Rasta Mouse
20.4K posts
Rasta Mouse
@_RastaMouse
Be kind, be brave, be principled.
Katılım Ocak 2012
300 Takip Edilen48.4K Takipçiler
Oh @OutflankNL, I wouldn't bother entering the Eurovision this year... UK already has this won!! youtube.com/watch?v=xnls0L…
YouTube
English
Rasta Mouse retweetledi
Confirmed! Orange Tsai (@orange_8361) of DEVCORE Research Team (@d3vc0r3) chained 4 logic bugs to achieve a sandbox escape on Microsoft Edge, earning $175,000 and 17.5 Master of Pwn points. Full win! #Pwn2Own #P2OBerlin
English
Rasta Mouse retweetledi
@MDSecLabs will be running our Red Team Capability Training out in #BlackHatUSA26 again this year. This year the course features a big refresh, with a bunch of new additions on the latest evolving techniques!
Early bird discounts end this month! @BlackHatEvents
#adversary-simulation-and-capability-development---2026-edition-50846" target="_blank" rel="nofollow noopener">blackhat.com/us-26/training…
English
Rasta Mouse retweetledi
35+ non-Office file formats fully weaponized & obfuscated by the OST Builder - coming soon! So many ways to run your shellcodes. This release becomes my hello world to the OST family 👋
Outflank@OutflankNL
New release: kicking off Red Macros Factory integration into OST by @OutflankNL researcher @mariuszbit! ⚙️ Builder tool now ships with better script payload gen, obfuscation, guardrails, LNK tradecraft, and new conversion paths. More formats and payload shenanigans coming soon!
English
Created a small .NET tool for ROR13 hashing that you can install to add a global command to cmd/pwsh. It's a lifesaver if you just need some quick hashes.
English
FWIW, @metasploit made an update to how ror13 hashes are calculated for the first time in (I think?) over a decade to address some limitations in the block API we were running into.
Rasta Mouse@_RastaMouse
Created a small .NET tool for ROR13 hashing that you can install to add a global command to cmd/pwsh. It's a lifesaver if you just need some quick hashes.
English
Rasta Mouse retweetledi
A while back @harmj0y released Koh, which keeps logon sessions alive after a user logs off - letting an attacker reuse their credentials after the session ended.
Poking around today - I found event 6182 in the LSASRV ETW provider, which fires when this is detected.
This is a timer-based event, not real-time, with the default timer being set to 30 seconds after logoff
English
@0xTriboulet @kaylahaas smh, everyone knows we're on the back of a giant space turtle.
English
Rasta Mouse retweetledi
Upcoming maintenance update: Change in our backend infrastructure that affects automated downloads of the Cobalt Strike Distribution Package. Get more info: cobaltstrike.com/blog/cobalt-st…
English
Rasta Mouse retweetledi
Finally had time to add EtwInspector to the PSGallery! Check it out.
PSGallery: powershellgallery.com/packages/EtwIn…
GitHub: github.com/jonny-jhnson/E…
English
@jarmarz @_RastaMouse Labour is the name of a threat actor group based in the UK
English
Rasta Mouse retweetledi
Modern C2 implants use sleep masking & metamorphic code to stay hidden. We’re revealing how to unmask them using low-level runtime telemetry (ETW & CPU profiling) live in production including a POC with a lightweight sensor.
My team will be presenting our research at x33fcon:
x33fcon.com/#!s/SebastianF…
English
Rasta Mouse retweetledi
If you came to SOCON, you may have seen the fireside chat on Ouroboros (if you weren't too busy counting my "urm"s 😝). The blog post is now live, detailing how we can use Dev-Tunnels for lateral movement, and allow pivoting from GitHub/Entra ID access. specterops.io/blog/2026/05/0…
English
@_RastaMouse I won't post the link in public, but there is also another place that leaks RTO.
English
It's very nice of Tamarisk to endorse your materials when leaking them.
English
