MSec Operations

🔥 Introducing RustPack 🔥 . RustPack is an evasive Packer/Loader, that is capable of bypassing common AV/EDR vendors. It accepts user-provided known malicious input payloads, such as shellcode, C# assemblies or portable executables (PE). Those inputs are encrypted, and…

Creating COM hijacking payloads has never been easier than with RustPack! With COM Hijacking, you can persist on a target system by 'living' in trusted user processes, such as the Chrome browser. You only need to bring one DLL. When the user opens Chrome, for example, a C2…

Rumour has it that Jonas Lykkegaard's self-delete technique doesn't work on Windows 11 anymore. Well, the original proof of concept (PoC) does not, but slight modifications bring this technique back to Win11!😎 With #RustPack, you can easily generate self-deleting executables or…

#RustPack version 1.3.0 has been released today. This version includes (again) minor changes to the final payload metadata to remove various potential IoCs. 🔥🔥 For example, most packers use some kind of string based encoding to reduce entropy, such as the well-known UUID,…

In one of our previous videos we demonstrated how to generate sideloading binaries by cloning the exports of an existing DLL to forward them - x.com/MSecOps/status… . However, using Microsoft DLLs and Microsoft-signed binaries is not the best OPsec, as it's easy for EDR…

#RustPack Version 1.2.0 is now released for our customers. The biggest change was to add full DInvoke support for all payloads. The import table now won't show the Windows APIs being used anymore, instead by default random non malicious imports are added in here to make payloads…

How do you create your payloads in 2025? At MSec Operations we prefer to use DLL sideloading for EDR evasion. This technique allows our malicious code to run within a signed, legitimate executable. Combining this technique with other useful techniques will provide stable…

The next version of #RustPack will not expose any of it's used imports anymore 🔥🔥🔥 Instead, there will be random friendly looking imports for each payload. Only if the operators really want to they can still go for zero imports. Just because it's possible.🙂

The simplest use case for #RustPack: Packing shellcode into an unsigned executable. RustPack is an Windows executable, which can be used offline. It takes the input file (in this case Havoc shellcode) and builds an executable output format, which will decrypt and execute the…

🔥🔥The first new #RustPack version 1.1 was just sent to our customers. 🔥🔥 ________________________ Changes include: - A killdate can now be set, after that date payloads won't fire anymore - The operator can specify the host binary, in which the payload will fire. It will only…

One more cool thing about #RustPack is, that you can create DLLs, which still return console output to the Operator. This can be used, to for example execute C# binaries from within rundll32.exe or other processes - still getting the file output as usual. 🔥 So for Pentesters…

Entropy based detections are not a problem at all for #RustPack. All payloads by default end up in a normal to low overall entropy value. And the operator can on top choose between alternative payload encoding options. 😎 Alternatively, you can de-couple the encrypted payload…

Definitely recommend this! I used the NimSyscallPackerand by @ShitSecure and it was a game-changer. Imagine what the Rust one can do! Let’s back the underdogs instead of those big bucks tools! 👇 x.com/MSecOps/status…