_RastaMouse
@rastamouse.me
Wannabe security guy. Director @ Zero-Point Security.
My alter ego has posted a TAS for the Pokémon Yellow Ash% route. Check it out if you like a bit of retro-gaming.
www.youtube.com/watch?v=SqFU...
www.youtube.com/watch?v=SqFU...
Pokemon Yellow Ash% :: 2:27 IGT :: TAS
YouTube video by avatar00000
www.youtube.com
January 3, 2026 at 9:53 AM
My alter ego has posted a TAS for the Pokémon Yellow Ash% route. Check it out if you like a bit of retro-gaming.
www.youtube.com/watch?v=SqFU...
www.youtube.com/watch?v=SqFU...
I managed it: marketplace.visualstudio.com/items?itemNa...
January 2, 2026 at 12:34 AM
I managed it: marketplace.visualstudio.com/items?itemNa...
I've written a VSCode extension that provides syntax highlighting for Crystal Palace spec files. I'll throw it up on the marketplace if I can figure out how 😅
January 1, 2026 at 8:50 PM
I've written a VSCode extension that provides syntax highlighting for Crystal Palace spec files. I'll throw it up on the marketplace if I can figure out how 😅
Reposted by _RastaMouse
To wrap up the year, I've published this Havoc extension that enables remote execution of Beacon Object Files (BOFs) using a PIC loader built with Crystal Palace.
github.com/pard0p/Remot...
github.com/pard0p/Remot...
GitHub - pard0p/Remote-BOF-Runner: Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal Palace.
Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal Palace. - pard0p/Remote-BOF-Runner
github.com
December 31, 2025 at 11:20 AM
To wrap up the year, I've published this Havoc extension that enables remote execution of Beacon Object Files (BOFs) using a PIC loader built with Crystal Palace.
github.com/pard0p/Remot...
github.com/pard0p/Remot...
Pointer patching (aka 'smartinject') doesn't seem possible when you're IAT hooking APIs like GetProcAddress. The pointer that gets patched is that of the hook function, and not the legit API, which causes the loader to crash.
December 31, 2025 at 12:03 PM
Pointer patching (aka 'smartinject') doesn't seem possible when you're IAT hooking APIs like GetProcAddress. The pointer that gets patched is that of the hook function, and not the legit API, which causes the loader to crash.
Reposted by _RastaMouse
WinAPI DFR remaps for Crystal Palace to automatically convert Func() to Module$Func(). Goodbye preprocessor macros 👋. github.com/Henkru/cp-df...
GitHub - Henkru/cp-dfr-defs: Dynamic Function Resolution (DFR) definitions for Crystal Palace
Dynamic Function Resolution (DFR) definitions for Crystal Palace - GitHub - Henkru/cp-dfr-defs: Dynamic Function Resolution (DFR) definitions for Crystal Palace
github.com
December 20, 2025 at 11:02 AM
WinAPI DFR remaps for Crystal Palace to automatically convert Func() to Module$Func(). Goodbye preprocessor macros 👋. github.com/Henkru/cp-df...
Reposted by _RastaMouse
Discovering Tradecraft Garden by x.com/jjavierolmedo
hackpuntes.com/posts/explor...
A gentle introduction to the project and specifically using the ./link command & running examples. I'm glad the guardrails example (now follow-on loader agnostic) was called out. It's a waiting gem in the corpus.
hackpuntes.com/posts/explor...
A gentle introduction to the project and specifically using the ./link command & running examples. I'm glad the guardrails example (now follow-on loader agnostic) was called out. It's a waiting gem in the corpus.
December 12, 2025 at 1:57 AM
Discovering Tradecraft Garden by x.com/jjavierolmedo
hackpuntes.com/posts/explor...
A gentle introduction to the project and specifically using the ./link command & running examples. I'm glad the guardrails example (now follow-on loader agnostic) was called out. It's a waiting gem in the corpus.
hackpuntes.com/posts/explor...
A gentle introduction to the project and specifically using the ./link command & running examples. I'm glad the guardrails example (now follow-on loader agnostic) was called out. It's a waiting gem in the corpus.
Posting this because I’m not sure Steve is on this platform. He’s made a CLion template for Crystal Palace.
github.com/0xTriboulet/...
github.com/0xTriboulet/...
