Jun 2025 – Present · 11 mos · Remote · Remote

• Offensive Development Lead and Senior Red Team Operator for NAVWAR Red Team.
• Developed and automated the creation of shellcode runners and initial access/phishing payloads using C, C#, Python, Powershell, and Cobalt Strike Aggressor.
• Modified and integrated public offensive security post-exploitation tooling to avoid detection during operations.
• Created a script to patch the Impacket libraries in order to avoid network-based signatures that rendered many popular tools like NetExec and Certipy unusable.
• Learned Terraform and used it to automate creation and management of red team infrastructure
• Created Gitlab CI/CD pipelines to automate compilation of red team tooling and the generation of release packages that operators can download and use. Integrated Python3's shiv module to produce .pyz releases for Python tooling that contain all required dependencies as well as pre-patched Impacket libraries when relevant.
• Performed several red team operations in enterprise environments. Identified and exploited misconfigurations and vulnerabilities in customer networks while integrating tooling and TTPs into team knowledge bases.

Jun 2024 – Jun 2025 · 1 yr · Remote

• Offensive Development Lead and Senior Red Team Operator for NAVWAR Red Team.
• Developed and automated the creation of shellcode runners and initial access/phishing payloads using C, C#, Python, Powershell, and Cobalt Strike Aggressor.
• Modified and integrated public offensive security post-exploitation tooling to avoid detection during operations.
• Created a script to patch the Impacket libraries in order to avoid network-based signatures that rendered many popular tools like NetExec and Certipy unusable.
• Learned Terraform and used it to automate creation and management of red team infrastructure
• Created Gitlab CI/CD pipelines to automate compilation of red team tooling and the generation of release packages that operators can download and use. Integrated Python3's shiv module to produce .pyz releases for Python tooling that contain all required dependencies as well as pre-patched Impacket libraries when relevant.
• Performed several red team operations in enterprise environments. Identified and exploited misconfigurations and vulnerabilities in customer networks while integrating tooling and TTPs into team knowledge bases.

Jun 2024 – Jun 2024 · 0 mo · Remote

• Learn how to write BOFs for Cobalt Strike and other C2s by following step-by-step instructions to create three operation-ready tools that can be added to your offensive arsenal. Course available here: https://training.zeropointsecurity.co.uk/courses/bof-dev-and-tradecraft

Nov 2023 – May 2024 · 6 mos · Remote · Remote

• Technical Internship at Red Siege Information Security. Major tasks included:
• Shadowed Red Siege testers on several assessments to include external and internal penetration tests as well as assumed breach scenarios.
• Wrote internal documentation detailing the tunneling of offensive security tools from a Windows attack platform through SOCKS proxies.
• Developed GraphStrike, a Cobalt Strike UDRL kit that enables Beacons to use Microsoft Graph API for HTTPS C2. Tool found here: https://github.com/RedSiege/GraphStrike
• Released a very detailed developer blog covering the design and production of GraphStrike. Blog found here: https://redsiege.com/blog/2024/01/graphstrike-developer/

Sep 2021 – Present · 4 yrs 8 mos · Remote

• Developed and released 15+ offensive security related tools on Github(https://github.com/Octoberfest7). Published research and documentation that has been quoted and referenced in several different offensive security blogs / projects. Major projects and research include:
• Teamsphisher - A python script that automated the delivery of Microsoft Teams messages and file attachments to users in different organizations while bypassing 'external user' warnings. See article from Bleeping Computer(https://www.bleepingcomputer.com/news/security/new-tool-exploits-microsoft-teams-bug-to-send-malware-to-users/).
• Inline-Execute-PE - A Cobalt Strike BOF kit that allowed users to run normal, unmanaged Windows executables within a Beacon without spawning a new process or dropping anything to disk.
• XLL_Phishing - A research blog with code samples demonstrating the weaponization of Microsoft Excel XLL files for phishing for access.
• MemFiles - A Cobalt Strike BOF kit that implements a rudimentary in-memory file system within a Beacon, allowing tools that are ran by Beacon to write their output into memory instead of to disk on target.
• DropSpawn_BOF - A Cobalt Strike BOF that is the culmination of research into novel or obscure DLL hijacking methods. Used to spawn additional beacons using an uncommon and evasive methodology.
• DNS_Tunneling - A research blog with code samples demonstrating a methodology for downloading files via dns requests in Powershell.

May 2018 – May 2024 · 6 yrs

• Served as a Technical Lead tasked with guiding and assisting junior Red Team operators in the successful execution of numerous assessments performed against United States Navy forces and assets. These operations provided training effects to Blue forces and prepared carrier strike groups to deploy around the world, capable of recognizing and responding to adversarial cyber threat actors.
• Participated in several purple team events in order to refine product security of the US Navy's implementation of Microsoft Azure cloud services.
• Served as an Advanced Capabilities Developer tasked with the research and development of proprietary tools for use in the execution of mission. Additionally vetted and modified open-source tooling for integration into and use by red team personnel.
• Designed several tools/capabilities in Powershell, C, and Python3. Developed and maintained several different shellcode runners/payloads that are undetected by industry-leading AV/EDR solutions.
• Grew to be the primary liason for techinical collaboration and exchange with other partner red teams across the DOD.