🔎

    Credits and ressources

    List of ressources that was used for our research.

    Article🔗

    • https://socradar.io/why-ransomware-groups-switch-to-rust-programming-language/
    • https://www.itpro.com/security/ransomware/368476/why-are-ransomware-gangs-pivoting-to-rust
    • https://tehtris.com/fr/blog/analyse-malware-buer-loade
    • https://www.zdnet.fr/actualites/ce-malware-a-ete-reecrit-en-langage-rust-pour-le-rendre-plus-difficile-a-reperer-39922109.htm
    • https://kerkour.com/end-to-end-encryption-key-exchange-cryptography-rust
    • https://dev.to/talenttinaapi/the-dark-side-of-rust-programming-language-ad5
    • https://www.thesslstore.com/blog/polymorphic-malware-and-metamorphic-malware-what-you-need-to-know
    • https://kerkour.com/shellcode-in-rust
    • https://doc.rust-lang.org/rust-by-example/unsafe/asm.html
    • https://kerkour.com/advanced-shellcode-in-rust
    • https://kerkour.com/rust-execute-from-memory
    • https://docs.rs/device_query/latest/device_query/
    • https://friendlyuser.github.io/posts/tech/rust/Interacting_with_Windows_File_System_using_WinAPI_in_Rust/
    • https://microsoft.github.io/windows-docs-rs/
    • https://www.ired.team/miscellaneous-reversing-forensics/windows-kernel-internals/exploring-process-environment-block
    • https://docs.rust-embedded.org/embedonomicon/smallest-no-std.html
    • https://www.thesslstore.com/blog/polymorphic-malware-and-metamorphic-malware-what-you-need-to-know
    • https://hfiref0x.github.io/NT10_syscalls.html
    • https://alice.climent-pommeret.red/posts/direct-syscalls-hells-halos-syswhispers2/
    • https://trickster0.github.io/posts/Halo's-Gate-Evolves-to-Tartarus-Gate/
    • https://web.archive.org/web/20110929075510/http://invisiblethings.org/papers/redpill.html
    • https://web.archive.org/web/20100725003848/http://www.redlightsecurity.com/2008/04/virtualization-red-pill-or-blue.html
    • https://learn.microsoft.com/en-us/virtualization/hyper-v-on-windows/tlfs/feature-discovery
    • https://whiteknightlabs.com/2021/12/11/bypassing-etw-for-fun-and-profit/
    • https://pentestmag.com/etw-vs-sysmon-against-c2-servers/
    • https://unprotect.it/technique/disabling-event-tracing-for-windows-etw/

    Books🔗

    • Sylvain Kerkour. (2021). Black Hat Rust. https://kerkour.com/black-hat-rust
    • Steve Klabnik, Carol Nichols (2018). The Rust Programming Language. ‎ No Starch Press
    • Cameron Hart (Bitshifter). (2015). Debugging & Rust. https://bitshifter.github.io/rr+rust/
    • rust-lang. (2023). The Cargo Book. https://doc.rust-lang.org/cargo/
    • Matt Hand. (2023). Evading EDR. No Starch Press
    • Hugo Bitard. (2023). Obscurcissement, Injection et Shellcode

    GitHub🔗

    • aahmad097/AlternativeShellcodeExec
    • trickster0/OffensiveRust
    • yamakadi/houdini
    • LloydLabs/delete-self-poc
    • am0nsec/HellsGate
    • b1tg/rust-windows-shellcode
    • hasherezade/masm_shc
    • Arvanaghi/CheckPlease