GitHub - 0xTriboulet/emerald_template: A cmake template for crystal palace
A cmake template for crystal palace. Contribute to 0xTriboulet/emerald_template development by creating an account on GitHub.
github.com
December 10, 2025 at 8:30 AM
Posting this because I’m not sure Steve is on this platform. He’s made a CLion template for Crystal Palace.
github.com/0xTriboulet/...
github.com/0xTriboulet/...
Reposted by _RastaMouse
Implementing PICOs and allowing for easy development in rust github.com/laachy/trade...
@raphaelmudge.bsky.social
@raphaelmudge.bsky.social
github.com
December 9, 2025 at 12:01 AM
Implementing PICOs and allowing for easy development in rust github.com/laachy/trade...
@raphaelmudge.bsky.social
@raphaelmudge.bsky.social
Reposted by _RastaMouse
Seeing is believing. Check out the video to see how version 4.12 makes #CobaltStrike sharper, smarter, and ready for the future. https://linoma.wistia.com/medias/9sku2eat6h
Cobalt Strike 4.12 Video
linoma.wistia.com
December 4, 2025 at 7:10 PM
Seeing is believing. Check out the video to see how version 4.12 makes #CobaltStrike sharper, smarter, and ready for the future. https://linoma.wistia.com/medias/9sku2eat6h
Pushed a big update to Crystal Kit.
github.com/rasta-mouse/...
github.com/rasta-mouse/...
GitHub - rasta-mouse/Crystal-Kit: Evasion kit for Cobalt Strike
Evasion kit for Cobalt Strike. Contribute to rasta-mouse/Crystal-Kit development by creating an account on GitHub.
github.com
December 3, 2025 at 3:14 PM
Pushed a big update to Crystal Kit.
github.com/rasta-mouse/...
github.com/rasta-mouse/...
This is a funny trap people often fall into with some programming languages. C# is a good example as it provides features like inheritance, polymorphism, reflection, extensions, overrides, and so on, to abstract classes and their functionalities. But just because you can, doesn’t mean you should.
Now, for the warning--to myself and others:
With these tools, it's easy to sometimes try to find an unneeded architectural elegance and make shit more complicated than it needs to be.
In the prior release, I wanted to use redirect to make the Hooking example modular, but... I only could do 1:1
With these tools, it's easy to sometimes try to find an unneeded architectural elegance and make shit more complicated than it needs to be.
In the prior release, I wanted to use redirect to make the Hooking example modular, but... I only could do 1:1
December 2, 2025 at 8:04 AM
This is a funny trap people often fall into with some programming languages. C# is a good example as it provides features like inheritance, polymorphism, reflection, extensions, overrides, and so on, to abstract classes and their functionalities. But just because you can, doesn’t mean you should.
Reposted by _RastaMouse
LibPicoManager is a unified PICO management framework that provides centralized control over PICOs in memory, enabling dynamic code loading, runtime PICO substitution, and advanced evasion techniques like sleep masking through a single RWX code block.
github.com/pard0p/LibPi...
github.com/pard0p/LibPi...
GitHub - pard0p/LibPicoManager: LibPicoManager is a unified PICO management framework that provides centralized control over Position Independent Code Objects in shared memory, enabling dynamic code l...
LibPicoManager is a unified PICO management framework that provides centralized control over Position Independent Code Objects in shared memory, enabling dynamic code loading, runtime PICO substitu...
github.com
December 1, 2025 at 11:24 PM
LibPicoManager is a unified PICO management framework that provides centralized control over PICOs in memory, enabling dynamic code loading, runtime PICO substitution, and advanced evasion techniques like sleep masking through a single RWX code block.
github.com/pard0p/LibPi...
github.com/pard0p/LibPi...
[BLOG]
This update solved a big issue I had with merging raw assembly into PIC. I cover the new linkfunc command and the updated addhook command.
rastamouse.me/pic-symphony/
This update solved a big issue I had with merging raw assembly into PIC. I cover the new linkfunc command and the updated addhook command.
rastamouse.me/pic-symphony/
December 1, 2025 at 8:12 PM
[BLOG]
This update solved a big issue I had with merging raw assembly into PIC. I cover the new linkfunc command and the updated addhook command.
rastamouse.me/pic-symphony/
This update solved a big issue I had with merging raw assembly into PIC. I cover the new linkfunc command and the updated addhook command.
rastamouse.me/pic-symphony/
Reposted by _RastaMouse
December 1, 2025 at 4:26 PM
Reposted by _RastaMouse
Tradecraft Orchestration in the Garden
aff-wg.org/2025/12/01/t...
