Whitecat18/Rust-for-Malware-Development
Rust for malware Development is a repository for advanced Red Team techniques and offensive malwares & Ransomwares, focused on Rust 🦀
{ "createdAt": "2024-02-12T16:55:06Z", "defaultBranch": "main", "description": "Rust for malware Development is a repository for advanced Red Team techniques and offensive malwares & Ransomwares, focused on Rust 🦀", "fullName": "Whitecat18/Rust-for-Malware-Development", "homepage": "https://maldev.5mukx.site/", "language": "Rust", "name": "Rust-for-Malware-Development", "pushedAt": "2025-11-09T19:02:44Z", "stargazersCount": 3097, "topics": [ "malware", "malware-development", "malware-research", "proof-of-concept", "research", "rust", "rustlang", "tips-and-tricks", "windows" ], "updatedAt": "2025-11-25T15:56:57Z", "url": "https://github.com/Whitecat18/Rust-for-Malware-Development"}Rust for Malware Development
Section titled “Rust for Malware Development”
Rust for Malware Development
This repository contains source codes of various techniques used by malware authors, red teamers, threat actors, state-sponsored hacking groups etc. These techniques are well-researched and implemented in Rust.
Table of Contents
Section titled “Table of Contents”- CodeBase
- [Walkthrough]!(#walkthrough)
- [Malware Techniques]!(#malware-techniques)
- [Encryption Techniques]!(#encryption-techniques)
- [Related Blogs]!(#related-blogs)
- [Download Repository]!(#download-as-zip-file)
- [Contribution]!(#contributing-to-rust-for-malware-development)
- [Credits/References]!(#Credits-/-References)
Malware Techniques
Section titled “Malware Techniques”| Technique | Description |
|---|---|
| [Process Injection]!(Process-Injection) | Process injection techniques |
| [Process Injection 2]!(Process) | Additional process injection snippets. |
| [Process Ghosting]!(GhostingProcess) | Process ghosting technique |
| [Process Hypnosis]!(Process/hypnosis.rs) | Process hypnosis techniques |
| [Process Herpaderping]!(Process/Herpaderping) | Process herpaderping |
| [Parent Process Spoofing]!(Persistence/PPid_spoofing/) | create a process that appeas as it was spawn a parent process |
| [Waiting Thread Hijacking]!(WaitingThreadHijacking) | injection by overwriting the return address of a waiting thread |
| [NtCreateUserProcess]!(NtCreateUserProcess) | Launch processes using NtCreateUserProcess API. |
| [Dirty Vanity]!(Dirty_Vanity/) | Bypass EDR’s by executing Shellcode by forking the process |
| Custom Shellcode | Custom Shellcode for Testing. |
| [Tartarus Gate]!(syscalls/TartarusGate) | Bypass EDRs by unhooking functions |
| [Recycle Gate]!(syscalls/RecycledGate) | Combination of Hells, Halos, Tartarus Gate |
| [Named Pipes]!(Named_Pipe) | Interprocess communication using named pipes on Windows. |
| [Api Hooking]!(Api_Hooking) | API Hooking Using Trampoline. |
| PE Analyzer | Extract PE information via CLI. |
| [PEB Offset Finder]!(PEB_Offset_finder) | Find PEB Offsets for sstealth operations |
| [BlockHandle]!(BlockHandle) | Block handles using SDDL PoC. |
| [Dynamic Export Table PEB]!(base_addr_locator) | Call Windows functions by searching memory. |
| Dynamic Resolver | Dynamically resolves and invokes WinAPI functions |
| [API Hammering]!(api_hammering) | API hammering techniques. |
| [Early Cascade Injection]!(Early%20Cascade%20Injection) | Early-cascade injection PoC in Rust. |
| [Encryption Methods]!(Encryption%20Methods) | Methods to encrypt and execute payloads. |
| [Enumeration]!(Enumeration) | Enumeration modules for efficiency. |
| [Malware Samples]!(Malware-Samples) | Malware based on real-world activities. |
| [Metadata Modification]!(Metadata_Modification) | Extract and embed custom metadata in binaries. |
| Keyloggers | Custom keylogger implementations in Rust. |
| [DLL Injection]!(dll_injection) | DLL injection in Rust. |
| [DLL Injector]!(DLL_Injector) | Versatile DLL injector in Rust. |
| [Code Snippets]!(Malware_Tips) | Snippets for malware operations. |
| [NTAPI Implementation]!(NtApi) | NTAPI usage snippets. |
| [Early Expcetion Handler]!(KiUserExceptionDispatcherStepOver) | Custom Expcetion Handler to bypass EDRs |
| [Extract WiFi Passwords]!(Recon/extract_wifi) | Extract stored WiFi passwords on Windows. |
| [Reverse Shell]!(Reverse%20Shell) | Client-server reverse shell in Rust. |
| [Thread Hijacking]!(Threads) | Thread hijacking snippets. |
| [Self Deletion]!(Self-Deletion-Techniques) | Techniques for self-deleting binaries. |
| [Position Independent Series]!(position%20independent) | Position-independent code in Rust. |
| [Shellcode Execution]!(shellcode_exec) | Shellcode execution using WinAPIs. |
| [Sleep Obfuscation]!(Sleep_Obfuscations/Ekko) | Sleep obfuscation implementation. |
| [Direct Syscalls]!(syscalls/direct_syscalls) | Direct syscall implementation using STUB methods. |
| [Indirect Syscalls]!(syscalls/indirect_syscalls) | Indirect syscall implementation using STUB methods. |
