base on This repository contains my complete resources and coding practices for malware development using Rust 🦀. <div align="center"> <img width="260px" src="https://github.com/Whitecat18/Rust-for-Malware-Development/assets/96696929/08dcf469-a502-450c-ab94-3915fd4b9968" /> <a href = "https://github.com/Whitecat18/Rust-for-Malware-Development.git" ><h3>Rust for Malware Development</h3></a> <b>This repository contains source codes of various techniques used by real-world malware authors, red teamers, threat actors, state-sponsored hacking groups etc. These techniques are well-researched and implemented in Rust.</b> <br> <br> Repository managed by <a href="https://twitter.com/5mukx"> @5mukx</a></i></p> <br> <img src="https://img.shields.io/badge/Language-Rust-orange"> <img src="https://img.shields.io/badge/OS-Windows%20%26%20Linux-blue"> <img src="https://img.shields.io/badge/Maintained-Yes-Green"> ----------------- </div> > Note: These are my own research and implementations, derived from the original authors' work. If you discover any errors in these codes, please [contact](https://x.com/5mukx) or contribute to this repository. ## Context * [Encryption Methods](/Encryption%20Methods): Methods to Encrypt and Execute Payloads. * [Process Injection](Process-Injection): Process Injection Techniques using Rust. * [Malware Samples](Malware-Samples): Written malwares based on Real world activities. * [EDR Checker](EDRChecker): check for the presence of EDR's tools, AV softwares, and other security-related applications on a Windows system. * [Early Cascade Injection](Early%20Cascade%20Injection): Early Cascade Injection POC written in Rust. * [Enumeration](Enumeration): Enumeration Modules to save your time. * [Keyloggers](Keyloggers): My implementations of keyloggers using Rust. * [Keylogger Dropper](keylog_dropper): Downloads keylogger and sender on victim PC and exectutes in background. * [DLL Injection](dll_injection): DLL injection in Rust. * [Code Snippet](Malware_Tips): Helps to perform certain malware operations. * [NTAPI Implementation](NtApi): Code snippet of using ntapi. * [Extract Wifi Passwords](Recon/extract_wifi): Extract Windows Stored Wifi Passwords. * [Reverse Shell Rust](Reverse%20Shell): Rust Client Server Reverse Shell. * [Thread Hijacking](Threads): Thread Hijacking code Snippet. * [Shellcode Obfuscation](obfuscation): Obfuscate and deobfuscate shellcode using Ipv4, Ipv6, MAC, UUiD formats. * [Position Independent Series](position%20independent): Position independent series in Rust. * [Shellcode Execution methods](shellcode_exec): Shellcode execution methods using WinApi's. * [API Hammering](api_hammering): API Hammering techniques. * [Sleep Obfuscation](Sleep_Obfuscations/Ekko): Sleep Obfuscation implementation in Rust. * [Syscalls](syscalls/): Syscall Implementation using system call STUB [Direct/Indirect] methods. * [BSOD](BSOD): Causes BSOD when Executing. * [Persistence](Persistence): Persistence Code Snippet. * [UAC Bypass CMSTP](uac-bypass-cmstp/): Bypass UAC by elevating CMSTP.exe * [Process Injection 2](Process): Process Injection Code Snippet 2. * [Malware DSA](shellcode_exec/DSA_Exec): Implementing malwares using DSA (Data Structures and Algorithms) Concept. ## Manifest dependencies for [winapi](https://docs.rs/winapi/latest/winapi/) to test and execute **Copy the dependencics in Cargo.toml file** ``` [dependencies] winapi = { version = "0.3.9", features = ["winuser","setupapi","dbghelp","wlanapi","winnls","wincon","fileapi","sysinfoapi", "fibersapi","debugapi","winerror", "wininet" , "winhttp" ,"synchapi","securitybaseapi","wincrypt","psapi", "tlhelp32", "heapapi","shellapi", "memoryapi", "processthreadsapi", "errhandlingapi", "winbase", "handleapi", "synchapi"] } ntapi = "0.4.1" ``` > Tips for Rust Beginners: Copy and save the dependencies in Cargo.toml File. Versions may be different. Just copy the features when testing. * **How to Compile this Repository Source Codes [README.](./deps.md)** * **Cross Compilation Using Docker [README.](./docker.md).