Hacking Tools

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation while leveraging Rust’s safety and performance features.

This project is intended for educational and research purposes.

The project also provides useful crates for developing rootkits, such as shadowx, which consolidates core logic and essential techniques.

It includes rootkit-specific tricks, with plans for additional features in future updates.

The documentation on how to execute CLI commands can be found on the Wiki

Table Of Contents

  • Legal notice
  • Features
  • Installation
  • Supported Platforms
  • Build Instructions
    • Driver
    • Client
  • Setup Instructions
    • Enable Test Mode
    • Debug via Windbg
    • Create/Start Service
  • Contributing to shadow-rs
  • References
  • License

Legal Notice

Important

This project is under development. This project is for educational and research purposes. Malicious use of the software is strictly prohibited and discouraged.

I am not responsible for any damage caused by improper use of the software.

Features

Process

  • ✅ Process (Hide / Unhide)
  • ✅ Process Signature (PP / PPL)
  • ✅ Process Protection (Anti-Kill / Dumping)
  • ✅ Elevate Process to System
  • ✅ Terminate Process
  • ✅ Lists protected and hidden processes currently on the system

Thread

  • ✅ Thread (Hide / Unhide)
  • ✅ Thread Protection (Anti-Kill)
  • ✅ Lists protected and hidden threads currently on the system

Driver

  • ✅ Driver (Hide / Unhide)
  • ✅ Enumerate Driver

Misc

  • Driver Signature Enforcement (DSE)
    • ✅ DSE (Enable / Disable)
  • Keylogger
    • ✅ Enable Keylogger
  • ETWTI
    • ✅ ETWTI (Enable / Disable)

Callbacks

  • ✅ List / Remove / Restore Callbacks
    • PsSetCreateProcessNotifyRoutine
    • PsSetCreateThreadNotifyRoutine
    • PsSetLoadImageNotifyRoutine
    • CmRegisterCallbackEx
    • ObRegisterCallbacks (PsProcessType / PsThreadType)
  • ✅ Listing currently removed callbacks

Port

  • ✅ Ports (Hide / Unhide)

Module

  • ✅ Hide Module
  • ✅ Enumerate Module

Registry

  • ✅ Key and Values (Hide / Unhide)
  • ✅ Registry Protection (Anti-Deletion e Overwriting)

Injection

  • ✅ Process Injection – Shellcode (ZwCreateThreadEx)
  • ✅ Process Injection – DLL (ZwCreateThreadEx)
  • ✅ APC Injection – Shellcode

For more information click here.

Tamil S

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.

Recent Posts

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

1 week ago

Red Team Certification – A Comprehensive Guide To Advancing In Cybersecurity Operations

Embark on the journey of becoming a certified Red Team professional with our definitive guide.…

1 week ago

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…

2 weeks ago

Rust BOFs – Unlocking New Potentials In Cobalt Strike

This took me like 4 days (+2 days for an update), but I got it…

2 weeks ago

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…

2 weeks ago

Cloudkicker – Implementing Basic Authentication ith .htaccess And htpasswd

There are a number of excellent tutorials. I recommend this one: Basically, you are going…

2 weeks ago