet. My work has one throughline: I don't just run tools against someone else's target — I build the range myself, break it from an external attacker's position, and then write the defense that would have stopped me.

That plays out two ways. On the cloud side, I chain real Azure attack paths from anonymous public exposure to subscription-level control, and I've fought the platform constraints of doing that on a locked-down subscription. On the identity side, I reverse-engineer SaaS authentication flows from captured traffic into precise models of how they work — and make deliberate calls about what to publish and what to withhold.

Everything on this site is self-directed research on infrastructure I own or am authorized to test, framed dual-use: methodology, MITRE ATT&CK mapping, and hardening. The runnable offensive tooling stays private; the understanding and the defenses are what I share.

01Skills, and the evidence

CapabilityWhat it coversEvidenced by
Azure cloud penetration testing SSRF, IMDS, managed-identity abuse, storage & secret looting Vermillion Drift →
Infrastructure-as-Code (Terraform) Provisioning ranges + real-world deployment troubleshooting Vermillion Drift →
Auth-protocol reverse engineering OAuth 2.0 / OIDC / PKCE, Okta OIE / IDX sign-in flows Okta OIE Oracle →
Offensive tool development Python, stdlib-first, from captured traffic to working primitive Okta OIE Oracle →
ARM REST API fluency Operating clouds through az rest when the CLI breaks Vermillion Drift →
Dual-use / defensive translation MITRE ATT&CK mapping, detections, and tenant hardening both projects →

02Cert spine

  • AZ-900 Azure Fundamentals Held
  • SC-900 Security, Compliance & Identity Fundamentals Active
  • SC-500 Cloud & AI Security Engineer Active
  • CARTP Cloud Attack & Red Team Professional Target