Director @sigp_io. Over a decade in web2 security. Currently securing critical blockchain protocols.
Joined January 2009
- Tweets 6,053
- Following 452
- Followers 605
- Likes 2,179
121 Photos and videos
Michal retweeted
The day after the CEO lays off a ton of staff and says:
“Non-technical teams are now pushing code to production with AI”
@coinbase has a major outage on their trading engine, and even their status page doesn’t work.
😂
331
1,576
15,570
986,737
Michal retweeted
May 8
We're back from Svalbard, and Glamsterdam is coming!
The Lighthouse team just returned from Soldogn Interop in Svalbard after a week of @ethereum protocol work under the midnight sun.
4
5
37
1,470
Michal retweeted
Feb 27
Lighthouse v8.1.1 (Scary Terry) is out!
This is a mandatory upgrade for all users on prior versions due to a security fix. Please upgrade ASAP. Further details to follow.
Also fixes VC head monitor timeouts, DataColumnsByRange duplicate bug, and a slow memory leak.
github.com/sigp/lighthouse/r…
1
17
48
6,042
Michal retweeted
Feb 25
We’re hiring a Cryptographer / Security Engineer to audit cryptographic protocols in Web3 systems.
The ideal fit has advanced knowledge of elliptic curves, pairing-based cryptography, and zero-knowledge systems, with strong systems programming skills in Rust, Go and Solidity.
18
15
207
12,307
Michal retweeted
Jan 2
I'm Boris and I created Claude Code. Lots of people have asked how I use Claude Code, so I wanted to show off my setup a bit.
My setup might be surprisingly vanilla! Claude Code works great out of the box, so I personally don't customize it much. There is no one correct way to use Claude Code: we intentionally build it in a way that you can use it, customize it, and hack it however you like. Each person on the Claude Code team uses it very differently.
So, here goes.
1,319
7,019
54,551
8,176,851
Michal retweeted
15 Dec 2025
Ethereum is going to power the global financial system.
The ticker is $ETH.
83
171
1,329
88,575
Michal retweeted
4 Dec 2025
It was a big few days at DSS for the Sigma Prime team. Proud to once again support this event as a sponsor and see our team contributing on stage. Shoutout to @ethzed, @kirkthebaird, @TheKnapsy, and @ToonVH_
Great sessions. If you missed them or want to rewatch, recordings below 🍿
5
10
31
1,981
Balancer’s recent $100M exploit wasn’t about negligence or bad code.
It’s a reminder of the limits every protocol faces with today’s fragmented security stack.
Even mature teams using audits, bounties, and monitoring can still face blind spots because the tools don’t talk to each other.
Full write-up at Immunefi - immunefi.com/blog/expert-ins…
21
11
75
16,918
Michal retweeted
30 Oct 2025
These are actually really cool
196
8,712
123,040
10,906,043
Michal retweeted
20 Oct 2025
🧠 Did you know you can pipe into Claude Code?
Like:
cat logs.txt | claude -p "analyze for..."
strings bin.bin | claude -p "explain X" etc...
9
33
272
25,493
Michal retweeted
25 May 2021
Now in #mimikatz 🥝, #mstsc credentials (passwords / PIN codes) for RDP / Remote Desktop Client
- ts::mstsc - on client credentials
- ts::logonpasswords - on server credentials
Does not rely on previously injected hook/library, useful on jumping servers
> github.com/gentilkiwi/mimika…
21
441
1,089
Michal retweeted
16 May 2021
So #mimikatz wanted passwords, and Terminal Server has some for us🥝
Cleartext passwords *decrypted* on a fully, up to date Windows 2019 Server
No library, no previous code injection, and doesn't use junk part of memory😉
Ping @jonasLyk, still in testing ... 🤪
22
546
1,428
Michal retweeted
12 May 2021
I was told you like SCCM passwords & #mimikatz 🥝
Did you know SCCM *endpoints* can keep credentials of all your Network Access Accounts?
Time to try the new dpapi::sccm command and to check privileges associated to them 😉
> github.com/gentilkiwi/mimika…
8
287
671
Michal retweeted
25 Sep 2020
I just found this on a pentest, my password can run OS commands.... WTF 😬
27
80
595
Michal retweeted
31 Aug 2020
I saw a post on LinkedIn that recommended adding an emoji at the beginning of your name because you could see who was using some sort of automation tool to send out connection requests.
I can now confirm it works.
519
6,539
38,274
Michal retweeted
28 Aug 2020
Billy Mays here. Have you typo'd your sudo password, and now you need to press backspace like twenty times so you can start over? Not any more! Just press Ctrl-U! It'll delete everything you typed* and you can try again. No mess, no fuss.
*probably ¯\_(ツ)_/¯
2
10
43
Michal retweeted
31 Jul 2020
0-day zoom hacks dropped in YT chat
60
2,461
12,548
Michal retweeted
30 Jul 2020
Beta of #PingCastle 2.9 available here:
github.com/vletoux/pingcastl…
Key new features:
- a lot & a lot of new rules (the one from ANSSI too)
- relaxed krbtgt change from 40 days to 1 year
- maturity & charts for auditors
1
43
107