Trendshift - Ask AI

base on This repository contains complete resources and coding practices for malware development using Rust 🦀. # Rust for Malware Development <div align="center"> <img width="350px" src="https://user-images.githubusercontent.com/797/46922345-99723480-cfbc-11e8-8f2d-18eec8f18ad5.png" alt="Rust for Malware Development Logo" /> <h3><a href="https://github.com/Whitecat18/Rust-for-Malware-Development">Rust for Malware Development</a></h3> <p><b>This repository contains source codes of various techniques used by malware authors, red teamers, threat actors, state-sponsored hacking groups etc. These techniques are well-researched and implemented in Rust.</b></p> <p>Managed by <a href="https://x.com/5mukx">@5mukx</a></p> <img src="https://img.shields.io/badge/Language-Rust-orange" alt="Language: Rust" /> <img src="https://img.shields.io/badge/OS-Windows-blue" alt="OS: Windows" /> <img src="https://img.shields.io/badge/Maintained-Yes-green" alt="Maintained: Yes" /> </div> --- ## Table of Contents - [Walkthrough](#walkthrough) - [Malware Techniques](#malware-techniques) - [Encryption Techniques](#encryption-techniques) - [Related Blogs](#related-blogs) ## Malware Techniques | Technique | Description | |-----------|-------------| | [Process Injection](Process-Injection) | Process injection techniques | | [Process Injection 2](Process) | Additional process injection snippets. | | [Process Ghosting](GhostingProcess) | Process ghosting technique | | [Process Hypnosis](Process/hypnosis.rs) | Process hypnosis techniques | | [Process Herpaderping](Process/Herpaderping) | Process herpaderping | | [Waiting Thread Hijacking](WaitingThreadHijacking) | injection by overwriting the return address of a waiting thread | | [NtCreateUserProcess](NtCreateUserProcess) | Launch processes using NtCreateUserProcess API. | | [Named Pipes](Named_Pipe) | Interprocess communication using named pipes on Windows. | | [Api Hooking](Api_Hooking) | API Hooking Using Trampoline. | | [PE Analyzer](https://github.com/Whitecat18/PE-Analyzer.rs) | Extract PE information via CLI. | | [BlockHandle](BlockHandle) | Block handles using SDDL PoC. | | [Dynamic Export Table PEB](base_addr_locator) | Call Windows functions by searching memory. | | [API Hammering](api_hammering) | API hammering techniques. | | [Early Cascade Injection](Early%20Cascade%20Injection) | Early-cascade injection PoC in Rust. | | [Encryption Methods](Encryption%20Methods) | Methods to encrypt and execute payloads. | | [Enumeration](Enumeration) | Enumeration modules for efficiency. | | [Malware Samples](Malware-Samples) | Malware based on real-world activities. | | [Metadata Modification](Metadata_Modification) | Extract and embed custom metadata in binaries. | | [Keyloggers](Keyloggers) | Custom keylogger implementations in Rust. | | [DLL Injection](dll_injection) | DLL injection in Rust. | | [DLL Injector](DLL_Injector) | Versatile DLL injector in Rust. | | [Code Snippets](Malware_Tips) | Snippets for malware operations. | | [NTAPI Implementation](NtApi) | NTAPI usage snippets. | | [Extract WiFi Passwords](Recon/extract_wifi) | Extract stored WiFi passwords on Windows. | | [Reverse Shell](Reverse%20Shell) | Client-server reverse shell in Rust. | | [Thread Hijacking](Threads) | Thread hijacking snippets. | | [Self Deletion](Self-Deletion-Techniques) | Techniques for self-deleting binaries. | | [Position Independent Series](position%20independent) | Position-independent code in Rust. | | [Shellcode Execution](shellcode_exec) | Shellcode execution using WinAPIs. | | [Sleep Obfuscation](Sleep_Obfuscations/Ekko) | Sleep obfuscation implementation. | | [Direct Syscalls](syscalls/direct_syscalls) | Direct syscall implementation using STUB methods. | | [Indirect Syscalls](syscalls/indirect_syscalls) | Indirect syscall implementation using STUB methods. | | [BSOD](BSOD) | Triggers a Blue Screen of Death. | | [Persistence](Persistence) | Persistence techniques. | | [UAC Bypass CMSTP](uac-bypass-cmstp) | UAC bypass by elevating CMSTP.exe. | | [Malware DSA](shellcode_exec/DSA_Exec) | Malware using data structures and algorithms. | | [Shellcode Obfuscation](obfuscation) | Obfuscate shellcode using IPv4, IPv6, MAC, UUID formats. | | [EDR Checker](EDRChecker) | Detect EDR tools, AV software, and security applications. | | [Timer](timer) | Time-based execution control mechanism. | | [Keylogger Dropper](keylog_dropper) | Downloads and executes keylogger in the background. | | [Rand_Fill](Malware_Tips/rand_fill) | Deletes files and fills disk with random bytes. | | [Encryfer-X](Malware-Samples/Encryfer/Encryfer-X) | Ransomware combining multiple PoC techniques. | | [GitHub Stealers](stealer/GitHub_API) | Steal credentials using GitHub API. | ## Encryption Techniques | Technique | Description | |-----------|-------------| | [AES Encryption](Encryption%20Methods/Aes_Encryption) | Encrypt/decrypt shellcodes using AES. | | [RC4 Encryption](Encryption%20Methods/rc4_shellcode_encrypt.rs) | Encrypt/decrypt shellcodes using RC4. | | [Khufu Encryption](Encryption%20Methods/Khufu_encryption) | Encrypt/decrypt using Khufu algorithm. | | [Camellia Cipher](Encryption%20Methods/camellia_cipher) | Encryption using Camellia cipher. | | [NullxFigure](Encryption%20Methods/nullxfigure) | Parse null bytes into shellcode. | | [A5/1 Cipher](Encryption%20Methods) | Encrypt shellcode using modified A5/1 cipher. | | [XOR Encryption](Encryption%20Methods/xor_encrypt.rs) | Shellcode encryption using XOR. | | [Lucifer Algorithm](Encryption%20Methods/lucifer_algorithm.rs) | Encrypt/decrypt shellcodes using Lucifer algorithm. | | [DFC Algorithm](Encryption%20Methods/dfc_algorithm.rs) | Encrypt/execute payloads using DFC algorithm. | | [Payload Shuffling](Encryption%20Methods/payload_shuffling) | Payload shuffling techniques. | | [ECC Encryption](Encryption%20Methods/ecc_shellcode_exec) | Encrypt/decrypt shellcodes using ECC. | | [SystemFunction032/033](Encryption%20Methods/SystemFunction032_033) | Encrypt/decrypt shellcode using undocumented WinAPI. | ## Walkthrough - **New to Rust?** Follow the [compilation guide](deps.md). - **Compile Source Code**: See [README](deps.md). - **Clean PoCs Recursively**: Use [commands](CLEAN.md). - **Cross-Compilation with Docker**: Refer to [README](docker.md). ## Related Blogs - [Malware Development Essentials Part 1](https://medium.com/system-weakness/malware-development-essentials-part-1-5f4626652ed9) - [Rust for Cybersecurity and Red Teaming](https://infosecwriteups.com/rust-for-cyber-security-and-red-teaming-275595d3fdec) - [DLL Injection Using Rust](dll_injection) ## Download Download the repository: [Link](https://download.5mukx.site/#/home?url=https://github.com/Whitecat18/Rust-for-Malware-Development) ## Disclaimer ⚠️ **These resources are for educational purposes only.** ⚠️ For futher Projects and Fixes. Contact me through email: **[email protected]** or via Twitter: [@5mukx](https://x.com/5mukx). ", Assign "at most 3 tags" to the expected json: {"id":"9499","tags":[]} "only from the tags list I provide: [{"id":77,"name":"3d"},{"id":89,"name":"agent"},{"id":17,"name":"ai"},{"id":54,"name":"algorithm"},{"id":24,"name":"api"},{"id":44,"name":"authentication"},{"id":3,"name":"aws"},{"id":27,"name":"backend"},{"id":60,"name":"benchmark"},{"id":72,"name":"best-practices"},{"id":39,"name":"bitcoin"},{"id":37,"name":"blockchain"},{"id":1,"name":"blog"},{"id":45,"name":"bundler"},{"id":58,"name":"cache"},{"id":21,"name":"chat"},{"id":49,"name":"cicd"},{"id":4,"name":"cli"},{"id":64,"name":"cloud-native"},{"id":48,"name":"cms"},{"id":61,"name":"compiler"},{"id":68,"name":"containerization"},{"id":92,"name":"crm"},{"id":34,"name":"data"},{"id":47,"name":"database"},{"id":8,"name":"declarative-gui "},{"id":9,"name":"deploy-tool"},{"id":53,"name":"desktop-app"},{"id":6,"name":"dev-exp-lib"},{"id":59,"name":"dev-tool"},{"id":13,"name":"ecommerce"},{"id":26,"name":"editor"},{"id":66,"name":"emulator"},{"id":62,"name":"filesystem"},{"id":80,"name":"finance"},{"id":15,"name":"firmware"},{"id":73,"name":"for-fun"},{"id":2,"name":"framework"},{"id":11,"name":"frontend"},{"id":22,"name":"game"},{"id":81,"name":"game-engine "},{"id":23,"name":"graphql"},{"id":84,"name":"gui"},{"id":91,"name":"http"},{"id":5,"name":"http-client"},{"id":51,"name":"iac"},{"id":30,"name":"ide"},{"id":78,"name":"iot"},{"id":40,"name":"json"},{"id":83,"name":"julian"},{"id":38,"name":"k8s"},{"id":31,"name":"language"},{"id":10,"name":"learning-resource"},{"id":33,"name":"lib"},{"id":41,"name":"linter"},{"id":28,"name":"lms"},{"id":16,"name":"logging"},{"id":76,"name":"low-code"},{"id":90,"name":"message-queue"},{"id":42,"name":"mobile-app"},{"id":18,"name":"monitoring"},{"id":36,"name":"networking"},{"id":7,"name":"node-version"},{"id":55,"name":"nosql"},{"id":57,"name":"observability"},{"id":46,"name":"orm"},{"id":52,"name":"os"},{"id":14,"name":"parser"},{"id":74,"name":"react"},{"id":82,"name":"real-time"},{"id":56,"name":"robot"},{"id":65,"name":"runtime"},{"id":32,"name":"sdk"},{"id":71,"name":"search"},{"id":63,"name":"secrets"},{"id":25,"name":"security"},{"id":85,"name":"server"},{"id":86,"name":"serverless"},{"id":70,"name":"storage"},{"id":75,"name":"system-design"},{"id":79,"name":"terminal"},{"id":29,"name":"testing"},{"id":12,"name":"ui"},{"id":50,"name":"ux"},{"id":88,"name":"video"},{"id":20,"name":"web-app"},{"id":35,"name":"web-server"},{"id":43,"name":"webassembly"},{"id":69,"name":"workflow"},{"id":87,"name":"yaml"}]" returns me the "expected json"

AI prompts

AI prompts