** ## Rust Malware Blogs regarding this Repostitory * [Malware Development Essentials Part 1](https://medium.com/system-weakness/malware-development-essentials-part-1-5f4626652ed9) * [Rust for CyberSecurity and Red Teaming](https://infosecwriteups.com/rust-for-cyber-security-and-red-teaming-275595d3fdec) * [DLL Injection using Rust](https://smukx.medium.com/dll-injection-using-rust-593b83734c90) ⚠️ These Resources are only for Education Purposes Only ⚠️ ", Assign "at most 3 tags" to the expected json: {"id":"9499","tags":[]} "only from the tags list I provide: [{"id":77,"name":"3d"},{"id":89,"name":"agent"},{"id":17,"name":"ai"},{"id":54,"name":"algorithm"},{"id":24,"name":"api"},{"id":44,"name":"authentication"},{"id":3,"name":"aws"},{"id":27,"name":"backend"},{"id":60,"name":"benchmark"},{"id":72,"name":"best-practices"},{"id":39,"name":"bitcoin"},{"id":37,"name":"blockchain"},{"id":1,"name":"blog"},{"id":45,"name":"bundler"},{"id":58,"name":"cache"},{"id":21,"name":"chat"},{"id":49,"name":"cicd"},{"id":4,"name":"cli"},{"id":64,"name":"cloud-native"},{"id":48,"name":"cms"},{"id":61,"name":"compiler"},{"id":68,"name":"containerization"},{"id":92,"name":"crm"},{"id":34,"name":"data"},{"id":47,"name":"database"},{"id":8,"name":"declarative-gui "},{"id":9,"name":"deploy-tool"},{"id":53,"name":"desktop-app"},{"id":6,"name":"dev-exp-lib"},{"id":59,"name":"dev-tool"},{"id":13,"name":"ecommerce"},{"id":26,"name":"editor"},{"id":66,"name":"emulator"},{"id":62,"name":"filesystem"},{"id":80,"name":"finance"},{"id":15,"name":"firmware"},{"id":73,"name":"for-fun"},{"id":2,"name":"framework"},{"id":11,"name":"frontend"},{"id":22,"name":"game"},{"id":81,"name":"game-engine "},{"id":23,"name":"graphql"},{"id":84,"name":"gui"},{"id":91,"name":"http"},{"id":5,"name":"http-client"},{"id":51,"name":"iac"},{"id":30,"name":"ide"},{"id":78,"name":"iot"},{"id":40,"name":"json"},{"id":83,"name":"julian"},{"id":38,"name":"k8s"},{"id":31,"name":"language"},{"id":10,"name":"learning-resource"},{"id":33,"name":"lib"},{"id":41,"name":"linter"},{"id":28,"name":"lms"},{"id":16,"name":"logging"},{"id":76,"name":"low-code"},{"id":90,"name":"message-queue"},{"id":42,"name":"mobile-app"},{"id":18,"name":"monitoring"},{"id":36,"name":"networking"},{"id":7,"name":"node-version"},{"id":55,"name":"nosql"},{"id":57,"name":"observability"},{"id":46,"name":"orm"},{"id":52,"name":"os"},{"id":14,"name":"parser"},{"id":74,"name":"react"},{"id":82,"name":"real-time"},{"id":56,"name":"robot"},{"id":65,"name":"runtime"},{"id":32,"name":"sdk"},{"id":71,"name":"search"},{"id":63,"name":"secrets"},{"id":25,"name":"security"},{"id":85,"name":"server"},{"id":86,"name":"serverless"},{"id":70,"name":"storage"},{"id":75,"name":"system-design"},{"id":79,"name":"terminal"},{"id":29,"name":"testing"},{"id":12,"name":"ui"},{"id":50,"name":"ux"},{"id":88,"name":"video"},{"id":20,"name":"web-app"},{"id":35,"name":"web-server"},{"id":43,"name":"webassembly"},{"id":69,"name":"workflow"},{"id":87,"name":"yaml"}]" returns me the "expected json"