An exercise in building base architectures with Crystal Palace .spec files and configuring/layering specific tradecraft modules over them at link time.
aff-wg.org/2025/12/01/t...
An exercise in building base architectures with Crystal Palace .spec files and configuring/layering specific tradecraft modules over them at link time.
Tradecraft Orchestration in the Garden
What’s more relaxing than a beautiful fall day, a crisp breeze, a glass of Sangria, and music from the local orchestra? Of course, I expect you answered: writing position-independent code projects …
aff-wg.org
December 1, 2025 at 2:11 PM
Tradecraft Orchestration in the Garden
aff-wg.org/2025/12/01/t...
An exercise in building base architectures with Crystal Palace .spec files and configuring/layering specific tradecraft modules over them at link time.
aff-wg.org/2025/12/01/t...
An exercise in building base architectures with Crystal Palace .spec files and configuring/layering specific tradecraft modules over them at link time.
[BLOG]
Cracking the Crystal Palace - detecting in-memory PIC using Crystal Palace's __resolve_hook() intrinsic.
rastamouse.me/cracking-the...
Cracking the Crystal Palace - detecting in-memory PIC using Crystal Palace's __resolve_hook() intrinsic.
rastamouse.me/cracking-the...
November 29, 2025 at 10:55 PM
[BLOG]
Cracking the Crystal Palace - detecting in-memory PIC using Crystal Palace's __resolve_hook() intrinsic.
rastamouse.me/cracking-the...
Cracking the Crystal Palace - detecting in-memory PIC using Crystal Palace's __resolve_hook() intrinsic.
rastamouse.me/cracking-the...
Pretending to be a blue teamer today
November 29, 2025 at 3:46 PM
Pretending to be a blue teamer today
I just had this strange idea... I wrote about modular C2 a while ago, where an implant could be split into multiple parts and loaded into disparate regions of memory across a process.
November 28, 2025 at 11:25 PM
I just had this strange idea... I wrote about modular C2 a while ago, where an implant could be split into multiple parts and loaded into disparate regions of memory across a process.
This iteration leverages the power of @raphaelmudge.bsky.social's Crystal Palace ecosystem to build custom evasion tradecraft, and apply it to Beacon, BOFs and post-ex DLLs.
The new version of RTO II is finally available to purchase.
www.zeropointsecurity.co.uk/course/red-t...
www.zeropointsecurity.co.uk/course/red-t...
Red Team Ops II
Gain the knowledge and skills necessary to operate against advanced defences.
www.zeropointsecurity.co.uk
November 28, 2025 at 2:35 PM
This iteration leverages the power of @raphaelmudge.bsky.social's Crystal Palace ecosystem to build custom evasion tradecraft, and apply it to Beacon, BOFs and post-ex DLLs.
The new version of RTO II is finally available to purchase.
www.zeropointsecurity.co.uk/course/red-t...
www.zeropointsecurity.co.uk/course/red-t...
Red Team Ops II
Gain the knowledge and skills necessary to operate against advanced defences.
www.zeropointsecurity.co.uk
November 28, 2025 at 2:30 PM
The new version of RTO II is finally available to purchase.
www.zeropointsecurity.co.uk/course/red-t...
www.zeropointsecurity.co.uk/course/red-t...
Reposted by _RastaMouse
@_dirkjan and my joint talk at #TROOPERS25 is now available on YouTube.
"Finding Entra ID CA Bypasses - the structured way" @wearetroopers.bsky.social
youtu.be/yYQBeDFEkps
"Finding Entra ID CA Bypasses - the structured way" @wearetroopers.bsky.social
youtu.be/yYQBeDFEkps
TROOPERS25: Finding Entra ID CA Bypasses - The Structured Way
YouTube video by TROOPERS IT Security Conference
youtu.be
November 27, 2025 at 5:35 AM
@_dirkjan and my joint talk at #TROOPERS25 is now available on YouTube.
"Finding Entra ID CA Bypasses - the structured way" @wearetroopers.bsky.social
youtu.be/yYQBeDFEkps
"Finding Entra ID CA Bypasses - the structured way" @wearetroopers.bsky.social
youtu.be/yYQBeDFEkps
I hope Fortra legal don't come after me for this one. I just couldn't resist.
November 24, 2025 at 9:50 PM
I hope Fortra legal don't come after me for this one. I just couldn't resist.