Of course there is much, much more to discover! Just check the repo for details □ □ Comprehensive logging of all interactions and file operations □ Support for operations on any platform, implant only targeting 圆4 Windows for now □ Easy deployment of more advanced functionality or payloads via inline-execute, shinject (using dynamic invocation), or in-thread execute-assembly ⚙ Wide selection of commands focused on early-stage operations including local enumeration, file or registry management, and web interactions □ Support for several implant types, including native binaries (exe/dll), self-deleting executables, or shellcode (via sRDI) □ Strong encryption and compression of all traffic by default, dynamically obfuscates all static strings in implant artefacts □️ Pretty web GUI that will make you look cool during all your ops □ Lightweight and configurable implant written in the Nim programming language NimPlant supports some pretty cool features: Keep in mind that this also means there are some safeguards built-in to prevent abuse ) I'm releasing NimPlant in an attempt to enthuse others about offensive tool development, and in hopes of supporting transparency in the offensive security tooling (OST) space, and to help defenders guard themselves against non-public tools with similar purposes. It's not a full-featured C2 framework like other (commercial) solutions, but it should work well for early-stage ops. I initially started working on NimPlant to learn a bit more about the Nim programming language, before it grew out to a tool that could actually be used in operations. □ After almost 2 years of working on NimPlant as a personal side project, I’m proud to finally release it to the public! NimPlant is a light-weight, first-stage command-and-control (C2) implant written in Nim, with a supporting C2 server written in Python and a sleek web-based user interface written in Next.JS. GitHub - chvancooten/maldev-for-dummies: A workshop about Malware Development It beats (finally) learning C, that's for sure! ✅ Overall: 7.8/10 would recommend, will def write more Rust malware in the future. It also seems unnecessarily hard to properly strip binaries, as Rust does seem to like to sprinkle some random artifacts into your binary (that might just be my inexperience though!). On the negatives: The language is very explicit, which also makes it very verbose and sometimes harder to read or structure. The language also has way more adoption than something like Nim, which means your app will look more legitimate - no more detections on your 'hello world'! □ On top of that, the use of LLVM makes Rust binaries quite tough to reverse, concurrency and macros feel more 'modern' compared to other languages, and there is a great package ("crate" □) ecosystem that you can make use of. The ownership system can be hard to grasp at first, but makes it so the compiler can prevent you from making silly mistakes before you actually run your code. Though Rust is still not my favorite language to read, its modern features definitely make it suitable for offensive development, and more specifically, malware development. In preparation of my upcoming x33fcon workshop and by popular demand I have added the Rust language to my 'MalDev for Dummies' workshop! □
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |