[Update] Deception.Pro Jan 2026

Written By MalBeacon

The Deception.Pro platform continues to evolve with a focus on making hands on keyboard research faster clearer and more scalable for teams running real world deception operations. This January update delivers meaningful improvements across usability malware execution and platform stability along with a look at what is coming next.

What’s New?

  • Replica browsing by industry vertical for Premium users
    Premium users can now browse all available replicas by industry vertical. Whether you are modeling healthcare finance manufacturing or other target environments this makes it easier to launch deception operations that closely mirror real victim profiles. Less time configuring and more time observing attacker behavior.

  • Improved operation artifact handling
    Several issues related to operation artifact storage and user interface rendering have been resolved. Artifacts now display more reliably and VirusTotal references are properly linked for faster pivoting during analysis.

  • Expanded and improved auto detonation support
    Auto detonation has received a significant reliability upgrade and now supports a wider range of malware delivery formats including DLL PS1 MSI EXE HTA BAT LNK JS and password protected ZIP files containing these formats. This brings execution behavior closer to what adversaries deploy in real world campaigns and reduces the need for manual handling.

  • Stability and performance improvements
    A collection of user interface and backend improvements were deployed to enhance overall stability responsiveness and platform reliability during active operations.

Next on the Roadmap

  • Dedicated KVM infrastructure
    We are moving KVM workloads to dedicated server resources to improve performance isolation and consistency during high intensity operations.

  • TLS inspection
    We are expanding visibility into encrypted attacker traffic to support deeper analysis of modern malware communications.

  • Memory dump collection and analysis
    Support for memory dump capture will be added to enable deeper forensic analysis of in memory artifacts post exploitation and during hands on keyboard activity.

Closing Thoughts

These updates continue our focus on aligning Deception.Pro with how real adversaries operate rather than how theoretical models describe them. Feedback from active researchers and operators continues to shape the platform and we are excited to share more as these upcoming capabilities come online.

Stay curious and stay deceptive!

MalBeacon https://MalBeacon.com
Previous

[Op Report] Hands-on-Keyboard Intrusion Abusing Multiple RMMs

Next

[Op Report] CastleRAT Campaign leads to Hands-on-Keyboard ATO Operations