payloadforge

@[email protected]
8 Followers
419 Following
3 Posts
payloadforge3d ago

Passed the CRTO. Five years late, but passed.
The interesting bit isn't the badge - it's what the course looks like in 2026 vs what I bought in 2020. Different platform, tradecraft, exam. Wrote it up: a few tips, a couple of small tools.
Also reported two security issues during labs, both under coordinated disclosure. Technical detail in a follow-up.

https://payloadforge.io/crto-lifetime-access-to-a-course-that-doesnt-exist-any-more/
#CRTO #RedTeam #OffSec #AdversarySimulation

CRTO: Lifetime access to a course that doesn't exist any more

I bought Red Team Ops on 30 July 2020, order #00531, £649 plus VAT. Canvas LMS access, shared VPN labs, both Covenant and Cobalt Strike taught as C2 options. The Cobalt Strike trial came through Strategic Cyber LLC, the small operation Mudge ran before HelpSystems (later Fortra) absorbed it. Scheduled

Payload Forge
payloadforgeApr 15

I've spent the last few weeks writing up what the offensive security industry has quietly become, using one engagement as the case study.

Same virtual appliance tested twice at two different organisations. First time: twenty-something findings from VA scans and a ChatGPT prompt. Second time: five CVEs in five days, responsible disclosure, vendor patches, halted go-live.

https://payloadforge.io/why-infra-pentests-suck

Why Infra Pentests Suck

Let's call him Marco. We were both at the same consultancy, a few years into pentesting, stuck on site together at a client. I was mid-level, still figuring shit out learning the ropes, while he was senior. Italian, slim, quiet guy who would sit in the corner with his headphones

Payload Forge
payloadforgeFeb 25
War diary from LLM-assisted pentesting. Needed a vulnerable Eclipse Che instance for my Metasploit PR (CVE-2025-12548). Asked Grok 4 and Claude Sonnet 4.6 — both confidently wrong in different ways. Phantom CLI flags, CrashLoopBackOffs, invisible trailing newlines.
The fix came from plain old human debugging instinct, not a clever prompt.
https://payloadforge.io/i-asked-two-ais-to-help-me-set-up-a-test-environment-heres-what-actually-happened/
#Metasploit #OffSec #ExploitDev #LLM
I Asked Two AIs to Help Me Set Up a Test Environment. Here's What Actually Happened.

Payload Forge