I spend a lot of of time thinking about the security of systems in offensive ways. I use this site to share thoughts that might aid others who are working on similar problems. # Job Experience - Red Team Specialist @ Google - **Present** - Founder @ [Low Orbit Security](https://loworbitsecurity.com) - **Present** - ~~Security Technical Lead @ /dev/null~~ - ~~Instructor & Course Author (Practical Phishing Assessments) @ TCM Security~~ - ~~Penetration Tester @ risk3sixty~~ - ~~Junior Client System Engineer~~ - ~~Cyber Security Researcher~~ - ~~IT Intern~~ - ~~Bookkeeper~~ - ~~Grocery store bagger~~ # Side Projects & Tooling - [gubble](https://github.com/LowOrbitSecurity/gubble?ref=loworbitsecurity.com): An open source Go tool designed to audit Google Workspace group settings. It analyzes group membership settings to identify security risks. - [USP](https://github.com/grahamhelton/USP): An open source Go tool to establish persistence on a Linux system by creating a udev rule that triggers the execution of a specified payload (binary or script). - [MITRE ATT&CK Contributor](https://attack.mitre.org/techniques/T1546/017/): Event Triggered Execution: Udev Rules - [Kubenomicon](https://kubenomicon.com): An open source offensive security focused threat matrix for kubernetes with an emphasis on walking through how to exploit each attack. - [Dredge](https://github.com/grahamhelton/dredge): Dredge is a linux command-line tool for finding and logging secrets on a filesystem for manual inspection. - [IMDSpoof](https://github.com/grahamhelton/IMDSpoof): IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on. - [Practical Phishing Assessments Course Author](https://www.youtube.com/watch?v=QU55YGVyedk&list=PLULV3kUpOTddGJ1CJDlLrlMAEoZ0rl4Rc): Formally sold on [TCM Academy](https://academy.tcm-sec.com/) but now released for free for on youtube :) - [An Assessment of Obfuscated Ransomware](https://link.springer.com/chapter/10.1007/978-3-030-73100-7_56?error=cookies_not_supported&code=31d1cb50-4ab1-4a9c-b785-ebfd1f2ac642): Published research paper. # Conference Talks - [Breaching Kubernetes Clusters Workshop \[Bare Metal Edition\]](https://www.youtube.com/live/JMTMEEqaBKg?si=v80_eyF1n2HUSbv8&t=984) - Red Team Village/Overflow 2025 - Red Goes Purple: Executing The Attack Path (Not Recorded) - Red Team Village/DEFCON 2024 - [WTF is a Kubernete and How Do I attack It?](https://www.youtube.com/watch?v=gc2NExPp20Y) - Black Hills Information Security Webcast 2024 - Port 22 and You: A Match Made In Shell (Not Recorded) - Bsides Nashville 2024 - WTF is a Kubernete and How Do I Attack it? (Not Recorded) - HackSpaceCon 2024 - [An Investigation of Exploitation by the Certification Federation](https://www.youtube.com/watch?v=012u9aKkRS8&t) - Antisyphon Snake Oil Summit 2023 - [Human Memory Management: Techniques for actionable security research](https://grahamhelton.com/blog/atomicnotes/) - Bsides Atlanta 2023 - [A Tale Of Two Strands](https://www.youtube.com/watch?v=0tMiFF7cMS8) - Wild West Hackin' Fest 2022 # Certifications - Kubernetes and Cloud Native Associate (KCNA) - SANS - GIAC Machine Learning Engineer (GMLE) - SANS - GIAC Cloud Security Automation (GCSA) - SANS - GIAC Network Forensic Analyst (GNFA) - SANS - GIAC Certified Project Manager (GCPM) - SANS - GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) - SANS - GIAC Certified Enterprise Defender (GCED) - SANS - GIAC Defensible Security Architect (GDSA) - SANS - GIAC Certified Intrusion Analyst (GCIA) - SANS - GIAC Python Coder (GPYC) - SANS - GIAC Strategic Planning, Policy, and Leadership (GSTRT) - SANS - GIAC Certified Incident Handler (GCIH) - SANS - GIAC Security Essentials (GSEC) - eLearnSecurity Certified Professional Penetration Tester (eCPPTv2) - eLearnSecurity Junior Penetration Tester (eJPT) - CompTIA Security+ - CompTIA Linux+ - CompTIA Network+ - CompTIA A+ - CompTIA Project+ # Completed Training - [Zero Point Security - Certified Red Team Operator](https://training.zeropointsecurity.co.uk/courses/red-team-ops) (CRTO) - 2024 - [Inguardians - Hacking and Hardening Kubernetes](https://www.blackhat.com/tr-24/training/schedule/index.html#abusing-and-protecting-kubernetes-linux-and-containers-38115) - 2024 - [SANS - Blockchain and Smart Contract Security](http://web.archive.org/web/20240215080949/https://www.sans.org/cyber-security-courses/blockchain-smart-contract-security/) - 2023 - [OffSec - Offensive Security Certified Professional](https://www.offsec.com/courses/pen-200/) (OSCP) - 2023 - [Antisyphon - Breaching The Cloud](https://www.antisyphontraining.com/on-demand-courses/breaching-the-cloud-w-beau-bullock/) - 2023 - [Antisyphon - Kubernetes Under Siege](https://www.antisyphontraining.com/event/professionally-evil-container-security-pecsec-kubernetes-under-siege-mastering-penetration-testing-techniques/) - 2023 - [Antisyphon - Active Defense & Cyber Deception](https://www.antisyphontraining.com/live-courses-catalog/active-defense-cyber-deception-w-john-strand/) - 2022 # Education - Masters of Science in Information Security Engineering (SANS Technology Institute) - Current - Bachelors of Science in Cybersecurity (University of North Georgia)