A minute of silence for all the implants unable to ping the C2 today 🕯

One of the reasons this this tool is powerful because you can decouple initial actions from your implant/payload running. Macro/script/whatever sets the registry key, and later Outlook.exe is doing evil things. It's not Macro -> Payload Download -> Exec

A new blogpost that goes over a little cool discovery I did about a phishing payload. This was again something that came from some legacy knowledge. Hope you like it! trustedsec.com/blog/oops-i-ud…

Initial Access Guild: #TheGuild Guys, you ask me: how do you get your invite? Be patient There will be vetting process, like Kuba Gretzky has in BREAKDEV. No way around it. I'm building trusted, closed circle. We'll go by nicknames. :) No goons nor criminals welcomed.

I drafted a janky mind map of Beacon's components and their relationships. Might be able to make it neater if people find it useful. Perhaps we could get this on a desk mat William Burgess 😅

Ever come across Altiris on a red team? We did.... Check out this post from Matt Johnson on how to extract ACC creds... Extracting Account Connectivity Credentials (ACCs) from Symantec Management Agent (aka Altiris) mdsec.co.uk/2024/12/extrac…

New blog post from the Hackcraft #redteam:

We have released a blog post regarding Windows Native Applications and using them to backdoor a system through the Windows Session Manager. Special thanks to Pavel Yosifovich for the excellent research and material on the subject!

So it begins, more than 240 companions setting out on the quest of securing the foothold. They shall be: The Fellowship of the Breach ☢️ A great offensive journey in a trusted circle where people share and inspire And I'm honored to be a part of it! You missed it? Read along!

The Hackcraft Red Team has released a fork of メイソン's ScheduleRunner, which supports editing of pre-existing scheduled tasks and their trigger conditions. More information in the accompanying blog (bit.ly/3ZKwSRa) and the Github repository (bit.ly/4fqliAL)

Hackcraft's open-source project Fairplay just got updated! We've merged a pull request from NCV, who added a Mattermost notifier! Big thanks for the contribution! github.com/Hackcraft-Labs… #RedTeam #Hackcraft

The Hackcraft Red Team has released a fork of werdhaihai's AtlasReaper, which integrates it with @CCob's BOF.NET, for stealthy retrieval of Jira/Confluence attachments. More information: bit.ly/409uYcY Github repository: bit.ly/4hghN0R

Motivational poster of the week

If you are an APT using CloudFlare as CDN and you see your beacons disappearing every weekend in Spain, it's because football. ISPs are blocking CloudFlare during weekend to avoid ppl watching football from pirate streamings. As side effect, you can not use GitHub on weekend.

How the NSA (Equation Group) allegedly hacked into China's Polytechnical University 👀 I analysed intelligence reports from Chinese cyber firms (360, Pangu, CVERC) to aggregate TTPs attributed to Equation Group. 🔗inversecos.com/2025/02/an-ins…

Offensive X 2025 is proud to have Hackcraft as a Platinum Sponsor on our side. Hackcraft treats offensive security as an art—crafted with precision, backed by deep research, and delivered through advanced security assessments and stealthy red teaming operations. Meet them

We had a great time meeting you at Offensive X! For anyone that didn't have the time today, you can stop by tomorrow for a chat and some Hackcraft swag! :)

Heading back after a fantastic week at Offensive X I only have great things to say about this conference and you should really add this to your conference list. I don’t think I have ever been spoiled this bad as a speaker before. Great conference, incredible speakers, great

💡 Ethical hackers & great chats at #OffensiveX 🍻 Drinks + insights & nonstop energy ⚡ Proud platinum sponsor! Thanks for stopping by our booth! Till next time: Play hard. Learn fast. Hack smart. #OffensiveSecurity #Hackcraft

The thing I admire about this space is pentesters who abuse some cloud service/SaaS, whatever, and do read outs to their clients, saying "lolz we used X cloud service to hack you, and they don't care" followed by a number of those companies getting together putting pressure on X