Rust reverse shell | PointerSec

Autoplay
Autocomplete

Previous Lesson Complete and Continue

Certified Malware Developer

Introduction

Course Overview (3:59)

Join our Discord

Discord invite link

Setting up Lab Environment

Download Link 1
Setting up LAB VM (3:21)
Ping sweep command

Setting up Rust Environment

Installing Rust and Hello World Program (8:17)
Compiling to 32bit and 64bit programs (4:41)
Rust Formatter (1:11)

Rust Fundamentals

Variables and shadowing (11:25)
Operators and Loops (14:13)
Reading User Input (7:56)
Command Line Arguments (4:42)
Arrays, Vectors and Strings (38:44)
References, Ownership and Borrowing (16:38)
Functions (13:02)
Structures (19:07)
Pointers (15:45)

Fundamentals - Part 1

MessageBoxW (2:54)
MessageBoxA (12:09)
Introduction to Windows API (47:27)

Fundamentals - Part 2

UNICODE_STRING structure (10:46)
Reading String from Memory (18:44)
Reading Unicode String from Memory (10:46)

Enumerating Processes

Enumerating processes using NtQuerySystemInformation (28:00)
Enumerating processes using Createtoolhelp32snapshot (15:52)
Enumerating processes (15:36)
Enumerating parent process id (3:15)
Enumerating Windows handles text (10:37)

Enumerating Threads

Enumerating threads with ntquerysysteminformation (18:03)
Enumerating threads using Createtoolhelp32snapshot (7:29)

Enumerating Operating System

Enumeration using ntqueryinformationprocess (12:15)
Enumerating CPU Information (4:01)
RtlGetVersion (8:44)
Enumerating RAM Information (9:07)
Enumerating PEB address from gs register using asm (8:22)

Enumerating DLLs

Enumerating modules using createtoolhelp32snapshot (12:48)
Enumerating modules from PEB LDR (21:31)

Enumerating Token

Adjusting Token Privileges (8:33)
Converting SID to username (9:01)
Enumerating Token Groups (7:39)
Enumerating Token Privileges (10:00)
Enumerating Token User and SID (21:28)
Enumerating token privilege description (7:42)

Creating DLL & Exporting a function

Generating DLLs (5:07)
Generating Dlls using Visual studio

Enumerating Clipboard

Enumerating clipboard (5:26)

Enumerating Process parameters & Environment Block

Enumerating Environment Block (11:30)
Enumerating process parameters (18:51)

Enumerating Network Shares

Enumerating network shares (21:58)

File Operations

Writing Contents to file (7:05)
Reading Contents from file (4:28)
Creating a file (6:54)
Listing Directory contents (13:48)

Enumerating Registry

Enumerating Subkeys (23:16)
Enumerating key values and content (16:51)
Windows Registry Tutorial (35:26)

Windows Named Pipes

Creating Named Pipe (10:09)
Creating Client pipe and chatserver (19:18)

OS Command Execution

Executing OS Commands (9:07)

Rusty Reverse Shell

Rust reverse shell (25:49)

Shellcode Injection

Executing shellcode via function pointer/delegate (5:05)
Shellcode Runner using Windows API (11:20)
Remote Shellcode Injection (7:47)

DLL Injection

DLL Injection in remote process (10:03)
DLL Injection theory (5:11)

DLL Proxying / Forwarding

Generating a DLL (5:07)
Proxying a DLL function from malicious dll to legit dll (9:55)

Writing a Reflective PE Loader

Writing our own FillStructureFromArray function (12:13)
Writing our own FillStructureFromMemory function (8:08)
Parsing DOS Header (15:58)
Parsing NT Header (15:52)
Mapping sections (15:05)
Fixing Imports (25:56)
Fixing Base Relocations (13:54)
Testing Metasploit Payloads (4:33)
Writing our own ReadStringFromMemory function (6:59)

Bypassing AMSI

Patching AMSI (7:09)

API Hooking

Local API Hooking (23:16)

IAT Hooking

Hooking Import Address Table (14:58)

Hiding any process from Task Manager

Enumerating Processes with NtQuerySystemInformation (27:50)
Hiding any process from Task Manager by hooking NtQuerySystemInformation (11:52)

Process Hollowing

CreateProcess API (5:16)
Process Hollowing (11:59)

NTFS Transactions

TxF Windows API (14:17)

