The security division of Funway Interactive

Security forged
in iron.

FerrumSec is the dedicated security division of Funway Interactive SRL. We work both sides of the line: hands-on offensive testing that finds what real attackers would find, and a growing suite of defensive tools — engineered in Rust — built to shut those doors for good.

Book an engagement Explore the Suite

A division of Funway Interactive SRL · Chișinău, Moldova

Who we are

A focused team that does the work itself

A focused security team inside Funway Interactive SRL (Chișinău, Moldova), backed by 25 years of software engineering and current, hands-on offensive security credentials.

We don't outsource judgment or ship checkbox security. Every engagement we run and every tool we build comes from people who do the work themselves — people who write software for a living, not just slide decks.

FerrumSec operates from two directions at once.

Offensive Security

We test your systems the way an adversary would.

The Ferrum Suite

Defensive tooling that detects and stops the threats those tests expose.

Offensive Security Services Available now

Penetration testing built on a real methodology

Not a scanner run and an auto-generated PDF. Our engagements run on a structured framework: defined rules of engagement, repeatable runbooks, a thorough scoping and intake process, and prioritized reporting you can actually act on. You get an adversary's-eye view of your environment, then a clear path to closing the gaps.

01 / Specialty

Cloud and identity

AWS and Active Directory attack-path testing. We map the lateral-movement and privilege-escalation chains that turn a single foothold into full domain or account compromise.

02 / Specialty

Two-pass engagements

Find, report, remediate, retest. We come back and verify the fixes actually hold, so remediation isn't taken on faith.

03 / Specialty

Forensics and recovery

Incident-response tooling, including raw-volume NTFS recovery and secure-deletion work, for when something has already gone wrong.

The Ferrum Suite In active development

A family of security tools that share one philosophy

Fast, memory-safe, transparent, and free of the surveillance and dark patterns that infest so much commercial security software. Most are built in Rust; several are open source under the MIT license.

Ferrum Scanner

A fast, asynchronous vulnerability scanner. Detection logic is defined in YAML templates and is Nuclei-compatible — the rules you already trust run unchanged. Built in Rust for throughput and a small footprint.

Rust YAML templates Nuclei-compatible

Ferrum Proxy

An intercepting proxy for web application security testing — a lean, native alternative to heavyweight Java-based proxies. Built on a Rust GUI (egui) for a fast, low-overhead workflow that gets out of your way.

Rust egui Intercepting proxy

Ferrum AntiRK

Linux-first anti-rootkit defense. Built on eBPF via Aya (a pure-Rust eBPF stack), it watches the kernel boundary where rootkits hide and persist. Open source, MIT-licensed.

eBPF / Aya MIT Linux

Ferrum Aegis

Cross-platform anti-ransomware. Behavioral detection that recognizes encryption activity and shuts it down before it spreads — backed by a documented threat model and signed, verifiable distribution, so you can trust exactly what you're running.

Cross-platform Behavioral detection Signed builds

Planned

Ferrum MacCleaner

A macOS maintenance utility built the FerrumSec way: it does exactly what it says, removes only what it should, and never holds your machine hostage behind a subscription nag.

Planned macOS

How we build

Principles, not policies

The same convictions shape every engagement we run and every tool we ship.

Rust by default

Memory safety and performance aren't features we bolt on — they're the foundation. The entire class of memory-corruption bugs behind so many real-world exploits simply doesn't apply to most of what we ship.

Open where it counts

Security you can't inspect is security you have to take on trust. Where it makes sense, our tools are open source under the MIT license — read the code, audit it, build on it.

No dark patterns. Ever.

No ads. No telemetry quietly selling your data. No scareware, no manipulative subscriptions, no nag screens. Security software that exploits its own users has no business calling itself security software.

Frequently asked questions

Questions, answered plainly

Short, factual answers about FerrumSec, our offensive security work, and the Ferrum Suite.

What is FerrumSec?

FerrumSec is the dedicated security division of Funway Interactive SRL, based in Chișinău, Moldova. It works both sides of the line: hands-on offensive security testing and a Rust-engineered suite of defensive tools called the Ferrum Suite. Its tagline is "Security forged in iron."

What services does FerrumSec offer?

FerrumSec offers offensive security services that are available now: penetration testing built on a real methodology (defined rules of engagement, repeatable runbooks, thorough scoping and intake, and prioritized reporting); AWS and Active Directory cloud-and-identity attack-path testing covering lateral movement and privilege escalation; two-pass engagements that find, report, remediate, and retest; and forensics and recovery, including incident-response tooling, raw-volume NTFS recovery, and secure deletion.

What is the Ferrum Suite?

The Ferrum Suite is FerrumSec's family of defensive security tools, currently in active development. It includes Ferrum Scanner (a fast asynchronous, Nuclei-compatible vulnerability scanner using YAML templates), Ferrum Proxy (an intercepting proxy for web application security testing with a Rust egui GUI), Ferrum AntiRK (a Linux-first anti-rootkit tool using eBPF via Aya), Ferrum Aegis (cross-platform anti-ransomware with behavioral detection), and Ferrum MacCleaner (a planned macOS maintenance utility). The tools are fast, memory-safe, and transparent, mostly built in Rust, with no telemetry or dark patterns.

Are FerrumSec's tools open source?

Several Ferrum Suite tools are open source under the MIT license. Ferrum AntiRK is open source and MIT-licensed. FerrumSec's principle is "open where it counts" — releasing tools as open source under the MIT license where it makes sense, so the code can be read, audited, and built on.

Where is FerrumSec located?

FerrumSec is located in Chișinău, Moldova. It operates as the security division of its parent company, Funway Interactive SRL.

How do I book a penetration test with FerrumSec?

You can book a penetration test or other engagement through FerrumSec's parent company at funwayinteractive.com/contact?service=pentest. This is FerrumSec's contact channel for engagements.

What makes FerrumSec different?

FerrumSec is built by people who write software for a living, backed by 25 years of software engineering and current, hands-on offensive security credentials. It follows three principles: Rust by default for memory safety, open source under the MIT license where it counts, and no dark patterns ever — no ads, no telemetry, no scareware, and no nag screens.

Is FerrumSec related to Funway Interactive?

Yes. FerrumSec is the dedicated security division of Funway Interactive SRL, its parent company. Funway Interactive's website is funwayinteractive.com.

Get in touch

Want an adversary's-eye view of your systems?

Or to follow the Ferrum Suite as it ships? We'd like to hear from you.