-
Notifications
You must be signed in to change notification settings - Fork 113
Home
Welcome to the Rust for Malware Development wiki! This repository provides a comprehensive collection of resources, code snippets, and implementations for malware development techniques using the Rust programming language 🦀, specifically targeting the Windows operating system. Managed by @5mukx, this project is designed for researchers, red teamers, and developers exploring low-level Windows internals and malware techniques.
This repository serves as a knowledge base and coding resource for implementing various malware techniques in Rust. It covers well-researched methods used by malware authors, threat actors, and state-sponsored groups, all implemented with Rust's safety and performance benefits. The code is tailored for Windows, leveraging libraries like the windows crate for low-level system interactions.
The repository includes:
- Source code for malware techniques such as process injection, thread hijacking, and shellcode execution.
- Encryption methods for obfuscating and protecting payloads.
- Tools for enumeration, persistence, and system manipulation.
- Proof-of-concept (PoC) implementations for educational and research purposes.
Note: This repository is for educational and research purposes only. Misuse of the provided code for malicious activities is strictly prohibited.
The repository includes a wide range of malware techniques implemented in Rust. Below is a summary of key techniques:
| Technique | Description |
|---|---|
| Process Injection | Inject code into running processes using various methods. |
| Process Ghosting | Create processes that evade detection. |
| Process Herpaderping | Manipulate process creation to bypass security controls. |
| Parent Process Spoofing | Spawn processes with falsified parent process IDs. |
| Thread Hijacking | Overwrite thread return addresses for code execution. |
| NtCreateUserProcess | Launch processes using the NtCreateUserProcess API. |
| API Hooking | Intercept and modify Windows API calls using trampoline methods. |
| Shellcode Execution | Execute shellcode via Windows APIs. |
| Keyloggers | Implement custom keyloggers for capturing keystrokes. |
| Reverse Shell | Create client-server reverse shells for remote access. |
| Persistence | Establish persistence mechanisms on Windows systems. |
| UAC Bypass CMSTP | Elevate privileges by exploiting CMSTP.exe. |
| EDR Checker | Detect Endpoint Detection and Response (EDR) tools and AV software. |
| Encryfer-X | PoC ransomware combining multiple techniques. |
For a complete list, refer to the README.
The repository provides various encryption methods to secure and obfuscate payloads, including:
| Technique | Description |
|---|---|
| AES Encryption | Encrypt and decrypt shellcode using AES. |
| RC4 Encryption | Use RC4 for lightweight encryption. |
| XOR Encryption | Simple yet effective shellcode encryption. |
| Camellia Cipher | Implement the Camellia cipher for secure encryption. |
| ECC Encryption | Use Elliptic Curve Cryptography for payload protection. |
| SystemFunction032/033 | Leverage undocumented Windows APIs for encryption. |
These methods are designed to protect payloads and evade detection. See the README for details.
To use this repository, follow these steps:
-
Clone the Repository:
git clone https://github.com/Whitecat18/Rust-for-Malware-Development.git cd Rust-for-Malware-Development -
Install Rust: Ensure you have the Rust toolchain installed. Follow the instructions at rust-lang.org.
-
Build and Run: Navigate to a specific technique's folder and build the project:
cargo build --release cargo run
-
Explore the Code: Each folder contains a specific technique with its own
README.mdexplaining the implementation and usage.
System Requirements:
- Operating System: Windows (tested on Windows 10/11)
- Rust: Latest stable version
- Cargo: Included with Rust
We welcome contributions to enhance the repository! To contribute:
- Fork the repository.
- Create a new branch:
git checkout -b <branch_name>. - Make your changes and commit:
git commit -m '<commit_message>'. - Push to your branch:
git push origin <branch_name>. - Submit a pull request.
For detailed guidelines, see the Contributing section in the README.
This repository is licensed under the MIT License. See the LICENSE file for details.
For questions, suggestions, or issues, contact the maintainer:
- GitHub: @5mukx
- Issues: GitHub Issues
Thank you for exploring Rust for Malware Development! Stay curious and code responsibly.