This repository contains source codes of various techniques used by real-world malware authors, red teamers, threat actors, state-sponsored hacking groups etc. These techniques are well-researched and implemented in Rust.
Repository managed by @5mukx
Note: These are my own research and implementations, derived from the original authors' work. If you discover any errors in these codes, please contact or contribute to this repository.
- Encryption Methods: Methods to Encrypt and Execute Payloads.
- Process Injection: Process Injection Techniques using Rust.
- Malware Samples: Written malwares based on Real world activities.
- Early Cascade Injection: Early Cascade Injection POC written in Rust.
- Process Ghosting: Process Ghosting Technique Written in Rust.
- Metadata Modification: Extract and Embed custom metadata to our Binary File.
- Enumeration: Enumeration Modules to save your time.
- Keyloggers: Custom Implementation of Keyloggers written in Rust.
- Keylogger Dropper: Downloads keylogger and sender on victim PC and exectutes in background.
- DLL Injection: DLL injection in Rust.
- Code Snippet: Helps to perform certain malware operations.
- NTAPI Implementation: Code snippet of using ntapi.
- Extract Wifi Passwords: Extract Windows Stored Wifi Passwords.
- Reverse Shell Rust: Rust Client Server Reverse Shell.
- RegShell: Store and Execute shellcode in Registry.
- Thread Hijacking: Thread Hijacking code Snippet.
- Shellcode Obfuscation: Obfuscate and deobfuscate shellcode using Ipv4, Ipv6, MAC, UUiD formats.
- Self Delete: Techniques to Self Delete an running binary file.
- Position Independent Series: Position independent series in Rust.
- Shellcode Execution methods: Shellcode execution methods using WinApi's.
- API Hammering: API Hammering techniques.
- Sleep Obfuscation: Sleep Obfuscation implementation in Rust.
- Syscalls: Syscall Implementation using system call STUB [Direct/Indirect] methods.
- BSOD: Causes BSOD when Executing.
- Persistence: Persistence Code Snippet.
- Rand_Fill: A Small Parallel Program that Deletes All Files on Disk and Fills with Random Bytes, Making the Recovery Process Impossible.
- UAC Bypass CMSTP: Bypass UAC by elevating CMSTP.exe
- Process Injection 2: Process Injection Code Snippet 2.
- Malware DSA: Implementing malwares using DSA (Data Structures and Algorithms) Concept.
- EDR Checker: check for the presence of EDR's tools, AV softwares, and other security-related applications on a Windows system.
- Encryfer-X: Ransomware written by combining all Possible POC techniques.
Manifest dependencies for winapi to test and execute
Copy the dependencics in Cargo.toml file
[dependencies]
winapi = { version = "0.3.9", features = ["winuser","setupapi","dbghelp","wlanapi","winnls","wincon","fileapi","sysinfoapi", "fibersapi","debugapi","winerror", "wininet" , "winhttp" ,"synchapi","securitybaseapi","wincrypt","psapi", "tlhelp32", "heapapi","shellapi", "memoryapi", "processthreadsapi", "errhandlingapi", "winbase", "handleapi", "synchapi"] }
ntapi = "0.4.1"
Tips for Rust Beginners: Copy and save the dependencies in Cargo.toml File. Versions may be different. Just copy the features when testing.