API Hashing

GetProcAddress without GetProcAddress (20:44)
API Hashing (11:14)

Process Doppelganging

Process Doppelganging (15:29)

PPID Spoofing

Spoofing parent process pid (16:46)

DLL Hollowing

Dll Hollowing (7:13)

Bypassing AppLocker

Bypassing Hash rules (4:02)
Storing and Executing payload from Alternate Data Streams (5:24)
Bypassing Default Rules with InstallUtil (5:17)
Bypassing with MSBuild

Building a Simple Debugger

Introduction to Debugging (4:37)
Creating a new DEBUG process (14:40)
Attaching to the process and Waiting for DEBUGEVENT (16:13)
Continuing the DEBUG EVENT and Detaching (11:03)
Handling the DEBUG EVENTS (11:46)
Setting Software breakpoints (16:54)
Clearing Software breakpoints (19:44)
Setting Hardware Breakpoints (15:51)
Clearing Hardware Breakpoints (11:14)

AMSI Bypass via Hardware Breakpoints

Setting Hardware Breakpoint at AmsiScanBuffer() and modifying the length parameter (18:21)
Setting Hardware Breakpoint at LdrLoadDll() to prevent loading of amsi.dll (28:13)
All the Debugger code

Windows Services basics

Theory (6:26)

Creating our malicious service for persistence

Starting service control dispatcher (8:50)
Writing Service Control Handler (11:42)
Writing Service Main function and Launching our service (13:29)

Abusing Unquoted service paths

Finding Unquoted service paths with WinAPI with Rust (37:01)

Insecure Service Permissions

Finding Changable service configs with Rust (4:54)

Lab Challenges Walkthrough

Challenge1- Walkthrough (4:43)
Challenge2 - Walkthrough (3:38)
Challenge3 - Walkthrough (0:59)
Challenge4 - Walkthrough (2:55)
Challenge5 - Walkthrough (5:08)
Challenge6 - Walkthrough (10:41)
Challenge7 - Walkthrough (1:17)
Challenge8 - Walkthrough (1:40)
Challenge9 - Walkthrough (2:29)
Challenge10 - Walkthrough (4:09)
Challenge11 - Walkthrough (4:41)
Challenge12- Walkthrough (2:51)
Challenge13 - Walkthrough (4:17)
Challenge14 - Walkthrough (3:42)
Challenge15 - Walkthrough (3:41)
Challenge16 - Walkthrough (4:36)
Challenge17 - Walkthrough (2:31)
Challenge18 - Walkthrough (2:54)
Challenge19 - Walkthrough (4:06)
Challenge20 - Walkthrough (1:27)
Challenge21 - Walkthrough (1:13)
Challenge22 - Walkthrough (1:21)
Challenge23 - Walkthrough (2:07)
Challenge24 - Walkthrough (2:13)
Challenge25 - Walkthrough (3:14)
Challenge26- Walkthrough (2:37)
Challenge27 - Walkthrough (2:26)
Challenge28 - Walkthrough (1:56)
Challenge29 - Walkthrough (3:35)
Challenge30 - Walkthrough (1:55)
Challenge31 - Walkthrough (1:37)
Challenge32 - Walkthrough (2:21)
Challenge33 - Walkthrough (1:20)
Challenge34 - Walkthrough (1:44)
Challenge35 - Walkthrough (3:05)
Challenge36 - Walkthrough (1:39)
Challenge37 - Walkthrough (2:37)
Challenge38 - Walkthrough (2:05)
Challenge39 - Walkthrough (3:18)
Challenge40 - Walkthrough (3:01)
Challenge41 - Walkthrough (3:47)
Challenge42 - Walkthrough (3:23)
Challenge43 - Walkthrough (1:52)
Challenge44 - Walkthrough (2:32)
Challenge45 - Walkthrough (4:08)
Challenge46 - Walkthrough (5:36)
Challenge47 - Walkthrough (4:04)
Challenge48 - Walkthrough (2:58)
Challenge49 - Walkthrough (2:22)
Challenge50 - Walkthrough (1:40)

All code snippets github repo

Link to the repo for all code snippets

Scheduling the Exam

How to schedule the exam (2:37)

Teach online with

Rust reverse shell

Lesson content locked

If you're already enrolled, you'll need to login.

Enroll in Course to Unlock