-
Notifications
You must be signed in to change notification settings - Fork 99
Home
Smukx ♠ edited this page Jun 13, 2025
·
3 revisions
Welcome to the Rust for Malware Development wiki! This repository provides a comprehensive collection of resources, code snippets, and implementations for malware development techniques using the Rust programming language 🦀, specifically targeting the Windows operating system. Managed by @5mukx, this project is designed for researchers, red teamers, and developers exploring low-level Windows internals and malware techniques.
- Walkthrough
- Malware Techniques
- Encryption Techniques
- Related Blogs
- Download Repository
- Contribution
- Credits/References
| Technique | Description |
|---|---|
| Process Injection | Process injection techniques |
| Process Injection 2 | Additional process injection snippets. |
| Process Ghosting | Process ghosting technique |
| Process Hypnosis | Process hypnosis techniques |
| Process Herpaderping | Process herpaderping |
| Parent Process Spoofing | create a process that appeas as it was spawn a parent process |
| Waiting Thread Hijacking | injection by overwriting the return address of a waiting thread |
| NtCreateUserProcess | Launch processes using NtCreateUserProcess API. |
| Custom Shellcode | Custom Shellcode for Testing. |
| Tartarus Gate | Bypass EDRs by unhooking functions |
| Named Pipes | Interprocess communication using named pipes on Windows. |
| MMAPOPTIONS | Create an anonymous memory map using map_anon() |
| Api Hooking | API Hooking Using Trampoline. |
| PE Analyzer | Extract PE information via CLI. |
| PEB Offset Finder | Find PEB Offsets for sstealth operations |
| BlockHandle | Block handles using SDDL PoC. |
| Dynamic Export Table PEB | Call Windows functions by searching memory. |
| API Hammering | API hammering techniques. |
| Early Cascade Injection | Early-cascade injection PoC in Rust. |
| Encryption Methods | Methods to encrypt and execute payloads. |
| Enumeration | Enumeration modules for efficiency. |
| Malware Samples | Malware based on real-world activities. |
| Metadata Modification | Extract and embed custom metadata in binaries. |
| Keyloggers | Custom keylogger implementations in Rust. |
| DLL Injection | DLL injection in Rust. |
| DLL Injector | Versatile DLL injector in Rust. |
| Code Snippets | Snippets for malware operations. |
| NTAPI Implementation | NTAPI usage snippets. |
| Extract WiFi Passwords | Extract stored WiFi passwords on Windows. |
| Reverse Shell | Client-server reverse shell in Rust. |
| Thread Hijacking | Thread hijacking snippets. |
| Self Deletion | Techniques for self-deleting binaries. |
| Position Independent Series | Position-independent code in Rust. |
| Shellcode Execution | Shellcode execution using WinAPIs. |
| Sleep Obfuscation | Sleep obfuscation implementation. |
| Direct Syscalls | Direct syscall implementation using STUB methods. |
| Indirect Syscalls | Indirect syscall implementation using STUB methods. |
| Parallel Syscalls | Parallel Syscall implementation. |
| BSOD | Triggers a Blue Screen of Death. |
| Persistence | Persistence techniques. |
| UAC Bypass CMSTP | UAC bypass by elevating CMSTP.exe. |
| Malware DSA | Malware using data structures and algorithms. |
| Shellcode Obfuscation | Obfuscate shellcode using IPv4, IPv6, MAC, UUID formats. |
| EDR Checker | Detect EDR tools, AV software, and security applications. |
| Timer | Time-based execution control mechanism. |
| Keylogger Dropper | Downloads and executes keylogger in the background. |
| Rand_Fill | Deletes files and fills disk with random bytes. |
| Encryfer-X | Ransomware combining multiple PoC techniques. |
| GitHub Stealers | Steal credentials using GitHub API. |
| AMSI Byapss | Using hardware breakpoints to intercept and manipulate the AmsiScanBuffer function. |
| Technique | Description |
|---|---|
| AES Encryption | Encrypt/decrypt shellcodes using AES. |
| RC4 Encryption | Encrypt/decrypt shellcodes using RC4. |
| Khufu Encryption | Encrypt/decrypt using Khufu algorithm. |
| Camellia Cipher | Encryption using Camellia cipher. |
| NullxFigure | Parse null bytes into shellcode. |
| A5/1 Cipher | Encrypt shellcode using modified A5/1 cipher. |
| XOR Encryption | Shellcode encryption using XOR. |
| Lucifer Algorithm | Encrypt/decrypt shellcodes using Lucifer algorithm. |
| DFC Algorithm | Encrypt/execute payloads using DFC algorithm. |
| Payload Shuffling | Payload shuffling techniques. |
| ECC Encryption | Encrypt/decrypt shellcodes using ECC. |
| SystemFunction032/033 | Encrypt/decrypt shellcode using undocumented WinAPI. |
- New to Rust? Follow the compilation guide.
- Compile Source Code: See README.
- Clean PoCs Recursively: Use commands.
- Cross-Compilation with Docker: Refer to README.
- Malware Development Essentials Part 1
- Rust for Cybersecurity and Red Teaming
- DLL Injection Using Rust
Download the repository: Link
We welcome contributions to the Rust for Malware Development repository. To contribute, please follow these steps:
- Fork the repository.
- Create a new branch:
git checkout -b <branch_name>. - Make your changes and commit them:
git commit -m '<commit_message>'. - Push your changes to your branch:
git push origin <branch_name>. - Submit a pull request.
If you have any questions about contributing, refer to the GitHub documentation.
I would like to express my sincere gratitude to the creators of remarkable projects and fascinating techniques, who provided me with the tools and inspiration needed to create this extraordinary repository.
Each PoC includes a Credits/Resource section to acknowledge and respect the original creators and their contributions to the community.
- https://ired.team
- https://github.com/microsoft/windows-rs
- https://github.com/retep998/winapi-rs
- https://github.com/MSxDOS/ntapi
- https://github.com/janoglezcampos/rust_syscalls
- https://github.com/rust-osdev/uefi-rs
- https://discord.gg/rust-lang-community
- https://github.com/anvie/litcrypt.rs
- https://balwurk.com/shellcode-evasion-using-webassembly-and-rust
This project is licensed under the MIT License