About
Blake Grosskopf
Cloud & Identity Offensive Security Researcher.
I'm an independent offensive-security researcher working the seam where cloud and identity meet. My work has one throughline: I don't just run tools against someone else's target — I build the range myself, break it from an external attacker's position, and then write the defense that would have stopped me.
That plays out two ways. On the cloud side, I chain real Azure attack paths from anonymous public exposure to subscription-level control, and I've fought the platform constraints of doing that on a locked-down subscription. On the identity side, I reverse-engineer SaaS authentication flows from captured traffic into precise models of how they work — and make deliberate calls about what to publish and what to withhold.
Everything on this site is self-directed research on infrastructure I own or am authorized to test, framed dual-use: methodology, MITRE ATT&CK mapping, and hardening. The runnable offensive tooling stays private; the understanding and the defenses are what I share.
01Skills, and the evidence
| Capability | What it covers | Evidenced by |
|---|---|---|
| Azure cloud penetration testing | SSRF, IMDS, managed-identity abuse, storage & secret looting | Vermillion Drift → |
| Infrastructure-as-Code (Terraform) | Provisioning ranges + real-world deployment troubleshooting | Vermillion Drift → |
| Auth-protocol reverse engineering | OAuth 2.0 / OIDC / PKCE, Okta OIE / IDX sign-in flows | Okta OIE Oracle → |
| Offensive tool development | Python, stdlib-first, from captured traffic to working primitive | Okta OIE Oracle → |
| ARM REST API fluency | Operating clouds through az rest when the CLI breaks | Vermillion Drift → |
| Dual-use / defensive translation | MITRE ATT&CK mapping, detections, and tenant hardening | both projects → |
02Cert spine
- AZ-900 Azure Fundamentals Held
- SC-900 Security, Compliance & Identity Fundamentals Active
- SC-500 Cloud & AI Security Engineer Active
- CARTP Cloud Attack & Red Team Professional Target