Hacking Tools

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation while leveraging Rust’s safety and performance features.

This project is intended for educational and research purposes.

The project also provides useful crates for developing rootkits, such as shadowx, which consolidates core logic and essential techniques.

It includes rootkit-specific tricks, with plans for additional features in future updates.

The documentation on how to execute CLI commands can be found on the Wiki

Table Of Contents

  • Legal notice
  • Features
  • Installation
  • Supported Platforms
  • Build Instructions
    • Driver
    • Client
  • Setup Instructions
    • Enable Test Mode
    • Debug via Windbg
    • Create/Start Service
  • Contributing to shadow-rs
  • References
  • License

Legal Notice

Important

This project is under development. This project is for educational and research purposes. Malicious use of the software is strictly prohibited and discouraged.

I am not responsible for any damage caused by improper use of the software.

Features

Process

  • ✅ Process (Hide / Unhide)
  • ✅ Process Signature (PP / PPL)
  • ✅ Process Protection (Anti-Kill / Dumping)
  • ✅ Elevate Process to System
  • ✅ Terminate Process
  • ✅ Lists protected and hidden processes currently on the system

Thread

  • ✅ Thread (Hide / Unhide)
  • ✅ Thread Protection (Anti-Kill)
  • ✅ Lists protected and hidden threads currently on the system

Driver

  • ✅ Driver (Hide / Unhide)
  • ✅ Enumerate Driver

Misc

  • Driver Signature Enforcement (DSE)
    • ✅ DSE (Enable / Disable)
  • Keylogger
    • ✅ Enable Keylogger
  • ETWTI
    • ✅ ETWTI (Enable / Disable)

Callbacks

  • ✅ List / Remove / Restore Callbacks
    • PsSetCreateProcessNotifyRoutine
    • PsSetCreateThreadNotifyRoutine
    • PsSetLoadImageNotifyRoutine
    • CmRegisterCallbackEx
    • ObRegisterCallbacks (PsProcessType / PsThreadType)
  • ✅ Listing currently removed callbacks

Port

  • ✅ Ports (Hide / Unhide)

Module

  • ✅ Hide Module
  • ✅ Enumerate Module

Registry

  • ✅ Key and Values (Hide / Unhide)
  • ✅ Registry Protection (Anti-Deletion e Overwriting)

Injection

  • ✅ Process Injection – Shellcode (ZwCreateThreadEx)
  • ✅ Process Injection – DLL (ZwCreateThreadEx)
  • ✅ APC Injection – Shellcode

For more information click here.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Leave a Comment
Share
Published by
Varshini
Tags: cybersecurityinformationsecuritykalilinuxkalilinuxtools
10 months ago

Recent Posts

SeamlessPass: Using Kerberos Tickets to Access Microsoft 365

SeamlessPass is a specialized tool designed to leverage on-premises Active Directory Kerberos tickets to obtain…

5 hours ago

PPLBlade: Advanced Memory Dumping and Obfuscation Tool

PPLBlade is a powerful Protected Process Dumper designed to capture memory from target processes, hide…

9 hours ago

HikPwn : Simple Scanner For Hikvision Devices With Basic Vulnerability Scanning

HikPwn: Comprehensive Guide to Scanning Hikvision Devices for Vulnerabilities If you’re searching for an efficient…

1 day ago

Comments in Bash Scripts

What Are Bash Comments? Comments in Bash scripts, are notes in your code that the…

6 days ago

Shebang (#!) in Bash Script

When you write a Bash script in Linux, you want it to run correctly every…

1 week ago

Bash String Concatenation – Bash Scripting

Introduction If you’re new to Bash scripting, one of the first skills you’ll need is…

1 week ago