Rust-for-Malware-Development

Rust for Malware Development

Rust for Malware Development

This repository contains source codes of various techniques used by malware authors, red teamers, threat actors, state-sponsored hacking groups etc. These techniques are well-researched and implemented in Rust.

Managed by @5mukx

---

Table of Contents

• Walkthrough
• Malware Techniques
• Encryption Techniques
• Related Blogs
• Download Repository
• Contribution
• Credits/References

Malware Techniques

Technique	Description
Process Injection	Process injection techniques
Process Injection 2	Additional process injection snippets.
Process Ghosting	Process ghosting technique
Process Hypnosis	Process hypnosis techniques
Process Herpaderping	Process herpaderping
Parent Process Spoofing	create a process that appeas as it was spawn a parent process
Waiting Thread Hijacking	injection by overwriting the return address of a waiting thread
NtCreateUserProcess	Launch processes using NtCreateUserProcess API.
Dirty Vanity	Bypass EDR’s by executing Shellcode by forking the process
Custom Shellcode	Custom Shellcode for Testing.
Tartarus Gate	Bypass EDRs by unhooking functions
Named Pipes	Interprocess communication using named pipes on Windows.
MMAPOPTIONS	Create an anonymous memory map using map_anon()
Api Hooking	API Hooking Using Trampoline.
PE Analyzer	Extract PE information via CLI.
PEB Offset Finder	Find PEB Offsets for sstealth operations
BlockHandle	Block handles using SDDL PoC.
Dynamic Export Table PEB	Call Windows functions by searching memory.
API Hammering	API hammering techniques.
Early Cascade Injection	Early-cascade injection PoC in Rust.
Encryption Methods	Methods to encrypt and execute payloads.
Enumeration	Enumeration modules for efficiency.
Malware Samples	Malware based on real-world activities.
Metadata Modification	Extract and embed custom metadata in binaries.
Keyloggers	Custom keylogger implementations in Rust.
DLL Injection	DLL injection in Rust.
DLL Injector	Versatile DLL injector in Rust.
Code Snippets	Snippets for malware operations.
NTAPI Implementation	NTAPI usage snippets.
Extract WiFi Passwords	Extract stored WiFi passwords on Windows.
Reverse Shell	Client-server reverse shell in Rust.
Thread Hijacking	Thread hijacking snippets.
Self Deletion	Techniques for self-deleting binaries.
Position Independent Series	Position-independent code in Rust.
Shellcode Execution	Shellcode execution using WinAPIs.
Sleep Obfuscation	Sleep obfuscation implementation.
Direct Syscalls	Direct syscall implementation using STUB methods.
Indirect Syscalls	Indirect syscall implementation using STUB methods.
Parallel Syscalls	Parallel Syscall implementation.
BSOD	Triggers a Blue Screen of Death.
Persistence	Persistence techniques.
UAC Bypass CMSTP	UAC bypass by elevating CMSTP.exe.
Malware DSA	Malware using data structures and algorithms.
Shellcode Obfuscation	Obfuscate shellcode using IPv4, IPv6, MAC, UUID formats.
EDR Checker	Detect EDR tools, AV software, and security applications.
Timer	Time-based execution control mechanism.
Keylogger Dropper	Downloads and executes keylogger in the background.
Rand_Fill	Deletes files and fills disk with random bytes.
Encryfer-X	Ransomware combining multiple PoC techniques.
GitHub Stealers	Steal credentials using GitHub API.
AMSI Byapss	Using hardware breakpoints to intercept and manipulate the AmsiScanBuffer function.

Encryption Techniques

Technique	Description
AES Encryption	Encrypt/decrypt shellcodes using AES.
RC4 Encryption	Encrypt/decrypt shellcodes using RC4.
Khufu Encryption	Encrypt/decrypt using Khufu algorithm.
Camellia Cipher	Encryption using Camellia cipher.
NullxFigure	Parse null bytes into shellcode.
A5/1 Cipher	Encrypt shellcode using modified A5/1 cipher.
XOR Encryption	Shellcode encryption using XOR.
Lucifer Algorithm	Encrypt/decrypt shellcodes using Lucifer algorithm.
DFC Algorithm	Encrypt/execute payloads using DFC algorithm.
Payload Shuffling	Payload shuffling techniques.
ECC Encryption	Encrypt/decrypt shellcodes using ECC.
SystemFunction032/033	Encrypt/decrypt shellcode using undocumented WinAPI.

Walkthrough

• New to Rust? Follow the compilation guide.
• Compile Source Code: See README.
• Clean PoCs Recursively: Use commands.
• Cross-Compilation with Docker: Refer to README.

Related Blogs

• Malware Development Essentials Part 1
• Rust for Cybersecurity and Red Teaming
• DLL Injection Using Rust

Download as .Zip File

Download the repository: Link

Contributing to Rust for Malware Development

We welcome contributions to the Rust for Malware Development repository. To contribute, please follow these steps:

1. Fork the repository.
2. Create a new branch: git checkout -b <branch_name>.
3. Make your changes and commit them: git commit -m '<commit_message>'.
4. Push your changes to your branch: git push origin <branch_name>.
5. Submit a pull request.

If you have any questions about contributing, refer to the GitHub documentation.

Credits / References

I would like to express my sincere gratitude to the creators of remarkable projects and fascinating techniques, who provided me with the tools and inspiration needed to create this extraordinary repository.

• MemN0ps
• hasherezade
• vxunderground
• NUL0x4C
• mrd0x
• Cracked5pider
• trickster0
• João Victor
• Maldev-Academy

Each PoC includes a Credits/Resource section to acknowledge and respect the original creators and their contributions to the community.

Other Essential Resources:

• https://ired.team
• https://github.com/microsoft/windows-rs
• https://github.com/retep998/winapi-rs
• https://github.com/MSxDOS/ntapi
• https://github.com/janoglezcampos/rust_syscalls
• https://github.com/rust-osdev/uefi-rs
• https://discord.gg/rust-lang-community
• https://github.com/anvie/litcrypt.rs
• https://balwurk.com/shellcode-evasion-using-webassembly-and-rust

License

This project is licensed under the MIT License

This site is open source. Improve this page.