<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0">
  <channel>
    <title>Blake Grosskopf — Writing</title>
    <link>https://blakegrosskopf.com/writing/</link>
    <description>Independent offensive-security researcher. Cloud attack paths from public exposure to subscription control, SaaS auth reverse-engineering, and the defenses that stop them.</description>
    <language>en-us</language>
    <item>
      <title>The metadata endpoint depends on the compute type</title>
      <link>https://blakegrosskopf.com/writing/metadata-endpoint-depends-on-compute-type/</link>
      <guid>https://blakegrosskopf.com/writing/metadata-endpoint-depends-on-compute-type/</guid>
      <pubDate>Sat, 11 Jul 2026 00:00:00 GMT</pubDate>
      <description>An SSRF into an Azure Function returned an empty metadata response — not because the attack failed, but because Functions has no VM IMDS. A short lesson on matching the metadata endpoint to the compute you actually landed on.</description>
    </item>
    <item>
      <title>Your Okta tenant is sprayable by default — and MFA won't fix it</title>
      <link>https://blakegrosskopf.com/writing/okta-tenant-sprayable-by-default/</link>
      <guid>https://blakegrosskopf.com/writing/okta-tenant-sprayable-by-default/</guid>
      <pubDate>Sat, 04 Jul 2026 00:00:00 GMT</pubDate>
      <description>The Identity Engine sign-in surface validates passwords from the open internet by design. Here's what actually gates external spraying — and why turning on MFA isn't it.</description>
    </item>
  </channel>
</rss>