JOIN BREACHFORUMS TELEGRAM
Rust Based Windows Kernel Rootkit
by Loki - Saturday August 3, 2024 at 05:43 PM
The God of Stories
Member
Posts: 2,886
Threads: 65
Joined: Jun 2024
Reputation: 1,788

Active
#1
Aug 03, 2024, 05:43 PM
Features
Process
  • Process (Hide / Unhide) ✅
  • Process Signature (PP / PPL) ✅
  • Process Protection (Anti-Kill / Dumping) ✅
  • Elevate Process to System ✅
  • Terminate Process ✅
  • Lists protected and hidden processes currently on the system ✅
Thread
  • Thread (Hide / Unhide) ✅
  • Thread Protection (Anti-Kill) ✅
  • Lists protected and hidden threads currently on the system ✅
Driver
  • Driver (Hide / Unhide) ✅
  • Enumerate Driver ✅
  • Driver Signature Enforcement (DSE)
  • DSE (Enable / Disable) ✅
  • Keylogger
  • Keylogger (Start / Stop) ✅
Callbacks
  • List / Remove / Restore Callbacks
  • PsSetCreateProcessNotifyRoutine ✅
  • PsSetCreateThreadNotifyRoutine ✅
  • PsSetLoadImageNotifyRoutine ✅
  • Module
  • Enumerate Module ✅
Registry
  • Registry Protection (Anti-Deletion e Overwriting) ✅
  • Injection Shellcode
  • Process Injection (ZwCreateThreadEx) ✅
  • APC Injection ✅

Hidden Content
You must register or login to view this content.


Omnicer
Reply
Elite User

Posts: 149
Threads: 4
Joined: Sep 2023
Reputation: 0
#2
Aug 06, 2024, 04:30 PM
(Aug 03, 2024, 05:43 PM)Lokie Wrote: Features
Process
  • Process (Hide / Unhide) ✅
  • Process Signature (PP / PPL) ✅
  • Process Protection (Anti-Kill / Dumping) ✅
  • Elevate Process to System ✅
  • Terminate Process ✅
  • Lists protected and hidden processes currently on the system ✅
Thread
  • Thread (Hide / Unhide) ✅
  • Thread Protection (Anti-Kill) ✅
  • Lists protected and hidden threads currently on the system ✅
Driver
  • Driver (Hide / Unhide) ✅
  • Enumerate Driver ✅
  • Driver Signature Enforcement (DSE)
  • DSE (Enable / Disable) ✅
  • Keylogger
  • Keylogger (Start / Stop) ✅
Callbacks
  • List / Remove / Restore Callbacks
  • PsSetCreateProcessNotifyRoutine ✅
  • PsSetCreateThreadNotifyRoutine ✅
  • PsSetLoadImageNotifyRoutine ✅
  • Module
  • Enumerate Module ✅
Registry
  • Registry Protection (Anti-Deletion e Overwriting) ✅
  • Injection Shellcode
  • Process Injection (ZwCreateThreadEx) ✅
  • APC Injection ✅



Omnicer

better not be eagle Sad
Reply
Breached
Member
Posts: 3
Threads: 0
Joined: Apr 2024
Reputation: 0
#3
Aug 06, 2024, 04:48 PM
Mmm rust good, harder 2 detect
Reply
Breached
Member
Posts: 21
Threads: 0
Joined: Aug 2024
Reputation: 0
#4
Aug 08, 2024, 09:32 PM (This post was last modified: Aug 08, 2024, 09:34 PM by evil_quiddity_1.)
Using Windows' own bootloader to bypass Secure Boot
damn , i am early, lets learn something new
Reply
Breached
Member
Posts: 23
Threads: 2
Joined: Aug 2024
Reputation: 0
#5
Aug 11, 2024, 10:37 PM
this seems interesting
Reply
Breached
Member
Posts: 7
Threads: 0
Joined: Aug 2024
Reputation: 0
#6
Aug 11, 2024, 11:00 PM (This post was last modified: Aug 11, 2024, 11:09 PM by deepnet.)
Rust is king when it comes to malware....

I'm seeing a crate for shadow-rs as well so this would be pretty cool to have installed by accident thinking they were using the original crate.

Looks cool though, a work in progress
Reply
Breached
Member
Posts: 16
Threads: 0
Joined: Jul 2024
Reputation: 0
#7
Aug 12, 2024, 01:41 AM
(Aug 03, 2024, 05:43 PM)Lokie Wrote: Features
Process
  • Process (Hide / Unhide) ✅
  • Process Signature (PP / PPL) ✅
  • Process Protection (Anti-Kill / Dumping) ✅
  • Elevate Process to System ✅
  • Terminate Process ✅
  • Lists protected and hidden processes currently on the system ✅
Thread
  • Thread (Hide / Unhide) ✅
  • Thread Protection (Anti-Kill) ✅
  • Lists protected and hidden threads currently on the system ✅
Driver
  • Driver (Hide / Unhide) ✅
  • Enumerate Driver ✅
  • Driver Signature Enforcement (DSE)
  • DSE (Enable / Disable) ✅
  • Keylogger
  • Keylogger (Start / Stop) ✅
Callbacks
  • List / Remove / Restore Callbacks
  • PsSetCreateProcessNotifyRoutine ✅
  • PsSetCreateThreadNotifyRoutine ✅
  • PsSetLoadImageNotifyRoutine ✅
  • Module
  • Enumerate Module ✅
Registry
  • Registry Protection (Anti-Deletion e Overwriting) ✅
  • Injection Shellcode
  • Process Injection (ZwCreateThreadEx) ✅
  • APC Injection ✅



Omnicer
Bya to pizdec potimu nelnya prosto vilozit
Reply
MVP User
MVP
Posts: 11
Threads: 1
Joined: Aug 2024
Reputation: 20

MVP
#8
Aug 12, 2024, 03:43 AM
This looks cool (recently been teaching myself rust), thank you for sharing <3
Reply
Elite User

Posts: 205
Threads: 5
Joined: Aug 2024
Reputation: 0
#9
Aug 12, 2024, 05:21 AM
This looks like it will be really good cuz I need to learn more languages. Thanks a ton
Reply
Breached
Member
Posts: 4
Threads: 0
Joined: Aug 2024
Reputation: 0
#10
Aug 16, 2024, 05:23 PM
Rust is king when it comes to malware....
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [Sektor7] Full Recent Course Spearr 30 625 24 minutes ago
Last Post: sud0net
  Sektor7 - Malware Development Advanced - Vol.1 Sh4d0w1X 424 42,562 25 minutes ago
Last Post: sud0net
  Xordium stealer for Pulsar v2.4.5 nullvex 25 976 3 hours ago
Last Post: gergergergerg5825g651eg
  [ LIST ] 5 FREE STEALERS WITH PROS/CONS elix 384 14,755 4 hours ago
Last Post: gergergergerg5825g651eg
  [Go] Using the recycle bin for stealthy persistence (Beginner tutorial) CreateThread 16 913 Yesterday, 07:53 AM
Last Post: sureno

Forum Jump:


 Users browsing this forum: 1 Guest(s)