Offensive Cybersecurity Insights: A New Year Compilation
Hello world!
This is Hackcraft’s Team Newsletter, aka our official excuse to share what we’ve been researching, noticing, debating and bookmarking obsessively over the past two months. Are you looking for community or cybersecurity business insights? You‘re at the right place.
Blogs
Let’s start with Hackcraft’s two blogs, which we’d like you to take a look at.
Microsoft SQL Server Hacking
The first piece comes from one of our amazing researchers and penetration testers, diving into Microsoft SQL Server hacking via its TDS protocol. You might be asking, "What on earth is TDS?" TDS, or Tabular Data Stream, is the protocol Microsoft SQL Server uses to connect with clients, particularly thick-client applications. Through research, it was found that by manipulating the way TDS handles encryption, it’s possible to capture MSSQL account credentials.
Explore it: https://www.hackcraft.gr/2026/01/microsoft-sql-server-hacking-tds-downgrade-attack/
Red Teaming and Industry Pitfalls
In this article, our team wanted to highlight the differences between true red teaming, social engineering, assume breach, tabletop exercises and internal security assessments, shedding light on the gap between how these practices are understood and how they are actually applied! Many of these cybersecurity services test individual aspects of a red team exercise, but they don’t offer the same value, scope, or level of protection. So, if you want to understand what red teaming really is, the value it brings, and when these services make sense for your organization, this article is worth a read!
Explore it: https://www.hackcraft.gr/2026/01/red-teaming-and-industry-pitfalls/
Industry News in a Nutshell
AI-Driven Attacks Are Becoming Mainstream
Well, AI attacks…what else? A Gartner survey of 302 cybersecurity leaders conducted in early-to-mid 2025 found that 62% of organizations reported experiencing a deepfake attack involving social engineering or automated impersonation in the past year, and 32% said they faced attacks on AI applications.
Massive Instagram Data Exposure
As we like to say, privacy is an illusion, but this is quite a compromise. Sensitive data tied to roughly 17.5 million Instagram accounts, including usernames, email addresses, phone numbers, and other contact information, has been circulating on dark web forums following an alleged leak. While Instagram’s parent company has publicly denied a system breach, cybersecurity researchers verified the dataset’s presence online.
Crypto Theft Linked to the 2022 LastPass Breach Continues – Report Dec 2025
TRM Labs traced $35M+ in stolen crypto to the 2022 LastPass breach, showing attackers are still draining wallets years later by cracking weak master passwords and laundering funds through mixers and Russia-linked exchanges. Why it matters: Breaches don’t end when the headlines do. Stolen encrypted data can fuel long-tail theft for years, especially in crypto. Weak passwords and reused secrets turn old cybersecurity incidents into ongoing financial losses.
Community Tools & Articles Worth a Read
Hacking Humans: Social Engineering and the Psychology
This article stands out not only because it's written by the Specterops team, but also because it explains how, as biometric cybersecurity and access controls become increasingly hardened, attackers continue to bypass them by exploiting the human element!
Explore it: https://specterops.io/blog/2026/01/23/hacking-humans-social-engineering-and-the-psychology/
Bypassing Windows Administrator Protection
This awe-inspiring article, by the one and only James Forsaw of Google’s Project Zero, dives into Windows 11’s new Administrator Protection, a feature meant to replace User Account Control (UAC) with a stronger cybersecurity boundary. In an exceptionally detailed piece of research –exactly what we’ve come to expect- they explain how the new elevation model works, why legacy behaviors still matter, and describe ways the protection could be bypassed in early builds.
Explore it: https://projectzero.google/2026/26/windows-administrator-protection.html
A Powerful Guide to Active Directory Certificate Services and Hacking
Hand-picked by our Principal Red Team Operator, Iosif Choulis, don’t miss this compact but powerful guide to Active Directory Certificate Services (AD CS), showing how certificate misconfigs can turn into real privilege escalation paths. It’s practical, attacker-minded and straight to the point. AD CS is one of those “set it and forget it” features that quietly becomes dangerous…
Explore it: https://swisskyrepo.github.io/InternalAllTheThings/active-directory/ad-adcs-certificate-services/
XSS but Make It Very Small
Some targets deploy hardened defenses against XSS, such as strict input length limits. Tiny XSS Payloads is a cheat sheet that compiles ultra-short payloads of various types, the smallest of which is just 17 characters long!
Explore it: https://tinyxss.terjanq.me/
Frida for Mobile Penetration Testing but with UI
Frida-UI is a lightweight, local web-based user interface for the dynamic instrumentation toolkit Frida, letting you interact with connected devices, running processes, and scripts directly in your browser (no CLI juggling). It shows apps/processes, has a script editor with CodeShare integration, live console/logs, and makes Android app penetration testing and runtime analysis faster.
Explore it: https://github.com/adityatelange/frida-ui
JWT Tokens and Penetration Testing Simplified
JWT_Tool is a Python toolkit for pen testers and cybersecurity researchers to analyze, tamper, test and crack JSON Web Tokens (JWTs) letting you validate tokens, scan for misconfigurations, test for known JWT vulnerabilities (like alg=none bypass, key confusion, ECDSA weaknesses), fuzz claims, brute-force weak secrets, and forge modified tokens to evaluate authentication security in web apps. It’s also handy for CTF practice and auditing JWT usage.
Explore it: https://github.com/ticarpi/jwt_tool
Closing Thoughts
The cybersecurity threats we covered in this Newsletter don’t move in the sphere of theory; they’re already out there. AI-driven social engineering, protocol abuse, identity compromise, and long-tail breach fallout are exactly how real adversaries break in today. Red teaming shows you where they’ll strike before they get the chance.
If you want to discover how your organization would be breached, contact Hackcraft for a red team engagement.
