Rasta Mouse Cheesy Rumbles
Blog / September 6, 2021 / Rasta Mouse
I’m sure the subject of combining D/Invoke with GadgetToJScript has been written about multiple times; but I wanted to throw my hat into the ring with this post. For those who don’t already know, D/Invoke provides (among other things) a means for dynamically invoking unmanaged APIs without using P/Invoke. GadgetToJScript is a spiritual successor to
Blog / July 5, 2021 / Rasta Mouse
In Part 1, we reviewed the very simple VirtualAllocEx/WriteProcessMemory/CreateRemoteThread injection pattern. The two major OPSEC concern(s) that it had was both an RX memory region and an executing thread that were not backed by a module on disk. In this part, we’ll fix the “thread” issue by replacing the use of CreateRemoteThread with QueueUserAPC. The
Blog / June 6, 2021 / Rasta Mouse
This is the first in a short series of posts designed to explore common (remote) process injection techniques and their OPSEC considerations. Each part will introduce a different technique that will address one or more “weaknesses” previously identified. This post will analyse the most classical method of injection – the VirtualAllocEx/WriteProcessMemory/CreateRemoteThread pattern; and assumes the