Skip to content

BlackSnufkin/Rusty-Playground

Repository files navigation

Rusty-Playground 🦀

A collection of Rust programs showcasing some offensive-securtiy and evasions techniques


Tool Description Reference(s)
ClipboardMon Monitors the clipboard for changes and logs clipboard content or copies files depending on detected changes. -
DumpMDEConfig Enumerates Microsoft Defender to identify exclusion paths, allowed threats, protection history, and ASR (Attack Surface Reduction) rules enabled on the system. No admin privileges required. Source
ElevateToken Impersonates user tokens to create processes with elevated system privileges. Token::elevate
HashMiner Extract NTLM Hashes from SAM and SYSTEM mimikatz-rs
HeapEnc Demonstrates a simple example of heap encryption. nimHeapEnc
HideDll Hides DLLs in the current process and employs anti-analysis methods to prevent the DLL from being dumped by memory scanners. -
HookFinder Detects userland API hooks implemented by antivirus or EDR (Endpoint Detection and Response) software. -
IoDllProxyLoad Uses Windows thread pool API to proxy the loading and unloading of a DLL via an I/O completion callback function using named pipes. IoDllProxyLoad
weaponizing-windows-thread-pool-apis-proxying-dll-loads
NtCreateUserProcess Spawns processes using NtCreateUserProcess, blocks DLLs, and performs PPID (Parent Process ID) spoofing. ntcreateuserprocess_1
ntcreateuserprocess_2
PatchlessAmsiBypass Bypasses AMSI (Antimalware Scan Interface) utilizing hardware breakpoints, avoiding in-memory hooks. patchless_amsi
PatchlessBypass An improved version of PatchlessAmsiBypass, patches both ETW (Event Tracing for Windows) and AMSI on all threads. PatchlessHook
SelfErase Deletes the currently running file from disk. self_remove
delete-self-poc
SilentFart Uses NTAPI to retrieve NTDLL and unhooks it without triggering the "PspCreateProcessNotifyRoutine" callback. GhostFart
StackEncrypt Shuffles and encrypts the stack, then sleeps using indirect syscalls to NtDelayExecution. StackMask
UnhookNtdll Implements the Perun's Fart technique in Rust using NtCreateUserProcess, supporting both local and remote execution. arsenal-rs
USB_mon Monitors USB devices and displays information about new devices connected to the system. -
VEH-ProxyDll Leverages the Vectored Exception Handler (VEH) to modify the context, particularly the RIP register, to invoke LoadLibraryA with the RCX register holding its argument (module name). Triggers exceptions using VirtualProtect to set pages to PAGE_GUARD. VEH-DLL-proxy-load.c
Whoami_alt Provides alternatives to the whoami command by utilizing uncommon WinAPI functions. WhoIsWho
WhoamiAlternatives
Whoami_alt2 Additional alternatives to the whoami command, leveraging uncommon WinAPI functions. WhoIsWho
WhoamiAlternatives
Wifi-Dump Dumps WiFi passwords using WinAPI. -

About

Some Rust program I wrote while learning Malware Development

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages