Andy has been consulting in offensive security for over a decade, focusing on red teaming and simulated attacks with a side of threat intelligence and purple teaming. Leading engagements of varying sizes and lengths, helping grow teams and encouraging risk-driven understanding.
- ChunkyIngress - A tool for ingressing large blocks of text in limited environments
- DynamicMSBuilder
- CredMaster - I actively help with Credmaster, having written several modules and helped overhaul Credmaster 2.0.
- AzureAttackKit
- AutoHoneyPoC
- SandboxSpy
- BurpFeed
- PrintNightmare Detection Info
- SlinkyCat
- Offensive Sysadmin Suite
- HelpColor Aggressor Script - I try to keep Outflank's aggressor up to date with new cool BOFs and things :)
- Malleable-C2 - I actively contribute to Malleable C2 at each release, explaining the different options to help you make better C2 profiles within Cobalt Strike.
I post most of my research and other interesting tutorials on my blog
For those that don't know Andy, he is a firm believer in passing knowledge on and supporting the infosec community he does this by providing tutorials on his blog running his local DEF CON Chapter & has also published two books Breaking into Information Security and LTR102. He also helps out at DEF CON as a SOC Goon (Red Shirt) too each year (since DC25), assisting the SOC with operations and people flow.
- SecuriTay 2023. - Demonstrating Actionable Value, Why the Business Hates Pentesters
- Steelcon 2023. - Adversaries Have It Easy. Live FAFO Pwning A Network
- BSides Leeds 2023. - Pentests: The Jason Bourne Approach Turning Regular Biros Into Weapons
- SecuriTay 2020. - So You want to learn Red Teaming
- DC44141 April 2020. - So You Want To Learn Red Teaming
- TUDublin HackerSoc. Red Team Talk
- CRESTCon 2020. NijΕ«shiho - A Year Targeting Nippon
- BSides Leeds 2019. Hacking Companies For Internet Glory While Not Dying In A Sarlacc Pit
- Steelcon 2019. Hunting Sh*t Up - "Red Team" with a Bug Hunter's Mindset
- Steelcon 2019. PwnShop LollyPop - Workshop
- G3C Glasgow 2019. Sniffing Routes to Pwnage - An Introduction to Bloodhound
- Cyber Careers Summit 2019. Learning To Test Pens 101
- Leanpub.com. Leanpub Interview - LTR101
- BSides Leeds 2018. Hacker of All Trades: Master of None
- BSides Glasgow 2018. Internet of Death: Modern Murder
- Steelcon 2018. Breaking Into Information Security: Learning The Ropes 101
Andy has been in the IT security industry for just over 15 years, a decade of which has been dedicated to security and offensive operations. He previously held CRESTβs CCT Infrastructure certification, which is highly sought-after, and CHECK Team Leader status. In addition to his years in the industry, he holds several other certifications and accolades, including CRTO, OSCP, and OSWP.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent