Andy has been consulting in offensive security for over a decade, focusing on red teaming and simulated attacks with a side of threat intelligence and purple teaming. Leading engagements of varying sizes and lengths, helping grow teams and encouraging risk-driven understanding.
Creator of ZephrSec LMS and ZephrSec.
- pR1 - serverless URL shortener built on Cloudflare Workers
- LCA - Local Code Agent, a similar idea to Claude Code but for lmstudio usage locally instead, useful for tool development
- pyLDAPGui - Python based GUI LDAP browser app thing
- GoClipC2 - Clipboard for C2 on Windows
- ChunkyIngress - A tool for ingressing large blocks of text in limited environments
- DynamicMSBuilder
- RepoMan - Dynamic Git Commits using LLMs
- HelloJackHunter - Dynamic DLL Hijacking and Exports
- CredMaster - I actively help with Credmaster, having written several modules and helped overhaul Credmaster 2.0.
- AzureAttackKit
- AutoHoneyPoC
- SandboxSpy
- BurpFeed
- PrintNightmare Detection Info
- SlinkyCat
- Offensive Sysadmin Suite
- HelpColor Aggressor Script - I try to keep Outflank's aggressor up to date with new cool BOFs and things :)
- Malleable-C2 - I actively contribute to Malleable C2 at each release, explaining the different options to help you make better C2 profiles within Cobalt Strike.
- OmniProx - An IP rotation tool similar to how FireProx operates but for different providers
I post most of my research and other interesting tutorials on my blog; I also have a photos blog where I share pics I take; ZephrSnaps
I have written a course aimed at professionals wanting to learn more about red teaming, it focuses on red teaming from the perspective of not depending upon C2 and traditional malware but also teaches the background to red teaming that a lot of courses miss. https://lms.zsec.red
For those that don't know Andy, he is a firm believer in passing knowledge on and supporting the infosec community he does this by providing tutorials on his blog running his local DEF CON Chapter & has also published two books Breaking into Information Security and LTR102. He also helps out at DEF CON as a SOC Goon (Red Shirt) too each year (since DC24), assisting the SOC with operations and people flow.
All my talks can be found here: https://github.com/ZephrFish/talks
Andy has been in the IT security industry for just over 15 years, a decade of which has been dedicated to security and offensive operations. Currently holds CREST's Certified Red Team Specialist (CCRTS) and he has previously held CREST’s CCT Infrastructure certification, which is highly sought-after, and CHECK Team Leader status. In addition to his years in the industry, he holds several other certifications and accolades, including CCRTS, CRTO, OSCP, and OSWP.









