
forefy
1.1K posts

forefy
@forefy
Over a decade of security research and engineering channeled into securing emerging threats ㅤ CTO @audit_wizard 🧙♂️🪄🪄 ㅤㅤㅤㅤㅤㅤㅤ Co-Founder @hackstackapp









No one's talking on how Claude Routines just destroyed whatever recurring scan/task/service you were building - 0 setup free cloud compute to run periodic AI tasks - pay for tokens only - security is up to speed (define isolated plugins only, session has nothing that you don't define) - free init script code control - auditable run logs - integrations are taking 2 clicks avg Amazing







Anthropic pulling Fable off the subscriptions..

If you missed the Zig/Bun drama, here's a recap.

Another gem from the old EDR-evasion days drawer Tested on latest mac OS's and apple silicone, still working after all these years Not signed by any EDR I tested it against, and dumps hashcat-ready password hashes for lateral movement and privilege escalation within macos environments post-compromise This is obviously shared not for blackhats, but for raising the awareness to EDR and defensive teams that this capability still works, and I encourage defenders to share, post, retweet this until it stops working lol github.com/forefy/mimic



We've created an obsidian brain for smart contract audits and the results are shocking 🫣🫣 No AI fluff - only all the crits from @SoloditOfficial and @RektHQ scraped to markdown files, and extrapolated to: - protocols from bounty platforms, rekt, selected public audit portfolio reports - complex ai-based tagging system dividing bugs into sectors - methodologies and checks that would've prevented each bug - language specifics, protocol specifics, l2 specifics and more - who reported the bug - who missed the bug AND MUCH MORE! A common use case: > We start an audit on a zk-heavy protocol > Load the obsidian vault locally > tag:#sector/zk AND path:classifications/bug/check this extracts all zk-tagged CHECKS, meaning all the checks corresponding to critical issues in the vault, that are to be checked against zk sector auditing staking pools? prediction markets? multisig? gaming protocols? etc. same for auditing rust? anchor? stylus? cairo? yul?! Best part - it lets your AI agent save enormous amount of tokens by using obsidian's wikilinks feature to simply get highly relevant data. I personally use this at the start of every new audit and improve it gradually. Would you use something like this? should I make it open source? Retweet this post and spread the word to let me know‼️











