red team manual - Robuta Search

https://fluxsec.red/rust-windows-driver Creating a Windows Driver in Rust - 0xflux Red Team Manual | Systems programming A tutorial showing you how to get started with Windows Driver Development in Rust. red team manual creating windows driver rust https://fluxsec.red/rust-dll-windows-api Building a DLL in Rust - 0xflux Red Team Manual | Systems programming Learn the process of creating a dynamic link library (DLL) in Rust with this guide. Learn how to leverage the Windows API for malware development in Rust,... red team manual building dll rust systems https://fluxsec.red/windows-rust-driver-irql-driver-mutex Windows Driver IRQL and acquiring a Driver Mutex - 0xflux Red Team Manual | Systems programming Learn how to safely handle Windows Driver IRQL levels and acquire a Fast Mutex in Rust. This guide covers IRQL best practices, preventing blue screens, and... red team manual windows driver acquiring mutex https://fluxsec.red/considering-ransomware-edr-defence-strategy Real-time Ransomware Detection Strategy - 0xflux Red Team Manual | Systems programming Explore effective ransomware detection strategies in Sanctum EDR, leveraging Windows minifilter drivers to identify ransomware activity in real-time. red team manual real time ransomware detection strategy https://fluxsec.red/rust-dll-search-order-hijacking Rust DLL Search Order Hijacking - 0xflux Red Team Manual | Systems programming Learn about Rust DLL Search Order Hijacking for EDR evasion using Rust. red team manual rust dll search order https://fluxsec.red/how-I-developed-a-markdown-blog-with-go-and-HTMX How I developed a markdown blog in Go and HTMX - 0xflux Red Team Manual | Systems programming See how you can develop a markdown blog using Go in this detailed guide. Learn about my choice to use markdown over HTML, the challenges faced, and how Go's... red team manual developed markdown blog go https://fluxsec.red/rust-opsec-malware-development Rust OPSEC for Malware Development - 0xflux Red Team Manual | Systems programming Learn how to harden your Rust-based malware against static fingerprinting by avoiding Serde, manually implementing enum serialization, and using conditional... red team manual rust opsec malware development https://fluxsec.red/monitoring-ntdll-for-memory-patching-etw-hacking-bypass-in-rust-EDR Monitoring NTDLL for in memory patching - 0xflux Red Team Manual | Systems programming Learn how to detect in-memory patching of NTDLL and ETW bypass techniques in a Rust-based EDR. Deep dive into PE headers, pointer arithmetic, and integrity... red team manual monitoring memory patching systems https://fluxsec.red/simple-ransomware-detection-sanctum-minifilter Starting point for simple ransomware detection - 0xflux Red Team Manual | Systems programming Build a Windows filesystem minifilter in C that flags suspicious file renames and write intent, using LockBit-style extensions as a starter signal for... red team manual starting point simple ransomware detection https://fluxsec.red/communicating-from-hooked-syscall-rust Communicating from the hooked syscall - 0xflux Red Team Manual | Systems programming Learn how to communicate from a hooked syscall using Interprocess Communication (IPC) in Rust. This post explores both async (Tokio) and blocking approaches... red team manual communicating hooked syscall systems https://fluxsec.red/chx-copy-hex-dumper Clipboard Hex Dumper Tool - 0xflux Red Team Manual | Systems programming Clipboard Hex Dumper, or chx, is a commandline tool to copy a binary hexdump to your clipboard. red team manual clipboard hex dumper tool https://fluxsec.red/etw-patching-rust EDR Evasion ETW patching in Rust - 0xflux Red Team Manual | Systems programming Learn how to use Rust for ETW patching to evade EDR detection. This guide covers user mode bypass techniques, coding examples, and testing methods. red team manual edr evasion etw patching https://fluxsec.red/detecting-vectored-exception-handling-malware-rust-edr-windows-kernel Detecting Vectored Exception Handling Squared in an EDR - 0xflux Red Team Manual | Systems... Learn how VEH² uses hardware breakpoints to bypass security routines, and how a Rust-based Windows kernel EDR can detect debug-register tampering by... red team manual detecting exception handling squared https://fluxsec.red/improving-EDR-via-windows-driver-apc-injection-rust Improving consistency with EDR DLL Injection via APCs - 0xflux Red Team Manual | Systems programming How I implemented robust DLL injection from a Windows driver using