This repository contains source codes of various techniques used by malware authors, red teamers, threat actors, state-sponsored hacking groups etc. These techniques are well-researched and implemented in Rust.
Managed by @5mukx
| Technique | Description |
|---|---|
| Process Injection | Process injection techniques |
| Process Injection 2 | Additional process injection snippets. |
| Process Ghosting | Process ghosting technique |
| Process Hypnosis | Process hypnosis techniques |
| Process Herpaderping | Process herpaderping |
| Waiting Thread Hijacking | injection by overwriting the return address of a waiting thread |
| NtCreateUserProcess | Launch processes using NtCreateUserProcess API. |
| Named Pipes | Interprocess communication using named pipes on Windows. |
| Api Hooking | API Hooking Using Trampoline. |
| PE Analyzer | Extract PE information via CLI. |
| BlockHandle | Block handles using SDDL PoC. |
| Dynamic Export Table PEB | Call Windows functions by searching memory. |
| API Hammering | API hammering techniques. |
| Early Cascade Injection | Early-cascade injection PoC in Rust. |
| Encryption Methods | Methods to encrypt and execute payloads. |
| Enumeration | Enumeration modules for efficiency. |
| Malware Samples | Malware based on real-world activities. |
| Metadata Modification | Extract and embed custom metadata in binaries. |
| Keyloggers | Custom keylogger implementations in Rust. |
| DLL Injection | DLL injection in Rust. |
| DLL Injector | Versatile DLL injector in Rust. |
| Code Snippets | Snippets for malware operations. |
| NTAPI Implementation | NTAPI usage snippets. |
| Extract WiFi Passwords | Extract stored WiFi passwords on Windows. |
| Reverse Shell | Client-server reverse shell in Rust. |
| Thread Hijacking | Thread hijacking snippets. |
| Self Deletion | Techniques for self-deleting binaries. |
| Position Independent Series | Position-independent code in Rust. |
| Shellcode Execution | Shellcode execution using WinAPIs. |
| Sleep Obfuscation | Sleep obfuscation implementation. |
| Direct Syscalls | Direct syscall implementation using STUB methods. |
| Indirect Syscalls | Indirect syscall implementation using STUB methods. |
| BSOD | Triggers a Blue Screen of Death. |
| Persistence | Persistence techniques. |
| UAC Bypass CMSTP | UAC bypass by elevating CMSTP.exe. |
| Malware DSA | Malware using data structures and algorithms. |
| Shellcode Obfuscation | Obfuscate shellcode using IPv4, IPv6, MAC, UUID formats. |
| EDR Checker | Detect EDR tools, AV software, and security applications. |
| Timer | Time-based execution control mechanism. |
| Keylogger Dropper | Downloads and executes keylogger in the background. |
| Rand_Fill | Deletes files and fills disk with random bytes. |
| Encryfer-X | Ransomware combining multiple PoC techniques. |
| GitHub Stealers | Steal credentials using GitHub API. |
| Technique | Description |
|---|---|
| AES Encryption | Encrypt/decrypt shellcodes using AES. |
| RC4 Encryption | Encrypt/decrypt shellcodes using RC4. |
| Khufu Encryption | Encrypt/decrypt using Khufu algorithm. |
| Camellia Cipher | Encryption using Camellia cipher. |
| NullxFigure | Parse null bytes into shellcode. |
| A5/1 Cipher | Encrypt shellcode using modified A5/1 cipher. |
| XOR Encryption | Shellcode encryption using XOR. |
| Lucifer Algorithm | Encrypt/decrypt shellcodes using Lucifer algorithm. |
| DFC Algorithm | Encrypt/execute payloads using DFC algorithm. |
| Payload Shuffling | Payload shuffling techniques. |
| ECC Encryption | Encrypt/decrypt shellcodes using ECC. |
| SystemFunction032/033 | Encrypt/decrypt shellcode using undocumented WinAPI. |
- New to Rust? Follow the compilation guide.
- Compile Source Code: See README.
- Clean PoCs Recursively: Use commands.
- Cross-Compilation with Docker: Refer to README.
- Malware Development Essentials Part 1
- Rust for Cybersecurity and Red Teaming
- DLL Injection Using Rust
Download the repository: Link
For futher Projects and Fixes. Contact me through email: smukx@5mukx.site or via Twitter: @5mukx.