rastamouse.me
Open in
urlscan Pro
2a06:98c1:3120::3
Public Scan
URL:
http://rastamouse.me/
Submission: On March 08 via api from US — Scanned from NL
Submission: On March 08 via api from US — Scanned from NL
Form analysis 3 forms found in the DOM
GET http://rastamouse.me/
<form method="get" class="searchform" action="http://rastamouse.me/">
<fieldset>
<button type="submit" class="search-button" name="searchsubmit" value="Search"><i class="icon-search"></i></button><input type="text" value="" name="s" placeholder="Search">
</fieldset>
</form>GET http://rastamouse.me/
<form method="get" class="searchform" action="http://rastamouse.me/">
<fieldset>
<button type="submit" class="search-button" name="searchsubmit" value="Search"><i class="icon-search"></i></button><input type="text" value="" name="s" placeholder="Search">
</fieldset>
</form>GET http://rastamouse.me/
<form method="get" class="searchform" action="http://rastamouse.me/">
<fieldset>
<button type="submit" class="search-button" name="searchsubmit" value="Search"><i class="icon-search"></i></button><input type="text" value="" name="s" placeholder="Search">
</fieldset>
</form>Text Content
Skip to content Rasta Mouse Cheesy Rumbles Rasta Mouse Cheesy Rumbles * Home * ANYSIZE_ARRAY IN C# Blog / January 29, 2024 / Rasta Mouse There are multiple structures in Windows that contain fixed sized arrays. The instance I came across recently was the KERB_QUERY_TKT_CACHE_RESPONSE struct, which looks like this: ANYSIZE_ARRAY is defined as 1 in winnt.h, but the reality is that the array will be of size CountOfTickets. This value obviously cannot be known at compile time. Translating these Read more SAFEHANDLE VS INTPTR Blog / January 6, 2024 / Rasta Mouse C# is a popular language in both the commercial space (think ASP.NET Core, MVC, Blazor, WPF, MAUI, etc) and the infosec space. The most well known offensive C# tools are probably those in GhostPack (Rubeus, Seatbelt, Certify, SharpUp, etc). A lot of offensive tools that target Windows use interop (P/Invoke) quite heavily to call WinAPIs Read more COBALT STRIKE AGGRESSOR CALLBACKS Blog / October 3, 2023 / Rasta Mouse The Cobalt Strike 4.9 release introduced support for registering Aggressor callbacks for several functions including bexecute_assembly, bpowerpick, and binline_execute. Prior to this feature, there was no practical way of tasking Beacon and then performing further actions based on the output (other than reading it on the console and then manually issuing more commands). To demonstrate Read more BUILDING A (SLIGHTLY) BETTER MELKOR Blog / September 6, 2023 / Rasta Mouse Melkor is a C# POC written by FuzzySec to simulate a TTP employed by InvisiMole. The concept is that post-ex assemblies are loaded into a payload/implant and kept encrypted using DPAPI whilst at rest. They are decrypted on demand and executed in a separate AppDomain. The AppDomain is unloaded once execution completes and only the Read more C# SOURCE GENERATORS Blog / July 2, 2023 / Rasta Mouse Introduction C# Source Generators made their first appearance around the release of .NET 5 and now ship as part of the .NET Compiler Platform (“Roslyn”) SDK. They allow developers to inspect user code as it is being compiled and even create new C# source files on the fly and add them to the compilation. A Read more SHARPC2: HTTPS WITH REDIRECTOR Blog / April 4, 2023 / Rasta Mouse This post will demonstrate how to use the HTTPS handler in SharpC2 with an Apache redirector. I’ll be running SharpC2 inside WSL on my physical host and an EC2 instance as my redirector. The traffic will be proxied from Apache to SharpC2 over a reverse SSH tunnel. Redirector First, install Apache and enable the relevant Read more .NET STARTUP HOOKS Blog / January 2, 2023 / Rasta Mouse tl;dr Since .NET Core 3, the dotnet runtime has provided a low-level hook that allows injecting managed code that will run before an application’s entry point. This hook makes it possible to effectively backdoor any .NET application on a host (Windows, Linux, and macOS). You may ask why such a feature exists. It’s used in Read more TOKEN IMPERSONATION IN C# Blog / December 16, 2022 / Rasta Mouse This post was inspired by a question posted by kevin in my Discord server, about how token impersonation can be applied to threads in C#. Before delving into that particular facet, let’s do a quick recap of token impersonation as a whole. What is Token Impersonation? This is a practice by which a calling thread Read more GETDOMAIN VS GETCOMPUTERDOMAIN VS GETCURRENTDOMAIN Blog / October 27, 2022 / Rasta Mouse Many Active Directory enumeration and post-exploitation tools need to figure out which domain they’re in or which domain they need to target. For convenience, PowerShell and C# tools can use the .NET Domain class from the System.DirectoryService.ActiveDirectory namespace. This class has several methods that can return a relevant Domain object, including GetComputerDomain() and GetCurrentDomain(). This Read more EVILGINX, MEET BITB Blog / July 27, 2022 / Rasta Mouse Obligatory disclaimer that I did not come up with any of these techniques – I’m just combining two awesome ideas by other people. If you’re not familiar with Evilginx or BITB, here’s a quick recap. Evilginx, created by Kuba Gretzky, is a man-in-the-middle framework designed to facilitate the capture of credentials and session cookies. It Read more 1 2 3 RECENT POSTS * ANYSIZE_ARRAY in C# * SafeHandle vs IntPtr * Cobalt Strike Aggressor Callbacks * Building a (slightly) better Melkor * C# Source Generators Read More Copyright © 2024 Rasta Mouse | Powered by DiagnoSEO WordPress Theme SEARCH