| [Parallel Syscalls]!(syscalls/parallel_syscalls/) | Parallel Syscall implementation. |
| [BSOD]!(BSOD) | Triggers a Blue Screen of Death. |
| [Persistence]!(Persistence) | Persistence techniques. |
| [UAC Bypass CMSTP]!(uac-bypass-cmstp) | UAC bypass by elevating CMSTP.exe. |
| [Malware DSA]!(shellcode_exec/DSA_Exec) | Malware using data structures and algorithms. |
| [Shellcode Obfuscation]!(obfuscation) | Obfuscate shellcode using IPv4, IPv6, MAC, UUID formats. |
| [EDR Checker]!(EDRChecker) | Detect EDR tools, AV software, and security applications. |
| [Timer]!(timer) | Time-based execution control mechanism. |
| [Keylogger Dropper]!(keylog_dropper) | Downloads and executes keylogger in the background. |
| [Rand_Fill]!(Malware_Tips/rand_fill) | Deletes files and fills disk with random bytes. |
| [Encryfer-X]!(Malware-Samples/Encryfer/Encryfer-X) | Ransomware combining multiple PoC techniques. |
| [GitHub Stealers]!(stealer/GitHub_API) | Steal credentials using GitHub API. |
| [AMSI Byapss Techniques]!(AMSI%20BYPASS) | AMSI Bypass Techniques. |
| [ManulaRsrcDataFetching]!(ManualRsrcDataFetching) | function to replace FindResource & LoadResource & LockResource & SizeofResource windows apis. |
| [Anti-VM CPU Fan Detection]!(Evasion/CPU_FAN_DETECTION) | Find if the system has CPU FAN. Works only on PC. |
| Proxy DLL Load | PoC of Proxying DLL Loads To Hide From ETWTI Stack Tracing |
Encryption Techniques
Section titled “Encryption Techniques”| Technique | Description |
|---|---|
| [AES Encryption]!(Encryption%20Methods/Aes_Encryption) | Encrypt/decrypt shellcodes using AES. |
| [RC4 Encryption]!(Encryption%20Methods/rc4_shellcode_encrypt.rs) | Encrypt/decrypt shellcodes using RC4. |
| [XOR Encryption]!(Encryption%20Methods/xor_encrypt.rs) | Encrypt/decrypt shellcodes using XOR. |
| [Khufu Encryption]!(Encryption%20Methods/Khufu_encryption) | Encrypt/decrypt using Khufu algorithm. |
| [ECC Encryption]!(Encryption%20Methods/ecc_shellcode_exec) | Encrypt/decrypt shellcodes using ECC. |
| [Camellia Cipher]!(Encryption%20Methods/camellia_cipher) | Encryption using Camellia cipher. |
| [NullxFigure]!(Encryption%20Methods/nullxfigure) | Parse null bytes into shellcode. |
| [A5/1 Cipher]!(Encryption%20Methods) | Encrypt shellcode using modified A5/1 cipher. |
| [Madryga Algorithm]!(Encryption%20Methods/Madryga_encryption) | Encrypt/decrypt shellcodes using Madryga Algorithm. |
| [Lucifer Algorithm]!(Encryption%20Methods/lucifer_algorithm.rs) | Encrypt/decrypt shellcodes using Lucifer algorithm. |
| [DFC Algorithm]!(Encryption%20Methods/dfc_algorithm.rs) | Encrypt/execute payloads using DFC algorithm. |
| [Payload Shuffling]!(Encryption%20Methods/payload_shuffling) | Payload shuffling techniques. |
| [SystemFunction032/033]!(Encryption%20Methods/SystemFunction032_033) | Encrypt/decrypt shellcode using undocumented WinAPI. |
Walkthrough
Section titled “Walkthrough”- New to Rust? Follow the [compilation guide]!(deps.md).
- Compile Source Code: See [README]!(deps.md).
- Clean PoCs Recursively: Use [commands]!(CLEAN.md).
- Cross-Compilation with Docker: Refer to [README]!(docker.md).
Related Blogs
Section titled “Related Blogs”- Malware Development Essentials Part 1
- Rust for Cybersecurity and Red Teaming
- [DLL Injection Using Rust]!(dll_injection)
Download as .Zip File
Section titled “Download as .Zip File”Download the repository: Link
Contributing to Rust for Malware Development
Section titled “Contributing to Rust for Malware Development”We welcome contributions to the Rust for Malware Development repository. To contribute, please follow these steps:
- Fork the repository.
- Create a new branch:
git checkout -b <branch_name>. - Make your changes and commit them:
git commit -m '<commit_message>'. - Push your changes to your branch:
git push origin <branch_name>. - Submit a pull request.
If you have any questions about contributing, refer to the GitHub documentation.
Credits / References
Section titled “Credits / References”I would like to express my sincere gratitude to the creators of remarkable projects and fascinating techniques, who provided me with the tools and inspiration needed to create this extraordinary repository.
Each PoC includes a [Credits/Resource]!(#) section to acknowledge and respect the original creators and their contributions to the community.
Other Essential Resources:
Section titled “Other Essential Resources:”- https://ired.team
- https://github.com/microsoft/windows-rs
- https://github.com/retep998/winapi-rs
- https://github.com/MSxDOS/ntapi
- https://github.com/janoglezcampos/rust_syscalls
- https://github.com/rust-osdev/uefi-rs
- https://discord.gg/rust-lang-community
- https://github.com/anvie/litcrypt.rs
- https://balwurk.com/shellcode-evasion-using-webassembly-and-rust
License
Section titled “License”This project is licensed under the [MIT License]!(/LICENSE)