This repository contains source codes of various techniques used by real-world malware authors, red teamers, threat actors, state-sponsored hacking groups etc. These techniques are well-researched and implemented in Rust.
Repository managed by @5mukx
Note: These are my own research and implementations, derived from the original authors' work. If you discover any errors in these codes, please contact or contribute to this repository.
| Techniques | Description |
|---|---|
| Process Injection | Process Injection Techniques using Rust. |
| Process Injection 2 | Process Injection Code Snippet 2. |
| Process Ghosting | Process Ghosting Technique Written in Rust. |
| Process Hypnosis | Process Hypnosis Technique Written in Rust. |
| Process Herpaderping | Process Herpaderping Written in Rust. |
| BlockHandle | Block Handles using SDDL PoC. |
| API Hammering | API Hammering techniques. |
| Early Cascade Injection | Early-Cascade Injection POC written in Rust. |
| Encryption Methods | Methods to Encrypt and Execute Payloads. |
| Enumeration | Enumeration Modules to save your time. |
| Malware Samples | Written malwares based on Real world activities. |
| Metadata Modification | Extract and Embed custom metadata to our Binary File. |
| Keyloggers | Custom Implementation of Keyloggers written in Rust. |
| DLL Injection | DLL injection in Rust. |
| Code Snippet | Helps to perform certain malware operations. |
| NTAPI Implementation | Code snippet of using ntapi. |
| Extract Wifi Passwords | Extract Windows Stored Wifi Passwords. |
| Reverse Shell Rust | Rust Client Server Reverse Shell. |
| RegShell | Store and Execute shellcode in Registry. |
| Thread Hijacking | Thread Hijacking code Snippet. |
| Self Delete | Techniques to Self Delete an running binary file. |
| Position Independent Series | Position independent series in Rust. |
| Shellcode Execution methods | Shellcode execution methods using WinApi's. |
| Sleep Obfuscation | Sleep Obfuscation implementation in Rust. |
| Syscalls | Syscall Implementation using system call STUB [Direct/Indirect] methods. |
| BSOD | Causes BSOD when Executing. |
| Persistence | Persistence Code Snippet. |
| UAC Bypass CMSTP | Bypass UAC by elevating CMSTP.exe |
| Malware DSA | Implementing malwares using DSA (Data Structures and Algorithms) Concept. |
| Shellcode Obfuscation | Obfuscate and deobfuscate shellcode using Ipv4, Ipv6, MAC, UUiD formats. |
| EDR Checker | Check for the presence of EDR's tools, AV softwares, and other security-related applications on a Windows system. |
| Keylogger Dropper | Downloads keylogger and sender on victim PC and executes in background. |
| Rand_Fill | A Small Parallel Program that Deletes All Files on Disk and Fills with Random Bytes, Making the Recovery Process Impossible. |
| Encryfer-X | Ransomware written by combining all Possible POC techniques. |
Manifest dependencies for winapi to test and execute
Copy the dependencics in Cargo.toml file
[dependencies]
winapi = { version = "0.3.9", features = ["winuser","setupapi","dbghelp","wlanapi","winnls","wincon","fileapi","sysinfoapi", "fibersapi","debugapi","winerror", "wininet" , "winhttp" ,"synchapi","securitybaseapi","wincrypt","psapi", "tlhelp32", "heapapi","shellapi", "memoryapi", "processthreadsapi", "errhandlingapi", "winbase", "handleapi", "synchapi"] }
ntapi = "0.4.1"
Tips for Rust Beginners: Copy and save the dependencies in Cargo.toml File. Versions may be different. Just copy the features when testing.
- New to Rust ? : Please Follow the steps here Compile
- How to Compile this Repository Source Codes README
- Cross Compilation Using Docker READMe.