Tradecraft Garden
Community Pavilion
This page is a collection of community blog posts and projects related to the Tradecraft Garden.
Projects
- Crystal Kit by Rasta Mouse experiment to replace Cobalt Strike's evasion primitives (Sleepmask/BeaconGate) with Crystal Palace PIC(O)s
(GPL) - Crystal-Loaders by Rasta Mouse A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike
(GPL) - execute-assembly PICO by Callum Murphy-Hale implements CLR hosting to execute a .NET assembly in memory.
(GPL) - Hardware Breakpoint PICO by Callum Murphy-Hale Demonstrates how to hook a function with a HWBP
(GPL)
Shared Libraries
- LibCPLest by Callum Murphy-Hale A shared library for Crystal Palace that allows you to unit test your PICOs.
(GPL) - LibTP by Rasta Mouse Crystal Palace library for proxying Nt API calls via the Threadpool
(MIT)
Blog Posts
- Harvesting the Tradecraft Garden - Part 1 by Rasta Mouse
- Harvesting the Tradecraft Garden - Part 2 by Rasta Mouse
- Modular PIC C2 Agents by Rasta Mouse
- Debugging the Tradecraft Garden by Rasta Mouse
- Modular PIC C2 Agents (reprise) by Rasta Mouse
- Crystal Palace API by Rasta Mouse
- Crystal Kit by Rasta Mouse
Other Related Works
- WMD 4 - PIC or it didn't happen by Dahvid Schloss (Just Hacking Training)