Blake Grosskopf

Blake Grosskopf · Cloud & Identity Offensive Security Researcher

I build and break cloud identity systems — then document both sides.

I build and break cloud identity systems end-to-end — reverse-engineering SaaS auth flows into custom tooling, and chaining real cloud attack paths from public exposure to subscription-level control — then document both the offense and the defense.

Operation Vermillion Drift · AzureGoat public URL → resource-group Contributor
  1. 01 Public blob recon T1526
  2. 02 App source disclosure T1530
  3. 03 Hardcoded secrets T1552.001
  4. 04 Forged admin JWT HS256
  5. 05 SSRF → file:// T1190
  6. 06 Storage key + SSH keys T1552.004
  7. 07 VM managed identity T1078.004
  8. 08 RG Contributor Impact
Walk the full chain

Approach

How I work

  1. Build

    I stand up the range myself — Terraform, real cloud, real constraints — so the attack path is genuine, not a screenshot.

  2. Break

    External-attacker lens, end to end: public exposure → tokens → secrets → subscription-level control. Evidence, not adjectives.

  3. Document

    Every finding maps to MITRE ATT&CK and ships with the defense — the control, the detection, the one change that breaks the chain.

03Cert spine

  • AZ-900 Azure Fundamentals Held
  • SC-900 Security, Compliance & Identity Fundamentals Active
  • SC-500 Cloud & AI Security Engineer Active
  • CARTP Cloud Attack & Red Team Professional Target

Hiring for cloud pentest, red team, or identity security?

I'm open to roles and collaboration. The fastest way to gauge fit is to read a case study — then say hello.