Some Rust program I wrote while learning Malware Development
- Simpale Program to monitor clipborad for changes and log them or copy the file depenads on the situastion
- Impersonates user tokens, and creates processes with elevated system privileges
- Refernce:
- Simple exmaple of heap encryption
- Refernce:
- Rust code that attempts to detect userland API hooks in place by AV/EDR
- Using windows thread pool API to proxy the loading and unloading of a DLL through an I/O completion callback function utilizing named pipes
- Refernce:
- Spawn Process with NtCreateUserProcess and Block Dlls and PPID Spoofing
- Refernce:
- Amsi Bypass with HWBP So no hooks in memory
- Reference:
- Improved Version of the PatchlessAmsiBypass Patch ETW + AMSI on all threads
- Reference:
- Delete a currently running file from disk
- Reference:
- Leveraging NTAPI to grab NTDLL for unhooking without triggering "PspCreateProcessNotifyRoutine"
- Refernce:
- Shuffele & encrpyt the Stack and sleep with indirect syscalls to NtDelayExecution
- Refernce:
- Rust implementation of the Perun's Fart thechnique
- Using NtCreateUserProcess Both local and remote can be done with this program
- Refernce:
- USB monitoring for new devices and display info about the devices
- leverage the VEH (Vectored Exception Handler) to modify the context, especially RIP register to take us to the LoadLibraryA, and the RCX to hold the function's argument (module name) of LoadLibraryA.
- To trigger our exception, VirtualProtect is used to set the page to PAGE_GUARD, thus triggering the STATUS_GUARD_PAGE_VIOLATIO
- Refernce:
- Alternatives to the command whoami by leveraging uncommon winapi (this is not presnt on WhoIsWho and on WhoamiAlternatives)