
Tim McGuffin
9.8K posts

Tim McGuffin
@NotMedic
Back to Red Teaming. Risk Hunter. DEFCON Staff & CFP Board. MS in DF. Fmr Fire/EMS. Red and Blue. Builder. Morally Flexible. https://t.co/zakkIXeyHu @ bluesky
Katılım Şubat 2011
1.7K Takip Edilen5.8K Takipçiler

@cheeseanddope @HackingLZ He’s gotta earn it or we’ll know he’s a poser. YOLO Ride that Bronco.
English
Tim McGuffin retweetledi

I co-founded pfSense. For the last year I've been building its successor.
If you run pfSense today, you already know the reasons to look around: development you can't influence, a CE edition that feels like an afterthought, FreeBSD driver roulette on modern hardware, and a config workflow where one bad apply on a remote box means a drive.
nfSensei is my answer. Built from scratch in Rust, on Linux, and designed around the things pfSense users actually complain about.
Your config.xml imports. There's an importer that reads your pfSense config, shows you exactly what maps over and what needs attention, then applies it. You don't start from zero.
You can't brick it from the couch. Changes stage as a candidate, diff before apply, validate through the real engines before anything is written, and auto-roll-back if you don't confirm in time. If a config ever fails at boot, the box falls back to the last good one on its own.
The hardware works. Linux base means modern NICs and drivers just work — and the fast path compiles your rules to XDP at 40Gbps.
Automation is native, not scraped. Everything the UI does is a documented API call — about 1,140 of them, with a built-in explorer. Your Ansible finally gets a real interface.
The VPNs are current. WireGuard, IPsec, Tailscale, and self-hosted mesh — your own control plane, your keys — plus post-quantum key exchange where it counts.
The experimental stuff has its own wing. Thirty-plus Labs features behind toggles: WAN bonding that fuses multiple cheap uplinks through a $5 VPS into one resilient pipe, per-flow SLA telemetry with tamper-evident audit chains, GeoDNS that steers traffic by live RTT and load, application-aware QoS, config push to a whole fleet of remote nodes, and an AI assistant on the box that reads your actual interfaces and logs using local models. Toggles are per-browser and can't touch your running config — flip things on, break them, tell me about it. Oh, and there is much more to mention here!
Self-hosted, on your hardware, no cloud account, no subscription.
It's NOW IN ACTIVE BETA (previously alpha) with about 40 testers, and bug reports typically get fixed in days. I want more people who know what pfSense does well and can tell me exactly where nfSensei falls short.
If you are interested in testing please email me: sullrich@gmail.com. Tell me about your pfSense setup and I'll get you access.
Note: Affiliates and employees of Netgate are not invited.
English

@IAMERICAbooted Have you considered an LLM and agent-browser connected to Chrome Debugging to do it? It’s my goto now for monotonous data entry.
English
Tim McGuffin retweetledi

We're hiring a vulnerability researcher! If you're interested in working at the intersection of security research & AI, check out the role below or reach out to @sam4k1 if you have any questions.
wellfound.com/jobs/4424689-v…
English
Tim McGuffin retweetledi

Hey all, new spot open on Snowflake's Red Team! You'll be responsible for hacking everything under the sun and building software to enable said hacking. Come join a great team with huge impact :)
Link: careers.snowflake.com/us/en/job/SNCO…
English

@0xTib3rius @HackingLZ Right? National vs State patriotism? Texas is close to the top in State.
English

@HackingLZ I can tell because what metrics do you even use to judge that?!? 😅
English


Good luck with clinical trials, FDA approvals, big pharma throwing wrenches in your game, politics, beaurocracy, red tape you can't imagine ...
But yh, you do you
Bryan Johnson@bryan_johnson
People are sleeping on how fast solving death becomes humanity's focus.
English


@jsark983 A meta CFP submission site. They upload a paper and tag it with topics or an LLM tags it for them. When a conference CFP opens where their paper matches the topic, the site submits it to the conference on their behalf.
English

May I present... InfoSecFP!
infosecfp.com
Ingests CFPs from:
- cfptime
- sec-deadlines
- More to come
Visit those sites for more info on each CFP, etc. since they're great, but this is for a quick hit.
Updates daily!

English

I started getting Denied by @AnthropicAI safeguard for cyber security. I gave good resources and content that I’m a professional, but I still got Denied. Anyone suggest any other LLM to work with? It was a good run with Claude.
#redteam
English

@_subTee Code is disposable now like plastic straws, probably with similar environmental impact. 😂
It’s the idea that matters, which is what kept a lot of creative people from building cool things before.
It’s fascinating times, and I’m here for it.
English

@NotMedic LLMs are so odd to me.
I get the appeal, like this goblin can write some code.
And in a small domain, I can audit and validate and verify
So it’s both odd and peculiar and amazing and terrifying all at once.
It’s pretty fantastic time.
Forget the exploit dev
The TOOL dev!
English

Lord have mercy!
glm-5.2 on Ollama, cloud, MacBook Air
Built me a very nice TLS debugger in about 10 minutes
gist.github.com/secdev02/0052f…
I know the domain well, and shaped a few output.
Bit at 682 loc it’s better and more efficient than the one I presented at DerbyCon
Yowsa!
English

@uwu_underground @vxunderground I’ve never questioned your credentials. Y’all are a collective of badasses.
English

@uwu_underground @vxunderground It's such a weird timeline where an account of anime waifus stood up for meme purposes has direct access to security teams at big-ass companies.
F*cking bravo. This is beautiful.
English

@vxunderground give us the names please smelly, we can talk to Twitter Security directly
English

@Cannibal Omg I’ve been making it from scratch. I have to try these!
English











