Massayo is a small proof-of-concept Rust library which removes AV/EDR hooks in a given system DLL

Related tags

Utilities massayo
Overview

Massayo

Massayo is a small proof-of-concept Rust library based on UnhookingPOC, which removes AV/EDR hooks in a given system DLL. I tried to reduce fingerprints by obfuscating strings and resolving any Windows API functions used dynamically. It loads a freshy copy of a chosen system DLL from System32 directory and replaces the .text section of the currently loaded DLL by its own. I'm not a Rust expert so I'm open to any kind of suggestions or help.

Usage

The function module::unhook_ntdll() is used to load a freshy copy of NTDLL.DLL, but you can also use module::unhook_system_dll in order to select a different one.

use massayo;
fn main() {
    if (massayo::module::unhook_ntdll()) {
        // Success
    } else {
        // Ooops! :(
    }
}

License

MIT

You might also like...
Smolprng - A small PRNG library written in Rust, a translation of SmallPRNG

SmolPRNG This is a small PRNG library/framwork written in pure Rust, that is a translation of another project of mine, SmallPRNG. The main goal of thi

Dustin Kenefake 2 Jan 10, 2022
Small library for text to image steganography.

hips-lib Performs text to image steganography by hinding and retrieving secret text within images or pixel arrays. This is achieved by encoding the se

hewhocopypastes 4 Feb 21, 2023
Rust crate which provides direct access to files within a Debian archive

debarchive This Rust crate provides direct access to files within a Debian archive. This crate is used by our debrep utility to generate the Packages

Pop!_OS 11 Dec 18, 2021
🦀 Rust-based implementation of a Snowflake Generator which communicates using gRPC

Clawflake Clawflake is a Rust application which implements Twitter Snowflakes and communicates using gRPC. Snowflake ID numbers are 63 bits integers s

n1c00o 5 Oct 31, 2022
A tuple crate for Rust, which introduces a tuple type represented in recusive form.

tuplez This crate introduces a tuple type represented in recursive form rather than parallel form. Motivation The primitive tuple types are represente

Nihil 6 Feb 29, 2024
A cross platform tool which instantly notifies about COVID vaccine availability.
A cross platform tool which instantly notifies about COVID vaccine availability.

💉 CoWIN Notifier 😷 A cross-platform tool written in rust, which instantly notifies users about COVID-19 vaccine availability at their regions. Curre

Sanskar Jaiswal 20 May 20, 2021
Postgres proxy which allows tools that don't natively supports IAM auth to connect to AWS RDS instances.

rds-iamauth-proxy rds-proxy lets you make use of IAM-based authentication to AWS RDS instances from tools that don't natively support that method of a

Gold Fig Labs Inc. 10 Nov 7, 2022
Spot coupling by finding out which files are always in the same commit

git moves-together This tells you when files in the repository frequently move together. This lets you identify where the coupling is in the system. C

Billie Thompson 14 Oct 31, 2022
This contract is to provide vesting account feature for the both cw20 and native tokens, which is controlled by a master address

Token Vesting This contract is to provide vesting account feature for the both cw20 and native tokens, which is controlled by a master address. Instan

yys 7 Oct 7, 2022
Owner
null
GitHub
Removes generated and downloaded files from code projects to free up space

makeclean Removes generated and downloaded files from code projects to free up space. Features: List, cleans and archives projects depending on how lo

Kevin Bader 2 Mar 11, 2022
Proof of Concept / Experiment: Use IDF-HAL-LL from bare metal Rust

Proof of Concept / Experiment: Use IDF-HAL-LL from BM Rust idf-ll-compile pre-compiles a static library for ESP32C3 and ESP32 esp-ll a simple crate th

Björn Quentin 0 Aug 11, 2022
Creates a DLL that runs a payload once injected into a process.

Educational purposes only Don't use this project maliciously. Prerequisites Install rust Install windows toolchain Setup Run cargo run --bin builder -

RadonCoding 3 Aug 27, 2022
A simple wrapper for the detour-rs library that makes making hooks much more concise

A simple wrapper for the detour-rs library that makes making hooks much more concise

Khangaroo 6 Jun 21, 2022
My bot Roseline for AGTH hooks and VN related stuff

Roseline Web interface My IRC Bot to store AGTH hooks. Commands ping - Obviously send you back pong. vn <title> - Search VN by title. hook <title> - G

Douman 37 Nov 16, 2022
A simple web-app allowing you to batch archive groups of repositories from a given organization

ice-repos My goal here is to build a simple web-app allowing you to batch archive groups of repositories from a given organization, using Rust+Yew. As

Nic McPhee 6 Nov 5, 2022
Arkworks bindings to Circom's R1CS, for Groth16 Proof and Witness generation in Rust.

ark-circom Arkworks bindings to Circom's R1CS, for Groth16 Proof and Witness generation in Rust.

Georgios Konstantopoulos 138 Dec 25, 2022
A rust interval arithmetic library which provides flags that detect domain errors.

intervals-good A Rust interval arithmetic library which provides flags that detect domain errors, supports more functions than any other interval arit

Oliver Flatt 3 Jul 27, 2022
This article is about the unsound api which I found in owning_ref. Owning_ref is a library that has 11 million all-time downloads and 60 reverse dependencies.

Unsoundness in owning_ref This article is about the unsound api which I found in owning_ref. Owning_ref is a library that has 11 million all-time down

Noam Ta Shma 20 Aug 3, 2022
A Rust library containing a collection of small well-tested primitives.

Gazebo - a library of Rust utilities This library contains a collection of well-tested utilities. Most modules stand alone, but taking a few represent

Meta Incubator 168 Dec 29, 2022