-
Notifications
You must be signed in to change notification settings - Fork 165
Home
Smukx ♠ edited this page Nov 12, 2025
·
4 revisions
Welcome to the Rust for Malware Development wiki! This repository provides a comprehensive collection of resources, code snippets, and implementations for malware development techniques using the Rust programming language 🦀, specifically targeting the Windows operating system. Managed by @5mukx, this project is designed for researchers, red teamers, and developers exploring low-level Windows internals and malware techniques.
- Why Rust
- Walkthrough
- Malware Techniques
- Encryption Techniques
- Related Blogs
- Download Repository
- Contribution
- Credits/References
- Performance: Rust is faster and more efficient compared to many traditional languages.
- Memory Safety: Rust’s ownership and type systems help reduce common bugs and security issues.
- Modern Tooling: The Cargo build manager makes dependency management and builds much easier.
- Community & Ecosystem: Rust has a growing, supportive community with many security-focused crates.
- Detection Evasion: Being LLVM-based, Rust outputs are less likely to be picked up by static signatures or simple AV checks compared to classic C/C++ payloads.
- Easy Cross-Compilation: Rust’s toolchain supports straightforward cross-compilation for multiple platforms, which is important for modern red team operations.
| Technique | Description |
|---|---|
| Process Injection | Process injection techniques |
| Process Injection 2 | Additional process injection snippets. |
| Process Ghosting | Process ghosting technique |
| Process Hypnosis | Process hypnosis techniques |
| Process Herpaderping | Process herpaderping |
| Parent Process Spoofing | create a process that appeas as it was spawn a parent process |
| Waiting Thread Hijacking | injection by overwriting the return address of a waiting thread |
| NtCreateUserProcess | Launch processes using NtCreateUserProcess API. |
| Dirty Vanity | Bypass EDR's by executing Shellcode by forking the process |
| Custom Shellcode | Custom Shellcode for Testing. |
| Tartarus Gate | Bypass EDRs by unhooking functions |
| Recycle Gate | Combination of Hells, Halos, Tartarus Gate |
| Named Pipes | Interprocess communication using named pipes on Windows. |
| Api Hooking | API Hooking Using Trampoline. |
| PE Analyzer | Extract PE information via CLI. |
| PEB Offset Finder | Find PEB Offsets for sstealth operations |
| BlockHandle | Block handles using SDDL PoC. |
| Dynamic Export Table PEB | Call Windows functions by searching memory. |
| Dynamic Resolver | Dynamically resolves and invokes WinAPI functions |
| API Hammering | API hammering techniques. |
| Early Cascade Injection | Early-cascade injection PoC in Rust. |
| Encryption Methods | Methods to encrypt and execute payloads. |
| Enumeration | Enumeration modules for efficiency. |
| Malware Samples | Malware based on real-world activities. |
| Metadata Modification | Extract and embed custom metadata in binaries. |
| Keyloggers | Custom keylogger implementations in Rust. |
| DLL Injection | DLL injection in Rust. |
| DLL Injector | Versatile DLL injector in Rust. |
| Code Snippets | Snippets for malware operations. |
| NTAPI Implementation | NTAPI usage snippets. |
| Early Expcetion Handler | Custom Expcetion Handler to bypass EDRs |
| Extract WiFi Passwords | Extract stored WiFi passwords on Windows. |
| Reverse Shell | Client-server reverse shell in Rust. |
| Thread Hijacking | Thread hijacking snippets. |
| Self Deletion | Techniques for self-deleting binaries. |
| Position Independent Series | Position-independent code in Rust. |
| Shellcode Execution | Shellcode execution using WinAPIs. |
| Sleep Obfuscation | Sleep obfuscation implementation. |
| Direct Syscalls | Direct syscall implementation using STUB methods. |
| Indirect Syscalls | Indirect syscall implementation using STUB methods. |
| Parallel Syscalls | Parallel Syscall implementation. |
| BSOD | Triggers a Blue Screen of Death. |
| Persistence | Persistence techniques. |
| UAC Bypass CMSTP | UAC bypass by elevating CMSTP.exe. |
| Malware DSA | Malware using data structures and algorithms. |
| Shellcode Obfuscation | Obfuscate shellcode using IPv4, IPv6, MAC, UUID formats. |
| EDR Checker | Detect EDR tools, AV software, and security applications. |
| Timer | Time-based execution control mechanism. |
| Keylogger Dropper | Downloads and executes keylogger in the background. |
| Rand_Fill | Deletes files and fills disk with random bytes. |
| Encryfer-X | Ransomware combining multiple PoC techniques. |
| GitHub Stealers | Steal credentials using GitHub API. |
| AMSI Byapss Techniques | AMSI Bypass Techniques. |
| ManulaRsrcDataFetching | function to replace FindResource & LoadResource & LockResource & SizeofResource windows apis. |
| Anti-VM CPU Fan Detection | Find if the system has CPU FAN. Works only on PC. |
| Proxy DLL Load | PoC of Proxying DLL Loads To Hide From ETWTI Stack Tracing |
| Technique | Description |
|---|---|
| AES Encryption | Encrypt/decrypt shellcodes using AES. |
| RC4 Encryption | Encrypt/decrypt shellcodes using RC4. |
| XOR Encryption | Encrypt/decrypt shellcodes using XOR. |
| Khufu Encryption | Encrypt/decrypt using Khufu algorithm. |
| ECC Encryption | Encrypt/decrypt shellcodes using ECC. |
| Camellia Cipher | Encryption using Camellia cipher. |
| NullxFigure | Parse null bytes into shellcode. |
| A5/1 Cipher | Encrypt shellcode using modified A5/1 cipher. |
| Madryga Algorithm | Encrypt/decrypt shellcodes using Madryga Algorithm. |
| Lucifer Algorithm | Encrypt/decrypt shellcodes using Lucifer algorithm. |
| DFC Algorithm | Encrypt/execute payloads using DFC algorithm. |
| Payload Shuffling | Payload shuffling techniques. |
| SystemFunction032/033 | Encrypt/decrypt shellcode using undocumented WinAPI. |
- New to Rust? Follow the compilation guide.
- Compile Source Code: See README.
- Clean PoCs Recursively: Use commands.
- Cross-Compilation with Docker: Refer to README.
- Malware Development Essentials Part 1
- Rust for Cybersecurity and Red Teaming
- DLL Injection Using Rust
Download the repository: Link
We welcome contributions to the Rust for Malware Development repository. To contribute, please follow these steps:
- Fork the repository.
- Create a new branch:
git checkout -b <branch_name>. - Make your changes and commit them:
git commit -m '<commit_message>'. - Push your changes to your branch:
git push origin <branch_name>. - Submit a pull request.
If you have any questions about contributing, refer to the GitHub documentation.
I would like to express my sincere gratitude to the creators of remarkable projects and fascinating techniques, who provided me with the tools and inspiration needed to create this extraordinary repository.
Each PoC includes a Credits/Resource section to acknowledge and respect the original creators and their contributions to the community.
- https://ired.team
- https://github.com/microsoft/windows-rs
- https://github.com/retep998/winapi-rs
- https://github.com/MSxDOS/ntapi
- https://github.com/janoglezcampos/rust_syscalls
- https://github.com/rust-osdev/uefi-rs
- https://discord.gg/rust-lang-community
- https://github.com/anvie/litcrypt.rs
- https://balwurk.com/shellcode-evasion-using-webassembly-and-rust
This project is licensed under the MIT License