Kernel to User APCs and a small shellcode bootstrap for LdrLoadDll. red team manual improving consistency edr dll https://fluxsec.red/alt-syscalls-for-windows-11 Alt Syscalls for Windows 11 - 0xflux Red Team Manual | Systems programming Learn how to implement and reverse-engineer Windows 11’s undocumented Alternate Syscalls mechanism in the kernel using Rust. Step-by-step guide covers thunk... red team manual alt windows systems programming https://fluxsec.red/sanctum-edr-intro Intro and plan for the Sanctum EDR - 0xflux Red Team Manual | Systems programming Discover the project plan for building Sanctum, an open-source EDR in Rust. Learn about the features, milestones, and challenges in developing an effective EDR... red team manual intro plan sanctum edr https://fluxsec.red/logging-errors-in-rust Error logging - 0xflux Red Team Manual | Systems programming Discover methods for optimizing error logging in Rust, from resolving log file paths just once to using #[track_caller] for accurate panic tracing. Ideal for... red team manual error logging systems programming https://fluxsec.red/edr-hooking-virtual-alloc-ex-rust-malware Hooking VirtualAllocEx - 0xflux Red Team Manual | Systems programming Implementing a syscall hook for VirtualAllocEx in Rust to track remote memory allocations. Learn how EDRs monitor process injections using Windows API hooks. red team manual hooking systems programming https://fluxsec.red/implementing-syscall-hooking-rust Implementing syscall hooks in Rust - 0xflux Red Team Manual | Systems programming Learn how to implement syscall hooking in Rust with a detailed walkthrough, from DLL injection and syscall resolution to modifying execution flow. This post... red team manual implementing syscall hooks rust https://fluxsec.red/str-crypter Str Crypter - Payload string encryption with Rust - 0xflux Red Team Manual | Systems programming Str Crypter is a Rust macro for encrypting cleartext strings in a binary at compile time for red teaming and malware implant development. red team manual str payload encryption rust https://fluxsec.red/ghost-hunting-open-process Ghost hunting OpenProcess - 0xflux Red Team Manual | Systems programming Learn how the Ghost Hunting technique detects malware abusing OpenProcess by tracking syscall hooks and kernel events in real-time. Explore Rust-based EDR... red team manual ghost hunting systems programming https://fluxsec.red/mitigating-broadcast-spoofing-rust-sanctum-edr-ghost-hunting Mitigating broadcast spoofs with Ghost Hunting - 0xflux Red Team Manual | Systems programming Ghost Hunting in EDR: Preventing syscall broadcast spoofing in Rust. Learn how to secure your detection pipeline using GetNamedPipeClientProcessId. red team manual ghost hunting mitigating broadcast systems https://fluxsec.red/analysing-an-AutoIt-infostealer-distributed-on-reddit Analysing an AutoIt infostealer distributed on Reddit - 0xflux Red Team Manual | Systems programming Reverse engineering a Reddit-distributed Windows infostealer: cabinet-based installer drops an obfuscated BAT that reconstructs an AutoIt payload and... red team manual analysing autoit infostealer distributed https://fluxsec.red/rust-windows-driver-configuration Configuring a Rust Windows driver - 0xflux Red Team Manual | Systems programming A comprehensive tutorial on how to configure a basic Windows driver in Rust. This guide explains the entry point DriverEntry, unload routine DriverUnload, and... red team manual configuring rust windows driver https://fluxsec.red/reflective-dll-injection-in-c Reflective DLL injection and bootstrapping in C - 0xflux Red Team Manual | Systems programming Learn Reflective DLL Injection strategies in C, a method favoured by malware developers for fileless malware execution. Learn about bootstrapping and manual... red team manual reflective dll injection bootstrapping https://fluxsec.red/remote-process-dll-injection Remote process DLL injection in Rust - 0xflux Red Team Manual | Systems programming Learn how to remotely inject DLLs into another process using Rust and how to use function pointers, in this rust malware development series for ethical... red team manual remote process dll injection https://fluxsec.red/early-bird-apc-queue-injection Strategy for Early Bird APC Queue Injection and improving Ghost Hunting - 0xflux Red Team Manual |... Discover a theory-driven approach to detect Early Bird APC Queue Injection bypasses and kernel-mode improvements to Ghost Hunting within the Sanctum EDR... early bird ghost hunting red team strategy apc