This repository contains source codes of various techniques used by real-world malware authors, red teamers, threat actors, state-sponsored hacking groups etc. These techniques are well-researched and implemented in Rust.
Repository managed by @5mukx
| Techniques | Description |
|---|---|
| Process Injection | Process Injection Techniques using Rust. |
| Process Injection 2 | Process Injection Techniques Snippet 2. |
| Process Ghosting | Process Ghosting Technique Written in Rust. |
| Process Hypnosis | Process Hypnosis Technique Written in Rust. |
| Process Herpaderping | Process Herpaderping Written in Rust. |
| NtCreateUserProcess | Launching the Process using NtCreateUserProcess API. |
| Named Pipes | Demonstrating IPC using named pipes on Windows |
| PE Analyzer | Extracts PE Information at CLI. |
| BlockHandle | Block Handles using SDDL PoC. |
| Dynamic Export Table PEB | Calls Windows Function by searching memory. |
| API Hammering | API Hammering techniques. |
| Early Cascade Injection | Early-Cascade Injection POC written in Rust. |
| Encryption Methods | Methods to Encrypt and Execute Payloads. |
| Enumeration | Enumeration Modules to save your time. |
| Malware Samples | Written malwares based on Real world activities. |
| Metadata Modification | Extract and Embed custom metadata to our Binary File. |
| Keyloggers | Custom Implementation of Keyloggers written in Rust. |
| DLL Injection | DLL injection in Rust. |
| DLL Injector | A powerful and versatile DLL injector written in rust. |
| Code Snippet | Helps to perform certain malware operations. |
| NTAPI Implementation | Code snippet of using ntapi. |
| Extract Wifi Passwords | Extract Windows Stored Wifi Passwords. |
| Reverse Shell Rust | Rust Client Server Reverse Shell. |
| Thread Hijacking | Thread Hijacking code Snippet. |
| Self Delete | Techniques to Self Delete an running binary file. |
| Position Independent Series | Position independent series in Rust. |
| Shellcode Execution methods | Shellcode execution methods using WinApi's. |
| Sleep Obfuscation | Sleep Obfuscation implementation in Rust. |
| Syscalls | Syscall Implementation using system call STUB [Direct/Indirect] methods. |
| BSOD | Causes BSOD when Executing. |
| Persistence | Persistence Code Snippet. |
| UAC Bypass CMSTP | Bypass UAC by elevating CMSTP.exe |
| Malware DSA | Implementing malwares using DSA (Data Structures and Algorithms) Concept. |
| Shellcode Obfuscation | Obfuscate and deobfuscate shellcode using Ipv4, Ipv6, MAC, UUiD formats. |
| EDR Checker | Check for the presence of EDR's tools, AV softwares, and other security-related applications on a Windows system. |
| Timer | A Program that uses Time-based execution control mechanism. |
| Keylogger Dropper | Downloads keylogger and sender on victim PC and executes in background. |
| Rand_Fill | A Small Parallel Program that Deletes All Files on Disk and Fills with Random Bytes, Making the Recovery Process Impossible. |
| Encryfer-X | Ransomware written by combining all Possible POC techniques. |
| Github Stealers |
| Techniques | Description |
|---|---|
| AES Encryption | Encrypt and Decrypt Shellcodes/Payloads using AES-Encryption |
| RC4 Encryption | Encrypt and Decrypt Shellcodes/Payloads using RC4-Encryption |
| Khufu Encryption | Perform Encrypt and Decrypt using Khufu Algorithm |
| Camellia Cipher | Perform Encryption using Camellia Cipher |
| NullxFigure | Simple Program to parse null bytes into each shellcode |
| A5/1 Cipher | Encrypt shellcode using a modified A5/1 cipher with seeded randomness. |
| XOR Encryption | Shellcode Encryption using XOR |
| Lucifer Algorithm | Encrypt and Decrypt shellcodes using Lucifer Algorithm. |
| DFC Algorithm | Encrypt and execute payloads using DFC Algorithm. |
| Payload Suffling | Payload Suffling Techniques |
| ECC Encryption | Encrypt and Decrypt Shellcodes/Payloads using ECC (Elliptic Curve Cryptography) |
| SystemFunction032/033 | Encrypt and Decrypt shellcode using undocumented winapi function. |
Click Here to download the Repository: Download
- New to Rust ? : Please Follow the steps here Compile
- How to Compile this Repository Source Codes README
- How to clean all the PoC recursively Commands.
- Cross Compilation Using Docker READMe.
If you need an exploit or proof-of-concept (PoC) removed, please contact me via email at [email protected] or through my Twitter handle @5mukx.