I’m a Principal Infrastructure Security Engineer at Palantir. The majority of my work day is spent on things like securing Azure, AWS, Terraform, DevOps workflows, Windows Security and Active Directory.

Prior to Palantir, I spent many years working on Active Directory and Security at Microsoft and was awarded the Microsoft Certified Master (MCM) credential for Active Directory along the way. I later moved into the Windows Kernel Engineering team and worked on Windows 8 and 10.

I fought my way through the Offensive Security OSCE (& OSCP, OSWP and GXPN) and take every chance I can to do Offensive Security work. I only mention the certifications because while I love my day job, I am passionate about exploit development and both Offensive Security and SAN’s have excellent courses and exams to test yourself in that space. I’m also part of the Synack Red Team where I get a chance to look for vulnerabilities in systems on an ad-hoc basis.

This website is a small effort to contribute to the broader security community. I try to add notes when something comes up that seems interesting and/or potentially useful to others.

If you work for a charity or non-profit that helps people or animals and could use some advice please get in touch. I’d be genuinely happy to assist where I can. I love this stuff 😊


Chad Duffey

Blue Team -> Exploit Development & things in-between

Back to Overview