0xflux / Rust-Hells-GateLinks
Rust malware EDR evasion via direct syscalls, fully implemented as an example in Rust
☆64Updated last year
Alternatives and similar repositories for Rust-Hells-Gate
Users that are interested in Rust-Hells-Gate are comparing it to the libraries listed below
Sorting:
- Call Stack Spoofing for Rust☆187Updated last month
- A Rust port of LayeredSyscall — performs indirect syscalls while generating legitimate API call stack frames by abusing VEH.☆152Updated 9 months ago
- A runas implementation with extra features in Rust☆46Updated last month
- Rust For Windows Cheatsheet☆121Updated 9 months ago
- DLL proxying for lazy people☆179Updated last month
- Memory Obfuscation in Rust☆249Updated last month
- 64-bit, position-independent implant template for Windows in Rust.☆143Updated 3 months ago
- A reflective DLL development template for the Rust programming language☆109Updated 3 months ago
- Some Rust program I wrote while learning Malware Development☆140Updated 6 months ago
- Host CLR and run .NET binaries using Rust☆119Updated last month
- Activation Context Hijack☆156Updated 3 weeks ago
- A COFF Loader written in Rust☆120Updated last month
- A Rust crate to parse user-mode minidump files generated on Windows☆15Updated 2 months ago
- Dynamically invoke arbitrary code and use various tricks written idiomatically in Rust (Dinvoke)☆91Updated last month
- Shellcode loader that executes embedded Lua from Rust.☆122Updated 8 months ago
- Payload encoding utility to effectively lower payload entropy.☆119Updated 4 months ago
- Dirty PoC on how to abuse S1's VEH for Vectored Syscalls and Local Execution☆42Updated last year
- My projects to understand malware development and detection. Use responsibly. I'm not responsible if you cause unauthorised damage to any…☆85Updated 2 months ago
- Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆96Updated 6 months ago
- A vulnerable driver exploited by me (BYOVD) that is capable of terminating several EDRs and antivirus software in the market, rendering t…☆99Updated 7 months ago
- Early Bird APC Injection in Rust☆58Updated 10 months ago
- LKM rootkit for modern kernels, with DNS C2 and a simple web interface☆72Updated last month
- Using fibers to run in-memory code.☆217Updated last year
- lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.☆114Updated 11 months ago
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆270Updated 11 months ago
- NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…☆223Updated 6 months ago
- A Rust version of Mirage, a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆39Updated 5 months ago
- A Mythic Agent written in PIC C.☆199Updated 6 months ago
- ☆195Updated last year
- Detect EDR's exceptions by inspecting processes' loaded modules☆130Updated last year