OffensiveRust

Features

Red Teaming Frameworks - Provides a comprehensive toolkit of primitives for offensive security operations and adversary simulation in Rust.

Security Software Evasion - Provides a comprehensive set of techniques for bypassing antivirus and endpoint protection tools.

Kernel Exploitation - Triggers vulnerabilities in kernel drivers to execute arbitrary shellcode in kernel space.

Kernel Rootkits - Utilizes kernel drivers to implement rootkit functionality and perform system-level exploits.

Direct System Call Invocations - Invokes operating system functions using inline assembly to bypass standard monitoring and avoid security detection.

Inline Assembly Payload Execution - Invokes kernel functions directly via inline assembly to bypass user-mode monitoring and API hooks.

Offensive Kernel Drivers - Creates Windows kernel drivers to implement low-level system functionality and execute memory corruption exploits.

Low-Level Systems Programming - Interacts directly with the Windows kernel and memory via assembly and undocumented APIs for system-level control.

Remote Thread Injection - Implements the execution of payloads in target processes by allocating memory and creating remote threads.

Windows API Wrappers - Wraps low-level Windows system functions and undocumented APIs for system manipulation.

String Literal Obfuscation - Obfuscates literal strings during the build process to prevent discovery via static binary analysis.

Shellcode - Applies XOR or AES-CBC encryption to shellcode to prevent static analysis and signature-based detection.

In-Memory Payload Execution - Implements techniques to run binary payloads from unbacked memory regions to avoid disk-based detection.

In-Memory Process Injection - Executes shellcode or binaries inside remote process memory using techniques like process hollowing and reflective injection.

Malware Development Kits - Provides a toolkit for creating stealthy malware with encrypted payload delivery and process hollowing.

Payload Obfuscators - Obfuscates shellcode and binaries using AES, RC4, or XOR to evade antivirus and EDR software.

Post-Exploitation Toolkits - Implements utilities for maintaining access and escalating privileges after initial system compromise.

Privilege Escalation Techniques - Increases process permissions by manipulating security tokens or exploiting kernel drivers to gain administrative access.

Security Token Manipulators - Duplicates security tokens from target processes to elevate privileges and execute restricted system actions.

Process Privilege Elevation - Enables restricted administrative actions by modifying the current process token to include system privileges.

Process Token Manipulators - Provides utilities for stealing, modifying, and elevating security access tokens within active processes.

EDR Evasion - Evades security detection by patching event tracing and spoofing process identifiers.

Account Impersonation - Duplicates process tokens to execute actions under the security context of another user.

Binary Metadata Stripping - Removes metadata and debug symbols from compiled binaries to reduce size and hinder reverse engineering.

Manual PE Mapping - Parses portable executable headers to manually load binaries into memory without using the system loader.

Undocumented API Interactions - Invokes undocumented Windows system functions by analyzing the process environment block or using direct system calls.

UUID-Encoded Shellcode Loading - Converts binary payloads into UUID strings to load them into heap memory via system callbacks.

Callback-Based Injection - Evades security software by passing a memory address as a callback function to a system API.

Encrypted Shellcode Injection - Executes encrypted payloads by decrypting them with AES and queuing an asynchronous procedure call.

Local Shellcode Execution - Executes raw byte arrays by converting static buffers into callable function pointers for in-memory execution.

Device Driver IOCTL Communication - Communicates with hardware drivers by sending specific control codes and data buffers through device handles.

DLL Injection Techniques - Produces compiled libraries designed to execute custom logic within the memory space of a target process.

Event Tracing Disablement - Implements the ability to overwrite event writing functions to prevent the generation of security logs.

Keystroke Logging - Captures and logs characters typed by a user in real time by monitoring low-level keyboard events.

Manual Memory Mapping - Allocates memory and maps binaries manually using direct syscalls and module stomping techniques.

PEB Traversals - Finds the base memory address of a specific library by traversing the process environment block.

Process Relationship Spoofing - Manipulates parent-child process relationships to deceive security monitoring tools.

Self-Deleting Executables - Removes the executable file from the disk immediately after execution to leave no trace.

System Enumeration Tools - Identifies system configurations and security products through WMI queries and file system analysis.

PEB-Based Resolution - Traverses the process environment block to find library base addresses and resolve function pointers dynamically.

Covert Backdoors - Maintains covert communication channels via TCP and SSL connections that bypass security monitoring.

Keystroke Logging - Implements stealthy recording of user keyboard input to capture sensitive information.

SSL Verification Bypasses - Establishes secure connections using invalid or self-signed certificates by disabling SSL verification.

PE Header Parsing - Analyzes the structure of PE files to implement advanced loading and injection techniques.

API Export Resolution - Finds the memory address of a specific function by parsing the export directory of a loaded module.

System Input Hooks - Provides low-level interception of hardware input events and API calls via system hooks.

String Obfuscation Encodings - Conceals hostnames and usernames by encoding them into base64 strings to prevent plain-text analysis.

Static Analysis Obfuscation - Hides strings and payloads from static analysis using encryption and encoding to defeat binary scanning tools.

WMI Data Acquisition - Retrieves security product details and system configuration data by executing raw WMI queries.

Dynamic API Resolution - Locates and executes external library functions at runtime by resolving memory addresses through the operating system.

OffensiveRust is a red team toolkit and malware development kit written in Rust. It serves as an evasion framework and post-exploitation library, providing a collection of offensive security primitives and a Windows API wrapper for interacting with low-level system functions and undocumented APIs.

The project focuses on bypassing security software through direct system calls, memory obfuscation, and stealthy payload execution. It implements techniques to defeat static binary analysis via compile-time string encryption and payload obfuscation, while avoiding detection using parent process ID spoofing and event tracing disablement.

The toolkit covers a broad range of system manipulation capabilities, including process injection, privilege escalation through token impersonation, and kernel-space interaction via driver development. It also provides utilities for system reconnaissance using WMI queries, keyboard input interception, and the establishment of covert network channels that bypass SSL certificate validation.

Features