Definitely recommend this! I used the NimSyscallPackerand by S3cur3Th1sSh1t and it was a game-changer. Imagine what the Rust one can do! Let’s back the underdogs instead of those big bucks tools! 👇 x.com/MSecOps/status…

Entropy based detections are not a problem at all for #RustPack. All payloads by default end up in a normal to low overall entropy value. And the operator can on top choose between alternative payload encoding options. 😎 Alternatively, you can de-couple the encrypted payload

One more cool thing about #RustPack is, that you can create DLLs, which still return console output to the Operator. This can be used, to for example execute C# binaries from within rundll32.exe or other processes - still getting the file output as usual. 🔥 So for Pentesters

🔥🔥The first new #RustPack version 1.1 was just sent to our customers. 🔥🔥 ________________________ Changes include: - A killdate can now be set, after that date payloads won't fire anymore - The operator can specify the host binary, in which the payload will fire. It will only

The simplest use case for #RustPack: Packing shellcode into an unsigned executable. RustPack is an Windows executable, which can be used offline. It takes the input file (in this case Havoc shellcode) and builds an executable output format, which will decrypt and execute the

The next version of #RustPack will not expose any of it's used imports anymore 🔥🔥🔥 Instead, there will be random friendly looking imports for each payload. Only if the operators really want to they can still go for zero imports. Just because it's possible.🙂

How do you create your payloads in 2025? At MSec Operations we prefer to use DLL sideloading for EDR evasion. This technique allows our malicious code to run within a signed, legitimate executable. Combining this technique with other useful techniques will provide stable

#RustPack Version 1.2.0 is now released for our customers. The biggest change was to add full DInvoke support for all payloads. The import table now won't show the Windows APIs being used anymore, instead by default random non malicious imports are added in here to make payloads

In one of our previous videos we demonstrated how to generate sideloading binaries by cloning the exports of an existing DLL to forward them - x.com/MSecOps/status… . However, using Microsoft DLLs and Microsoft-signed binaries is not the best OPsec, as it's easy for EDR

#RustPack version 1.3.0 has been released today. This version includes (again) minor changes to the final payload metadata to remove various potential IoCs. 🔥🔥 For example, most packers use some kind of string based encoding to reduce entropy, such as the well-known UUID,

Rumour has it that Jonas Lykkegaard's self-delete technique doesn't work on Windows 11 anymore. Well, the original proof of concept (PoC) does not, but slight modifications bring this technique back to Win11!😎 With #RustPack, you can easily generate self-deleting executables or

Creating COM hijacking payloads has never been easier than with RustPack! With COM Hijacking, you can persist on a target system by 'living' in trusted user processes, such as the Chrome browser. You only need to bring one DLL. When the user opens Chrome, for example, a C2

Around three months ago, we provided our customers with RustPack version 1.4.0. 💪 This version included several changes to the core code of the loader component. For example, there were new options to disable the use of indirect syscalls in case any vendor creates detections on

Tools such as PsExec.py from Impacket are usually flagged for lateral movement due to the pre-built service executable that is dropped on the remote system. However, some vendors also flag Impacket based on its behaviour. With RustPack, you can easily create