"#Fingerprinting Modern #C2 #Implants Through Runtime Telemetry" talk at #x33fcon 2026 by @thefLinkk and @dphillips__ - x33fcon.com/#!/s/SebastianFe… #blue, #POC

The new @_CobaltStrike BOF-PE feature allows you to load PEs without having to convert them into BOFs with limited modification. You can use a macro to avoid rewriting all your printf statements: #define printf(format, args...) { BeaconPrintf(CALLBACK_OUTPUT, format, ## args); }

Classic

We are releasing Tracebit @x33fcon - a POC sensor aiming to fingerprint implants in memory using only lowlevel runtime telemetry. No signatures, no scanning. Only pagefaults. github.com/threathunters-io/…

Fable gameplay looked pretty good but I still won't be suckered into a pre-order.

Props to the team for getting this out now that they have to put up with me distracting them with stupid stories about ppl trying to sell me fish and what flavour Pringles I found.

A Long-running BOF Component Contract aff-wg.org/2026/06/10/a-long…

The Gov's benefits spend is so high they have to screw uni students over to help pay for it. youtube.com/live/Snw4r4daGsU…

Cobalt Strike 4.13 is live! Say "Hello World" to our Beacon Interpreter for native C scripting - plus an LLVM Beacon, smoother docking UX, sharper payload management and more. Read about all the new features in the release blog! cobaltstrike.com/blog/cobalt…

As yall may have realized, I disappeared from the community for a little while we fight the most difficult fight of our life. My wife Angela was diagnosed with stage 3 cancer. We need all the help we can get, please consider supporting our fight. givesendgo.com/anchors-for-a…

I am glad to announce updates to the certification renewal policy for @AlteredSecurity certifications. We have introduced a major change. If you renew a certification beyond 6 years, it will never expire and you will have it for perpetuity. We have also included a handy Renewal Calculator. Renewal exams continue to be free before expiry. Course access remains life time including updates. alteredsecurity.com/post/ren…

This is how researchers should operate. Better offensive security makes better defensive security and vice versa. Iron sharpens iron.

Not sure what all the fuss was about with CET? I never considered cetcompat to be a dealbreaker as most operators ideally bring in their own sideloads which are non-cet, unless you plan to inject microsoft processes. Spent last 2 days to test a theory and built a shellcode POC to find atleast 3 different techniques to build a fully unwindable cetcompat stack frame. As much as this was easy, integrating it into brute ratel is gonna be fun.. Looks like next release might be slightly delayed...

CS 4.13 is right around the corner, so I've been having a play with the new Beacon Interpreter. This script will stomp a PICO over a module, with unwind data, for post-ex.

Finally unveiling what kept me busy recently 😉

shipping v5 of LitterBox after way too many late nights real EDR in the loop now. drop an agent on your VM, fire payloads at it, alerts land back with full call stacks. Elastic Defend Fibratus work. new UI better performance — notes in the release. github.com/BlackSnufkin/Litt…

Pushed 0.0.3 of my Crystal Palace VSC extension. It adds new options, like relax and unwind; and adds better syntax support for the ised command.

More fun with Crystal Palace unwind data.

New Release Havoc Professional 0.7: K-Noir 🐺 - Linux Implant for x86_64 and AArch64 - Stack Spoofing: Callstack Function Rule System - Stack Spoofing: CET Compliance and evasion improvements. - New Registry manipulation extension with anti-forensic features - TCP based channels for direct and p2p communication - New thread injection and memory allocation techniques via the Inject-kit - Embedded Python Debug Server into the Havoc Client And major Quality-of-Life improvements and features for operational use while making it more stable and modular. Link down below 🔗

Cobalt Strike 4.13 has a new Aggressor hook to support BOF cocktails. Here's a quick walkthrough: rastamouse.me/bof-cocktails-…