unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Search
Rss
黑夜模式
Modular PIC C2 Agents (reprise)
文章介绍了如何通过合并COFF文件构建模块化C2代理,并利用Crystal Palace的新功能简化开发流程。通过make coff和merge命令可将多个COFF合并为一个自包含的二进制文件,并支持导出为PICO供反射加载器使用。未来计划探索Java API实现更程序化的功能构建。...
2025-9-12 22:27:47 | 阅读: 7 |
收藏
|
Rasta Mouse - rastamouse.me
coff
loader
pico
merged
reflective
Debugging the Tradecraft Garden
文章介绍了一种在 Windows 环境下通过 WSL 使用 VS Code 开发 Crystal Palace 和 Tradecraft Garden 项目的方法,并分享了如何生成调试版本以支持 WinDbg 调试的经验。...
2025-7-25 11:14:7 | 阅读: 17 |
收藏
|
Rasta Mouse - rastamouse.me
loader
windows
vscode
tcg
pico
Modular PIC C2 Agents
文章介绍了Crystal Palace框架如何利用PICOs(位置无关代码对象)构建模块化C2代理。与传统单一rDLL或PIC blob不同,Crystal Palace允许将代理拆分为多个独立的PICOs,每个负责特定功能。文章展示了如何通过反射加载器加载和执行多个PICOs,并支持动态修补数据以增强灵活性和功能性。...
2025-7-20 12:24:15 | 阅读: 21 |
收藏
|
Rasta Mouse - rastamouse.me
pico
loader
msgbox
funcs
picos
Harvesting the Tradecraft Garden - Part 2
这篇文章介绍了如何使用Cobalt Strike生成自定义反射式加载器,并通过POSTEX_RDLL_GENERATE钩子获取GetModuleHandle和GetProcAddress指针以避免遍历导出地址表(EAT)。文章还详细说明了如何修改加载器以兼容Cobalt Strike,并展示了如何处理.rdata节和调用DLL入口点。...
2025-6-10 20:36:48 | 阅读: 19 |
收藏
|
Rasta Mouse - rastamouse.me
rdata
loader
postex
sectionhdr
rdll
Harvesting the Tradecraft Garden
文章介绍了Raphael Mudge的Tradecraft Garden项目及其组件Crystal Palace和The Garden。详细说明了如何将这些工具集成到Cobalt Strike中生成自定义有效载荷,并探讨了其对PIC加载器开发的影响。...
2025-6-8 01:41:5 | 阅读: 22 |
收藏
|
Rasta Mouse - rastamouse.me
beacon
loader
payload
rdll
palace
Kerberoasting w/o the TGS-REQ
Kerberoasting is a technique that allows an attacker to extract the encrypted part of a...
2025-3-5 16:44:58 | 阅读: 9 |
收藏
|
Rasta Mouse - rastamouse.me
contoso
mssqlsvc
lon
rubeus
pchilds
Cobalt Strike Postex Kit
2024-12-9 01:8:52 | 阅读: 31 |
收藏
|
Rasta Mouse - rastamouse.me
postex
beacon
postexmain
rdll
jid
UDRL, SleepMask, and BeaconGate
2024-11-30 09:54:48 | 阅读: 43 |
收藏
|
Rasta Mouse - rastamouse.me
beacon
memory
udrl
stage
Crystal Malware
2024-8-2 00:32:14 | 阅读: 15 |
收藏
|
Rasta Mouse - rastamouse.me
Kerberos Delegation Test App
Blog /May 11, 2024 /I have been quietly working on...
2024-5-12 00:7:26 | 阅读: 14 |
收藏
|
Rasta Mouse - rastamouse.me
hades
negotiate
contoso
Custom Beacon Artifacts
Blog /May 7, 2024 /If you’re an experienced Cobalt...
2024-5-7 19:55:29 | 阅读: 97 |
收藏
|
Rasta Mouse - rastamouse.me
shellcode
phear
payload
artifact
memory
YARP as a C2 Redirector
Blog /March 9, 2024 /YARP: Yet Another Reverse Prox...
2024-3-10 00:45:5 | 阅读: 63 |
收藏
|
Rasta Mouse - rastamouse.me
yarp
nickelviper
c2
teamserver
clusterid
ANYSIZE_ARRAY in C#
Blog /January 29, 2024 /There are multiple struc...
2024-1-30 02:6:55 | 阅读: 24 |
收藏
|
Rasta Mouse - rastamouse.me
kerb
tkt
memory
ticketptr
SafeHandle vs IntPtr
Blog /January 6, 2024 /C# is a popular language in...
2024-1-7 01:32:34 | 阅读: 21 |
收藏
|
Rasta Mouse - rastamouse.me
htoken
closehandle
hduptoken
safehandle
Cobalt Strike Aggressor Callbacks
Blog /October 3, 2023 /The Cobalt Strike 4.9 rel...
2023-10-4 04:1:28 | 阅读: 39 |
收藏
|
Rasta Mouse - rastamouse.me
beacon
bps
128392
1u6ahiu
179184
Building a (slightly) better Melkor
Blog /September 6, 2023 /Melkor is a C# POC written...
2023-9-6 23:44:37 | 阅读: 21 |
收藏
|
Rasta Mouse - rastamouse.me
omod
appdomain
bmod
memory
oplaintext
C# Source Generators
Blog /July 2, 2023 /IntroductionC# Source Gener...
2023-7-3 01:41:52 | 阅读: 44 |
收藏
|
Rasta Mouse - rastamouse.me
consoleapp
uris
sourcecode
itemgroup
SharpC2: HTTPS with Redirector
Blog /April 4, 2023 /This post will demonstrate how...
2023-4-5 04:21:41 | 阅读: 33 |
收藏
|
Rasta Mouse - rastamouse.me
nickelviper
sharpc2
ec2
certbot
ssh
.NET Startup Hooks
Blog /January 2, 2023 /tl;drSince .NET Core 3,...
2023-1-3 05:31:0 | 阅读: 72 |
收藏
|
Rasta Mouse - rastamouse.me
demoapp
shellcode
startuphook
client
marshal
Token Impersonation in C#
Blog /December 16, 2022 /This post was inspired by...
2022-12-17 00:8:31 | 阅读: 54 |
收藏
|
Rasta Mouse - rastamouse.me
upvrp0cv3cv
htoken
writeline
impersonate
Previous
-2
-1
0
1
2
3
4
5
Next
