Andy has been consulting in offensive security for over a decade, focusing on red teaming and simulated attacks with a side of threat intelligence and purple teaming. Leading engagements of varying sizes and lengths, helping grow teams and encouraging risk-driven understanding.

• ChunkyIngress - A tool for ingressing large blocks of text in limited environments
• DynamicMSBuilder
• CredMaster - I actively help with Credmaster, having written several modules and helped overhaul Credmaster 2.0.
• AzureAttackKit
• AutoHoneyPoC
• SandboxSpy
• BurpFeed
• PrintNightmare Detection Info
• SlinkyCat
• Offensive Sysadmin Suite
• HelpColor Aggressor Script - I try to keep Outflank's aggressor up to date with new cool BOFs and things :)
• Malleable-C2 - I actively contribute to Malleable C2 at each release, explaining the different options to help you make better C2 profiles within Cobalt Strike.

I post most of my research and other interesting tutorials on my blog

For those that don't know Andy, he is a firm believer in passing knowledge on and supporting the infosec community he does this by providing tutorials on his blog running his local DEF CON Chapter & has also published two books Breaking into Information Security and LTR102. He also helps out at DEF CON as a SOC Goon (Red Shirt) too each year (since DC25), assisting the SOC with operations and people flow.

• SecuriTay 2024. - Measure Twice, Cut Once - The Importance of Lab-ing out Attack Paths - Recording

• SecuriTay 2023. - Demonstrating Actionable Value, Why the Business Hates Pentesters
• Steelcon 2023. - Adversaries Have It Easy. Live FAFO Pwning A Network
• BSides Leeds 2023. - Pentests: The Jason Bourne Approach Turning Regular Biros Into Weapons

• SecuriTay X 2022. - Accidental Insider Threats - HoneyPoC Part 2

• BSides London 2021. - F*** Around & Get Found Out - Disinformation as a Service

• SecuriTay 2020. - So You want to learn Red Teaming
• DC44141 April 2020. - So You Want To Learn Red Teaming
• TUDublin HackerSoc. Red Team Talk
• CRESTCon 2020. Nijūshiho - A Year Targeting Nippon

• BSides Leeds 2019. Hacking Companies For Internet Glory While Not Dying In A Sarlacc Pit
• Steelcon 2019. Hunting Sh*t Up - "Red Team" with a Bug Hunter's Mindset
• Steelcon 2019. PwnShop LollyPop - Workshop
• G3C Glasgow 2019. Sniffing Routes to Pwnage - An Introduction to Bloodhound
• Cyber Careers Summit 2019. Learning To Test Pens 101

• Leanpub.com. Leanpub Interview - LTR101
• BSides Leeds 2018. Hacker of All Trades: Master of None
• BSides Glasgow 2018. Internet of Death: Modern Murder
• Steelcon 2018. Breaking Into Information Security: Learning The Ropes 101

• BugCrowd
• HackerOne

Andy has been in the IT security industry for just over 15 years, a decade of which has been dedicated to security and offensive operations. He previously held CREST’s CCT Infrastructure certification, which is highly sought-after, and CHECK Team Leader status. In addition to his years in the industry, he holds several other certifications and accolades, including CRTO, OSCP, and OSWP.