🔥 Introducing RustPack 🔥 . RustPack is an evasive Packer/Loader, that is capable of bypassing common AV/EDR vendors. It accepts user-provided known malicious input payloads, such as shellcode, C# assemblies or portable executables (PE). Those inputs are encrypted, and decrypted on runtime by a newly generated non non-malicious payload. This process is known to be called packing or crypting. Some Features: - Each payload looks different, making signature creation more difficult. - Userland hooks are bypassed by default for each generated payload. - The encryption key is never fully embedded in the final payload but always retrieved on runtime. This is good for bypassing emulators or automatic unpacking engines. - Encrypted payloads can also be decoupled from the new binary to load them from a remote location on runtime - Multiple Anti-Debug techniques are applied to each payload by default. - Environmental Keying and Anti-Sandbox options included. - No cloud service. The software is delivered to the customer as a closed source solution Evasion options: - Several AMSI bypass techniques ranging from Patching to using Hardware Breakpoints - Multiple optional ETW bypasses - Support for Module stomping - OPSec safe remote injection techniques such as ThreadlessInject or a customised Caro-Kann technique The tool is still under active development and lot's of features/demos/etc. will follow. Some more information can be found here: msecops.de/products #redteam #pentesting #pentest #OST
