Sign up for my upcoming course blog.zsec.uk/mae/ due: Q3/Q4 2025

I am a woman of my word. The Lego Game Boy - with a working Game Boy inside (not an emulator)

When we launched PentestList v1 last year, I just wanted a simple place to find the best and newest infosec resources. Today, I’m releasing PentestList v2 🚀 After a year of feedback and some user growth, we’ve redesigned the experience and added a bunch of new features: ✅

Today is the day! The last release of #BSidesLDN2025 tickets! No code required, release time 1337hrs today! ONLY available here: bit.ly/BSidesLDN2025T…

Reverse engineering tip If you're not sure something is ransomware, run it as Admin on your computer If your documents are no longer accessible and your wallpaper has changed, then it is probably ransomware

Honestly, I didn't think anyone would donate to my project 😞 But you have and its really validated that people want this ⁉️ I'm excited to keep building vulnsy.com

Giveaway. Luke Turvey is sponsoring HackTheBox Academy giftcards. I've got 5 giftcards worth $50. If you'd like a $50 giftcard for HackTheBox to do stuff, leave a comment below. Winners will be selected in 24 hours.

In Jan 2022, I made a course on using Burp Suite. Since that time, 538 students around the world have taken the course and have given me a 4.41 star rating for it. Today, I still get the odd person take it. I think that's pretty cool. Anyway, here's a limited coupon to get it

#BSidesVilnius2026 is officially BACK in Spring! Our theme: #SecurityTheater. Does your #security truly protect you or just look good on paper? It's the question the #infosec community must tackle. We're prepping hard and can't wait to see you! Stay tuned!

One-shot ESC1 + unPAC BOF for Havoc and CS. The certificate request includes the target's SID in the SAN to comply with strong mapping requirements (KB5014754). Hope it’s useful github.com/RayRRT/ESC1-un…

Reusing part of the ESC1-unPAC BOF code to create a ShadowCreds + unPAC BOF 1. Write msDS-KeyCredentialLink attribute using obfuscated LDAP queries. 2. Authenticate to the KDC using PKINIT. 3. unPAC-the-hash. 4. Cleanup msDS-KeyCredentialLink. github.com/RayRRT/BOFs/tr…

Introducing Cyllex - Advanced APT Emulation Framework. cyllex.io I've been working on this for a while, pouring real effort and love into it. Not a quick release, I'm going step by step, building something solid. Some of the current features include: ▸ APT

Extremely excited to announce that I will be speaking at Black Hat #BHAsia this year, with my talk surrounding exploitation of smartphone Boot ROMs, and what can be achieved on a target by compromising the boot chain! blackhat.com/asia-26/briefi…

Apparently Rapid7 coming out with more details on the #Notepad++ breach.

Spent the weekend working on Cyllex and added a Splunk integration for log correlation. Also added detection events for each TTP. There's still a lot of work ahead, but it's starting to look great! I'll keep working on more integrations. Thanks to everyone who's been showing

Today is the day and I'm sorry it's been so long, and also provisionally delayed by nearly a week. lms.zsec.red launches today with my Malwareless Adversarial Emulation (MAE) course. If you signed up for the waitlist, you should have received an email.

My pre launch page for the Build A Boy is live on @crowdsupply! crowdsupply.com/natalie-the-ne… The only kit that will turn your Lego kit into a real working Game Boy - no emulation

Only two weeks left to submit your #BSidesVilnius2026 talk! 🎭 Our theme is #SecurityTheater, but we're really looking for those honest #infosec stories and real-world #cybersecurity research that help us all grow. Link is in the comments!

VULNSY - A Pentest Reporting Platform for Security Teams Built by pentesters, for pentesters.

Thinking about sharing some skills at #BSidesVilnius2026? We’re looking for hands-on #workshops to help the #infosec community get past #SecurityTheater. If you've got something to teach, we'd love to see it. ⚠️ Also, only few days left for the #CFP! Link in comments below 👇