Rust redteam Libraries
Threadless Module Stomping In Rust with some features
NovaLdr is a Threadless Module Stomping written in Rust, designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities. This project is not intended to be a complete or polished product but rather a journey into the technical aspects of malware, showcasing various techniques and features.
REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust. 🦀
Information: REC2 is an old personal project (early 2023) that I didn't continue development on. It's part of a list of projects that helped me to lea
RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust. 🦀
Information: RDE1 is an old personal project (end 2022) that I didn't continue development on. It's part of a list of projects that helped me to learn
Process injection through entry points hijacking.
EPI EPI (Entry Point Injection) is a tool that leverages a new threadless process injection technique that relies on hijacking loaded dll's entry poin
Detect EDR's exceptions by inspecting processes' loaded modules
Description This tool looks for either the processes that have a certain binary loaded or the processes that don't. This is useful in the following sc
Active Directory data collector for BloodHound written in Rust. 🦀
RustHound Summary Limitation Description How to compile it? Using Makefile Using Dockerfile Using Cargo Linux x86_64 static version Windows static ver
Using fibers to run in-memory code in a different and stealthy way.
Description A fiber is a unit of execution that must be manually scheduled by the application rather than rely on the priority-based scheduling mechan
Process Injection via Component Object Model (COM) IRundown::DoCallback().
COM PROCESS INJECTION for RUST Process Injection via Component Object Model (COM) IRundown::DoCallback(). 该技术由 @modexpblog 挖掘发现，在我对该技术进行深入研究过程中，将原项目 m
Hide memory artifacts using ROP and hardware breakpoints.
Description This tool is a simple PoC of how to hide memory artifacts using a ROP chain in combination with hardware breakpoints. The ROP chain will c
Dangerously fast dns/network/port scanner, all-in-one
Skanuvaty Dangerously fast dns/network/port scanner, all-in-one. Start with a domain, and we'll find everything about it. Features: Finds subdomains f