ph-fox/Rusty-Playground

Some Rust program I wrote while learning Malware Development

Rusty-Playground 🦀

Some Rust program I wrote while learning Malware Development

ElevateToken 📌

• Impersonates user tokens, and creates processes with elevated system privileges
• Refernce:
  • Token::elevate

---

Gabimaru 📌

• Module Stomping with Threadless Injection x2 (1. load dll 2. Shellcode Injection )
• Refernce:
  • ThreadlessInjection
  • Defcon31

---

JumpThreadHijack 📌

• Shellcode Injection with ThreadHijacking without the usage of SetThreadContext
• Refernce:
  • TheLostThread

---

ModuleStomping 📌

• This is like the base program for everything and it all build upong this
• Module Stomping with indirect syscalls and injection in .text section of the targeted dll
• Refernce:
  • module_stomping-rs
  • D1rkInject

---

NtCreateUserProcess 📌

• Spawn Process with NtCreateUserProcess and Block Dlls and PPID Spoofing
• Refernce:
  • ntcreateuserprocess_1
  • ntcreateuserprocess_2

---

PatchlessAmsiBypass 📌

• Amsi Bypass with HWBP So no hooks in memory
• Reference:
  • patchless_amsi

---

PatchlessBypass 📌

• Improved Version of the PatchlessAmsiBypass Patch ETW + AMSI on all threads
• Reference:
  • PatchlessHook

---

SelfErase 📌

• Delete a currently running file from disk
• Reference:
  • self_remove
  • delete-self-poc

---

StackEncrypt 📌

• Shuffele & encrpyt the Stack and sleep with indirect syscalls to NtDelayExecution
• Refernce:
  • StackMask

---

UnhookNtdll 📌

• Rust implementation of the Perun's Fart thechnique
• Using NtCreateUserProcess Both local and remote can be done with this program
• Refernce:
  • arsenal-rs