Solfer

Thinking about sharing some skills at #BSidesVilnius2026? We’re looking for hands-on #workshops to help the #infosec community get past #SecurityTheater. If you've got something to teach, we'd love to see it. ⚠️ Also, only few days left for the #CFP! Link in comments below 👇

VULNSY - A Pentest Reporting Platform for Security Teams Built by pentesters, for pentesters.

Only two weeks left to submit your #BSidesVilnius2026 talk! 🎭 Our theme is #SecurityTheater, but we're really looking for those honest #infosec stories and real-world #cybersecurity research that help us all grow. Link is in the comments!

My pre launch page for the Build A Boy is live on @crowdsupply! crowdsupply.com/natalie-the-ne… The only kit that will turn your Lego kit into a real working Game Boy - no emulation

Today is the day and I'm sorry it's been so long, and also provisionally delayed by nearly a week. lms.zsec.red launches today with my Malwareless Adversarial Emulation (MAE) course. If you signed up for the waitlist, you should have received an email.

Introducing Cyllex - Advanced APT Emulation Framework. cyllex.io I've been working on this for a while, pouring real effort and love into it. Not a quick release, I'm going step by step, building something solid. Some of the current features include: ▸ APT database with real-world campaign emulation ▸ Cross-platform agents via binary patching ▸ Agent, Agentless (WinRM/SSH), and Cloud execution ▸ Direct shell access for real-time interaction ▸ Interactive MITRE ATT&CK detection coverage tracking ▸ Calendar-based campaign scheduling ▸ Webhook notifications (Slack, Teams...) ▸ Robust TTPs: On-Premise (Windows/Linux), Cloud, and Containers I'll be sharing updates as the project evolves. Thank you, and happy new year!

Spent the weekend working on Cyllex and added a Splunk integration for log correlation. Also added detection events for each TTP. There's still a lot of work ahead, but it's starting to look great! I'll keep working on more integrations. Thanks to everyone who's been showing interest and supporting the project! :)

@TurvSec 👀

Hey Claude, build me a clone of Tenable Nessus but ensure it actually tells you when scans encounter an error. Focus on UI/UX improvements (low bar). Make no mistakes.

Apparently Rapid7 coming out with more details on the #Notepad++ breach.

Extremely excited to announce that I will be speaking at @BlackHatEvents #BHAsia this year, with my talk surrounding exploitation of smartphone Boot ROMs, and what can be achieved on a target by compromising the boot chain! #practical-attacks-against-smartphone-boot-roms-50532" target="_blank" rel="nofollow noopener">blackhat.com/asia-26/briefi…

Reusing part of the ESC1-unPAC BOF code to create a ShadowCreds + unPAC BOF 1. Write msDS-KeyCredentialLink attribute using obfuscated LDAP queries. 2. Authenticate to the KDC using PKINIT. 3. unPAC-the-hash. 4. Cleanup msDS-KeyCredentialLink. github.com/RayRRT/BOFs/tr…

One-shot ESC1 + unPAC BOF for Havoc and CS. The certificate request includes the target's SID in the SAN to comply with strong mapping requirements (KB5014754). Hope it’s useful github.com/RayRRT/ESC1-un…

#BSidesVilnius2026 is officially BACK in Spring! Our theme: #SecurityTheater. Does your #security truly protect you or just look good on paper? It's the question the #infosec community must tackle. We're prepping hard and can't wait to see you! Stay tuned!

In Jan 2022, I made a course on using Burp Suite. Since that time, 538 students around the world have taken the course and have given me a 4.41 star rating for it. Today, I still get the odd person take it. I think that's pretty cool. Anyway, here's a limited coupon to get it for free udemy.com/course/learn-b…

Giveaway. @TurvSec is sponsoring HackTheBox Academy giftcards. I've got 5 giftcards worth $50. If you'd like a $50 giftcard for HackTheBox to do stuff, leave a comment below. Winners will be selected in 24 hours.

@TurvSec All because Family supported you 🙏🥰

- Had no interest in hacking - Did Ethical Hacking at Uni because it was a CS Degree with less math - Did a work placement who wanted to use my degree knowledge to start pentesting - Blagged my first pentest with absolutely no experience and then did the OSCP - Applied and got hired at a pentest shop and properly learnt the trade over 5 years, got double CREST certified. Did lots of ITHCs, did some SE and other cool stuff. - Moved onto a another pentest shop and learned way more, done CRTO and am now more specialised.

@TurvSec Looking good, bro! 🥰 Can't wait to see your new project 🫡

Honestly, I didn't think anyone would donate to my project 😞 But you have and its really validated that people want this ⁉️ I'm excited to keep building vulnsy.com

Reverse engineering tip If you're not sure something is ransomware, run it as Admin on your computer If your documents are no longer accessible and your wallpaper has changed, then it is probably ransomware

Today is the day! The last release of #BSidesLDN2025 tickets! No code required, release time 1337hrs today! ONLY available here: bit.ly/BSidesLDN2025T…