Skip to content

Whitecat18/Rust-for-Malware-Development

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

318 Commits
AMSI BYPASS
AMSI BYPASS
 
 
Api_Hooking
Api_Hooking
 
 
BSOD
BSOD
 
 
Basics
Basics
 
 
BlockHandle
BlockHandle
 
 
Custom_Shellcode
Custom_Shellcode
 
 
DLL_Injector
DLL_Injector
 
 
Dirty_Vanity
Dirty_Vanity
 
 
Dynamic_Resolver
Dynamic_Resolver
 
 
EDRChecker
EDRChecker
 
 
Early Cascade Injection
Early Cascade Injection
 
 
Encryption Methods
Encryption Methods
 
 
Enumeration
Enumeration
 
 
Evasion/CPU_FAN_DETECTION
Evasion/CPU_FAN_DETECTION
 
 
Exec_Extern
Exec_Extern
 
 
Extract_Shellcode
Extract_Shellcode
 
 
GhostingProcess
GhostingProcess
 
 
Keyloggers
Keyloggers
 
 
Malware-Samples
Malware-Samples
 
 
Malware_Tips
Malware_Tips
 
 
ManualRsrcDataFetching
ManualRsrcDataFetching
 
 
MessageBoxes
MessageBoxes
 
 
Named_Pipe
Named_Pipe
 
 
NtApi
NtApi
 
 
NtCreateUserProcess
NtCreateUserProcess
 
 
NtSockets
NtSockets
 
 
PEB_Offset_finder
PEB_Offset_finder
 
 
Persistence
Persistence
 
 
Process-Injection
Process-Injection
 
 
Process
Process
 
 
Proxy-DLL-Loads
Proxy-DLL-Loads
 
 
Reverse Shell
Reverse Shell
 
 
Self-Deletion-Techniques
Self-Deletion-Techniques
 
 
Sleep_Obfuscations/Ekko
Sleep_Obfuscations/Ekko
 
 
Structs
Structs
 
 
Test_phase
Test_phase
 
 
Threads
Threads
 
 
UUID_Shellcode_Execution
UUID_Shellcode_Execution
 
 
WaitingThreadHijacking
WaitingThreadHijacking
 
 
Windows_Threads
Windows_Threads
 
 
analysis
analysis
 
 
base_addr_locator
base_addr_locator
 
 
dll_injection
dll_injection
 
 
drivers
drivers
 
 
images
images
 
 
keylog_dropper
keylog_dropper
 
 
link_obfuscator
link_obfuscator
 
 
lsass_dump
lsass_dump
 
 
position independent
position independent
 
 
process_hollowing
process_hollowing
 
 
shellcode_exec
shellcode_exec
 
 
stealer/GitHub_API
stealer/GitHub_API
 
 
syscalls
syscalls
 
 
timer
timer
 
 
uac-bypass-cmstp
uac-bypass-cmstp
 
 
CLEAN.md
CLEAN.md
 
 
CNAME
CNAME
 
 
DEPENPENCIES.md
DEPENPENCIES.md
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
api_hooking.rs
api_hooking.rs
 
 
deps.md
deps.md
 
 
docker.md
docker.md
 
 
evade_vm.rs
evade_vm.rs
 
 
maldev_rust.png
maldev_rust.png
 
 

Repository files navigation

Rust for Malware Development

Rust for Malware Development Logo

Rust for Malware Development

This repository contains source codes of various techniques used by malware authors, red teamers, threat actors, state-sponsored hacking groups etc. These techniques are well-researched and implemented in Rust.

Managed by @5mukx

Language: Rust OS: Windows Maintained: Yes

Table of Contents

Malware Techniques

Technique Description
Process Injection Process injection techniques
Process Injection 2 Additional process injection snippets.
Process Ghosting Process ghosting technique
Process Hypnosis Process hypnosis techniques
Process Herpaderping Process herpaderping
Parent Process Spoofing create a process that appeas as it was spawn a parent process
Waiting Thread Hijacking injection by overwriting the return address of a waiting thread
NtCreateUserProcess Launch processes using NtCreateUserProcess API.
Dirty Vanity Bypass EDR's by executing Shellcode by forking the process
Custom Shellcode Custom Shellcode for Testing.
Tartarus Gate Bypass EDRs by unhooking functions
Recycle Gate Combination of Hells, Halos, Tartarus Gate
Named Pipes Interprocess communication using named pipes on Windows.
MMAPOPTIONS Create an anonymous memory map using map_anon()
Api Hooking API Hooking Using Trampoline.
PE Analyzer Extract PE information via CLI.
PEB Offset Finder Find PEB Offsets for sstealth operations
BlockHandle Block handles using SDDL PoC.
Dynamic Export Table PEB Call Windows functions by searching memory.
API Hammering API hammering techniques.
Early Cascade Injection Early-cascade injection PoC in Rust.
Encryption Methods Methods to encrypt and execute payloads.
Enumeration Enumeration modules for efficiency.
Malware Samples Malware based on real-world activities.
Metadata Modification Extract and embed custom metadata in binaries.
Keyloggers Custom keylogger implementations in Rust.
DLL Injection DLL injection in Rust.
DLL Injector Versatile DLL injector in Rust.
Code Snippets Snippets for malware operations.
NTAPI Implementation NTAPI usage snippets.
Extract WiFi Passwords Extract stored WiFi passwords on Windows.
Reverse Shell Client-server reverse shell in Rust.
Thread Hijacking Thread hijacking snippets.
Self Deletion Techniques for self-deleting binaries.
Position Independent Series Position-independent code in Rust.
Shellcode Execution Shellcode execution using WinAPIs.
Sleep Obfuscation Sleep obfuscation implementation.
Direct Syscalls Direct syscall implementation using STUB methods.
Indirect Syscalls Indirect syscall implementation using STUB methods.
Parallel Syscalls Parallel Syscall implementation.
BSOD Triggers a Blue Screen of Death.
Persistence Persistence techniques.
UAC Bypass CMSTP UAC bypass by elevating CMSTP.exe.
Malware DSA Malware using data structures and algorithms.
Shellcode Obfuscation Obfuscate shellcode using IPv4, IPv6, MAC, UUID formats.
EDR Checker Detect EDR tools, AV software, and security applications.
Timer Time-based execution control mechanism.
Keylogger Dropper Downloads and executes keylogger in the background.
Rand_Fill Deletes files and fills disk with random bytes.
Encryfer-X Ransomware combining multiple PoC techniques.
GitHub Stealers Steal credentials using GitHub API.
AMSI Byapss Techniques AMSI Bypass Techniques.
ManulaRsrcDataFetching function to replace FindResource & LoadResource & LockResource & SizeofResource windows apis.
Anti-VM CPU Fan Detection Find if the system has CPU FAN. Works only on PC.

Encryption Techniques

Technique Description
AES Encryption Encrypt/decrypt shellcodes using AES.
RC4 Encryption Encrypt/decrypt shellcodes using RC4.
XOR Encryption Encrypt/decrypt shellcodes using XOR.
Khufu Encryption Encrypt/decrypt using Khufu algorithm.
ECC Encryption Encrypt/decrypt shellcodes using ECC.
Camellia Cipher Encryption using Camellia cipher.
NullxFigure Parse null bytes into shellcode.
A5/1 Cipher Encrypt shellcode using modified A5/1 cipher.
Madryga Algorithm Encrypt/decrypt shellcodes using Madryga Algorithm.
Lucifer Algorithm Encrypt/decrypt shellcodes using Lucifer algorithm.
DFC Algorithm Encrypt/execute payloads using DFC algorithm.
Payload Shuffling Payload shuffling techniques.
SystemFunction032/033 Encrypt/decrypt shellcode using undocumented WinAPI.

Walkthrough

Related Blogs

Download as .Zip File

Download the repository: Link

Contributing to Rust for Malware Development

We welcome contributions to the Rust for Malware Development repository. To contribute, please follow these steps:

  1. Fork the repository.
  2. Create a new branch: git checkout -b <branch_name>.
  3. Make your changes and commit them: git commit -m '<commit_message>'.
  4. Push your changes to your branch: git push origin <branch_name>.
  5. Submit a pull request.

If you have any questions about contributing, refer to the GitHub documentation.

Credits / References

I would like to express my sincere gratitude to the creators of remarkable projects and fascinating techniques, who provided me with the tools and inspiration needed to create this extraordinary repository.

Each PoC includes a Credits/Resource section to acknowledge and respect the original creators and their contributions to the community.

Other Essential Resources:

License

This project is licensed under the MIT License

About

Rust for malware Development is a repository for advanced Red Team techniques and offensive malwares & Ransomwares, focused on Rust 🦀

maldev.5mukx.site/

Topics

windows rust research proof-of-concept malware rustlang malware-research tips-and-tricks malware-development

Resources

Readme

License

MIT license
Activity

Stars

2.7k stars

Watchers

41 watching

Forks

134 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages