Summary
- Overview
- Contents
- Resources
- Requirements
- Compile
- How to get started
- Contributing to RustRedOps
- Credits / References / Thanks / Motivation
Overview
RustRedOps is a repository that houses various tools and projects related to Red Team operations, developed in Rust. This repository is dedicated to providing effective and efficient tools for security professionals and penetration testers who want to perform security assessments and intrusion tests.
Contents
The repository is organized into several projects, each with its own purpose and functionality. Here are some examples of the projects included:
-
- This project exploits the Asynchronous Code Injection (APC) technique to execute malicious code in target processes.
-
- Demonstration on API hooking which is a programming technique that allows you to intercept and manipulate calls to Windows API functions.
-
- Techniques Anti-Debugging.
-
- API Hammering consists of carrying out various actions to delay the malware.
-
- Techniques Anti-Analysis.
-
- This is just a simple demonstration in case you want to include metadata in your Rust binary or change the associated icon.
-
- Avoiding the loading of DLLS not signed by Microsoft.
-
- It's a project to demonstrate how to create a simple driver using rust.
-
- It's a project to demonstrate how to create dll using rust.
-
- Demonstration of shellcode execution via callback.
-
- It's a project to demonstrate how to create uefi using rust.
-
- Encrypting strings at compile time and decrypting them at runtime.
-
- Extracting WIFI passwords using winapis is a customized form of the netsh command.
-
- It focuses on a variation of APC injection, executing code before the main process starts.
-
- Encrypting / Decrypting a shellcode using AES.
-
- Encrypting / Decrypting a shellcode using RC4.
-
- Enumerating processes with Rust.
-
- Enabling all privilege tokens.
-
- Running commands with Rust.
-
- IAT obfuscation by replacing GetProcAddress and GetModuleHandle.
-
- Technique for exporting APIs (without executing them) in order to camouflage the IAT and avoid a malicious appearance.
-
- A proof of concept to inject a springboard to bypass EDR hooks and use LdrLoadDll.
-
- This project addresses the direct execution of malicious payloads in a system's local environment.
-
- Performing malicious code injection via memory mapping into local processes.
-
Local Function Stomping Injection
- It focuses on replacing locally running functions with malicious code, changing their default behavior.
-
- This project deals with hijacking the threads of processes running on the local system to execute malicious code.
-
- Dumping the lsass.exe process.
-
- The Module Stomping technique focuses on injecting a shellcode into the entrypoint of the mapped or loaded DLL.
-
- Running NTDLL Unhooking through a suspended process.
-
- A simple project showing how we can communicate between processes using named pipes.
-
- Module Overloading is a technique that maps a target DLL and replaces its contents with an EXE / DLL file and then executes it.
-
- Shellcode obfuscation using IPV4, IPV6, MAC and UUIDs.
-
- Demonstrating the PPID Spoofing technique.
-
- The code is focused on parsing the PE header of any Windows executable file.
-
- Patching ETW.
-
- Patching AMSI.
-
- Controlling payload execution through Mutex, Events and Semaphores.
-
- Exploits the technique of masking or altering the arguments of a process to hide malicious activity.
-
- It focuses on injecting dynamic link libraries (DLL) into running processes to execute malicious code.
-
- It exploits shellcode injection directly into running processes to control or execute malicious tasks.
-
- Storing a shellcode in the .text section and then executing it.
-
- This technique focuses on controlling the execution flow of a program that is being debugged and obtaining relevant information from it, such as the creation of new threads, loaded modules, exceptions and much more. Or even execute a shellcode.
-
- Running shellcode using Fibers.
-
- Loading a PE file using the Process Ghosting technique.
-
- Obscuring the intentions of a process by modifying the contents of the disk after the image has been mapped.
-
- It addresses the hijacking of threads in remote system processes to carry out malicious actions.
-
Remote Function Stomping Injection
- It exploits the substitution of functions in remote systems to carry out malicious activities.
-
- Performing malicious code injection via memory mapping into remote processes.
-
- Writing and reading shellcode to the Windows Registry.
-
- It focuses on removing the CRT (C Runtime Library) from the binary.
-
- Retrieving shellcode from HTTP requests using Rust.
-
- Technique for deleting the running binary.
-
- Creating string hashes to perform hiding.
-
- This project focuses on the injection attack in the local process, but using syscalls directly.
-
- Performing Threadless Injection using Rust.
-
- Running WMI (Windows Management Instrumentation) queries.
-
- Running shellcode through WebAssembly.
Resources
- Each individual project can include a features section that details the project's main features and functionalities.
- You can view the installation instructions, usage and examples for each project in their respective directories.
Requirements
- Rust: Rust is a modern and secure programming language used to develop the tools in this repository.
- Cargo: Cargo is Rust's package manager and compiler, essential for compiling and running projects.
Compile
Compiling the Project
To start the compilation, use the following command:
Adding Destination Architectures
If you are using a different operating system or need to compile for a specific architecture, you can list all available target architectures with the following command:
Once you have identified the desired target architecture, add it using rustup:
Replace with the desired architecture, such as x86_64-pc-windows-gnu.
Compiling for a Specific Architecture
Then compile the project for the specific architecture:
cargo build --release --target <arch>
How to get started
Follow these steps to start using the projects in this repository:
- Clone this repository on your local machine:
git clone https://github.com/joaoviictorti/RustRedOps.git
- Navigate to the directory of the project you are interested in:
cd RustRedOps/<name-project>
- Follow the project-specific installation and usage instructions as described in the README inside this directory.
Contributing to RustRedOps
To contribute to RustRedOps, follow these steps:
- Fork this repository.
- Create a branch:
git checkout -b <branch_name>
. - Make your changes and confirm them:
git commit -m '<commit_message>'
. - Send to the original branch:
git push origin <project_name> / <local>
. - Create the pull request.
Alternatively, consult the GitHub documentation on how to create a pull request.
Credits / References / Thanks / Motivation
I would like to express my sincere gratitude to the creators of remarkable projects and fascinating techniques, who provided me with the tools and inspiration needed to create this extraordinary repository.
- https://github.com/MemN0ps
- https://github.com/hasherezade
- https://github.com/vxunderground
- https://github.com/NUL0x4C
- https://github.com/mrd0x
- https://github.com/Cracked5pider
- https://github.com/trickster0
- https://github.com/BlWasp
- https://balwurk.com/shellcode-evasion-using-webassembly-and-rust
- https://github.com/janoglezcampos/rust_syscalls
- https://github.com/microsoft
- https://ired.team
- https://github.com/rust-osdev/uefi-rs
- https://github.com/StephanvanSchaik/windows-kernel-rs
- https://discord.gg/rust-lang-community (Discord community that helped a lot)
- https://github.com/CCob
- https://github.com/anvie/litcrypt.rs