Joined August 2023
- Tweets 67
- Following 196
- Followers 682
- Likes 34
15 Photos and videos
Rtl Dallas retweeted
Jun 10
A Long-running BOF Component Contract
aff-wg.org/2026/06/10/a-long…
24
64
5,321
Recent supply chain attacks have demonstrated that the most valuable targets are developers 🧑💻
In this new blog post, I'll walk you through the full setup of a phishing attack 🎣 (ab)using GitHub OAuth App to gain control over an account! Trusted domains, free infrastructure, social engineering tricks, ...
🌐 blog.atsika.ninja/posts/the-…
P.S: I've updated the blog design ✨, hope you enjoy it
4
19
51
6,009
Mar 30
RT @LorenzoMeacci: New research: InsomniacUnwinding
"Call stack spoofing is mandatory for sleep masking"
No, it's not. Surgical UNWIND_IN…
41
🚨 ProxyBlob update just dropped 🚨
This cute little blob become even more versatile, as it can now be compiled into WASM 📦 It won't work in your browser, but it will certainly run in JavaScript runtimes such as Node.js, Bun, Deno, etc.
👉 github.com/quarkslab/proxybl…
1
1
9
625
🥳 ProxyBlob V2 is now available 🎉
As promised, here is the new version of ProxyBlob, boosted with aznet. Az-what 🤔?
This version introduces a new Go module called aznet that allows you to use Azure storage services (not just blobs 😏) as a direct replacement for net.Conn!
🏎️github.com/Atsika/aznet
🌐github.com/quarkslab/proxybl…
Complete documentation is available in the aznet repo to understand how it works 📚
1
29
68
6,023
Feb 12
Huginn Project:
Project to generate COFF-format shellcode with API for :
- Indirect syscall API
- Stack Spoofing
- Proxied LoadLibraryA calls
Great for UDRLs, stage0 and OPSEC-conscious shellcode.
github.com/NtDallas/Huginn
46
150
7,416
Even if stealth wasn't the objective, I still wanted to test the next release during my engagement. I must say that I'm very happy with the costs incurred 💸 This is the result of a large number of actions, which led to a massive DCSync with ~ 20k hashes 🎯
Productive week-end, I think this is going in the right direction 😉 almost there, need to be polished a little more, I like it when it shines ✨
2
2
5
1,313
Rtl Dallas retweeted
Jan 23
Playing in the (Tradecraft) Garden of Beacon and finding Eden. Learn how to utilize Crystal Palace, an open source project from Cobalt Strike creator Raphael Mudge, to rapidly combine different capabilities to create novel loaders/PIC tradecraft.
cobaltstrike.com/blog/playin…
2
18
57
8,924
Jan 17
Hi, I just pushed an update on OdinLdr.
I have added an EAF Bypass to resolve function addresses, NtApi calls are now made with indirect syscall and synthetic stackframe.
Majority of code is rewritted to be more clean
github.com/NtDallas/OdinLdr
1
17
81
5,773
Rtl Dallas retweeted
Jan 16
WSL2 is a powerful attacker hideout because it runs as a separate Hyper-V VM, and defenders rarely monitor it.
Daniel Mayer explains how attackers pivot into WSL2 and what it took to build tooling that works across WSL2 versions.
Read more ⤵️ ghst.ly/45fPUma
9
172
725
104,071
wrote a quick script to help with generating draugr function hook definitions for usage in crystal palace loaders
github.com/ziggoon/draugrgen
cc @_RastaMouse
1
5
20
1,971
20 Dec 2025
Santa's dropping a new BOF down the chimney!
My Christmas gift to RedTeam operators: BOF_ExecuteAssembly
github.com/NtDallas/BOF_Exec…
4
61
240
18,150
Rtl Dallas retweeted
15 Dec 2025
[RELEASE] As promised, I’m releasing the first blog post in a series. It covers the gaps still present in current stack-based telemetry and how Moonwalking can be extended to evade detection logic and reach “on-exec” memory encryption.
Enjoy ;)
klezvirus.github.io/posts/Mo…
8
113
341
28,732
Rtl Dallas retweeted
9 Dec 2025
Can't use you favorite impacket tools in FAST armored domains ? Fear no more ! BreakFAST is a small utility to demonstrate how Kerberos FAST armoring can be bypassed without local access to LSASS! Check out the repo:
github.com/monsieurPale/Brea…
4
49
168
13,292
Rtl Dallas retweeted
27 Nov 2025
Small tool to create undetectable backdoored RSA keys, ideal for supply chain compromise scenarios: github.com/monsieurPale/RSA-…
6
70
281
37,848
24 Nov 2025
Btw, I'm just kidding this CobaltStrike update is really cool :)
12
1,564
22 Nov 2025
New BOF to run native PE in the Cobalt Strike beacon without console allocation or pipe creation. Like BOF_Spawn, this BOF is malleable with proxy/spoof for LoadLibraryA, allocation methods (Heap, VirtualAlloc, Module Stomping) and some other tweaks :)
github.com/NtDallas/BOF_RunP…
5
50
172
9,510
16 Nov 2025
Damnnn 13gb of memory for cobalt strike(with 1 beacon running in windbg)🤣
452
1 Nov 2025
Released my Cobalt Strike BOF for fork & run injection! Features Draugr stack spoofing, PPID spoofing, multiple execution methods, and indirect syscalls for enhanced OpSec.
github.com/NtDallas/BOF_Spaw…
6
76
274
18,637