rastamouse.me
Open in
urlscan Pro
2a06:98c1:3120::3
Public Scan
URL:
http://rastamouse.me/
Submission Tags: falconsandbox
Submission: On September 06 via api from US — Scanned from NL
Submission Tags: falconsandbox
Submission: On September 06 via api from US — Scanned from NL
Form analysis 3 forms found in the DOM
GET http://rastamouse.me/
<form method="get" class="searchform" action="http://rastamouse.me/">
<fieldset>
<button type="submit" class="search-button" name="searchsubmit" value="Search"><i class="icon-search"></i></button><input type="text" value="" name="s" placeholder="Search">
</fieldset>
</form>GET http://rastamouse.me/
<form method="get" class="searchform" action="http://rastamouse.me/">
<fieldset>
<button type="submit" class="search-button" name="searchsubmit" value="Search"><i class="icon-search"></i></button><input type="text" value="" name="s" placeholder="Search">
</fieldset>
</form>GET http://rastamouse.me/
<form method="get" class="searchform" action="http://rastamouse.me/">
<fieldset>
<button type="submit" class="search-button" name="searchsubmit" value="Search"><i class="icon-search"></i></button><input type="text" value="" name="s" placeholder="Search">
</fieldset>
</form>Text Content
Skip to content Rasta Mouse Brain Farts Rasta Mouse Brain Farts * Home * BUILDING A (SLIGHTLY) BETTER MELKOR Blog / September 6, 2023 / Rasta Mouse Melkor is a C# POC written by FuzzySec to simulate a TTP employed by InvisiMole. The concept is that post-ex assemblies are loaded into a payload/implant and kept encrypted using DPAPI whilst at rest. They are decrypted on demand and executed in a separate AppDomain. The AppDomain is unloaded once execution completes and only the Read more C# SOURCE GENERATORS Blog / July 2, 2023 / Rasta Mouse Introduction C# Source Generators made their first appearance around the release of .NET 5 and now ship as part of the .NET Compiler Platform (“Roslyn”) SDK. They allow developers to inspect user code as it is being compiled and even create new C# source files on the fly and add them to the compilation. A Read more SHARPC2: HTTPS WITH REDIRECTOR Blog / April 4, 2023 / Rasta Mouse This post will demonstrate how to use the HTTPS handler in SharpC2 with an Apache redirector. I’ll be running SharpC2 inside WSL on my physical host and an EC2 instance as my redirector. The traffic will be proxied from Apache to SharpC2 over a reverse SSH tunnel. Redirector First, install Apache and enable the relevant Read more .NET STARTUP HOOKS Blog / January 2, 2023 / Rasta Mouse tl;dr Since .NET Core 3, the dotnet runtime has provided a low-level hook that allows injecting managed code that will run before an application’s entry point. This hook makes it possible to effectively backdoor any .NET application on a host (Windows, Linux, and macOS). You may ask why such a feature exists. It’s used in Read more TOKEN IMPERSONATION IN C# Blog / December 16, 2022 / Rasta Mouse This post was inspired by a question posted by kevin in my Discord server, about how token impersonation can be applied to threads in C#. Before delving into that particular facet, let’s do a quick recap of token impersonation as a whole. What is Token Impersonation? This is a practice by which a calling thread Read more GETDOMAIN VS GETCOMPUTERDOMAIN VS GETCURRENTDOMAIN Blog / October 27, 2022 / Rasta Mouse Many Active Directory enumeration and post-exploitation tools need to figure out which domain they’re in or which domain they need to target. For convenience, PowerShell and C# tools can use the .NET Domain class from the System.DirectoryService.ActiveDirectory namespace. This class has several methods that can return a relevant Domain object, including GetComputerDomain() and GetCurrentDomain(). This Read more EVILGINX, MEET BITB Blog / July 27, 2022 / Rasta Mouse Obligatory disclaimer that I did not come up with any of these techniques – I’m just combining two awesome ideas by other people. If you’re not familiar with Evilginx or BITB, here’s a quick recap. Evilginx, created by Kuba Gretzky, is a man-in-the-middle framework designed to facilitate the capture of credentials and session cookies. It Read more OUS AND GPOS AND WMI FILTERS, OH MY! Blog / June 7, 2022 / Rasta Mouse Abusing GPOs is a tactic that’s been actively in-play for many years. ACL-based path-finding for GPOs was introduced to BloodHound 1.5 in 2018, and other tools have been released such as SharpGPOAbuse which implement various abuse primitives. You may be familiar with this representation, where a machine is a member of an OU and a Read more WHY TOOL-RESTRICTED EXAMS (SOMETIMES) MATTER Blog / April 16, 2022 / Rasta Mouse As the author of the Red Team Ops course and certification, I often get asked why the tools available in the exam are restricted to those provided in the pre-configured environment. The answer is a little involved to explain fully on Twitter or Discord, so this post is my attempt at providing a more complete Read more SOCKS4A PROXY IN C# Blog / March 28, 2022 / Rasta Mouse Some time ago, I tweeted a teaser about implementing a SOCKS4 proxy in .NET. This post will finally provide a basic run-down of how I implemented it. There are some short-comings, which I’ll try and callout as they come up. We start off by creating a class that will bring a bind address and port Read more 1 2 3 RECENT POSTS * Building a (slightly) better Melkor * C# Source Generators * SharpC2: HTTPS with Redirector * .NET Startup Hooks * Token Impersonation in C# Read More Copyright © 2023 Rasta Mouse | Powered by DiagnoSEO WordPress Theme SEARCH