I’m a Security Engineer at Palantir by day. The majority of my work time is spent securing Azure, AWS, Terraform, DevOps workflows, Windows and Active Directory.

Prior to my current role, I spent a lot of time working on Active Directory and Security at Microsoft in the Asia Pacific region and I was awarded the Microsoft Certified Master (MCM) credential for Active Directory during that period. I later moved into the Windows Kernel Engineering team in Redmond and worked on Windows 8 and 10.

I fought my way through the Offensive Security OSCE (& the OSCP, OSWP and GXPN) and take every chance I can to do Offensive Security work. I only mention the certifications because while I love my day job, I am passionate about exploit development and both Offensive Security and SAN’s have excellent courses and exams to test yourself in that space. I’m also part of the Synack Red Team where I get a chance to look for vulnerabilities in systems on an ad-hoc basis.

This website is a small effort to contribute to the broader security community. I try to add notes when something comes up that seems interesting and/or potentially useful to others.

If you work for a charity or non-profit organization that helps people and you could use some security (or infrastructure) advice please get in touch. I’d be genuinely happy to assist where I can. I love this stuff 😊


Chad Duffey

Blue Team -> Exploit Development & things in-between

Back to Overview