Centered Image

RustPack

RustPack is an evasive Packer/Loader, that is capable of bypassing common AV/EDR vendors.

It accepts user-provided known malicious input payloads, such as shellcode, C# assemblies or portable executables (PE).
Those inputs are encrypted, and decrypted on runtime by a newly generated non non-malicious payload.

This process is known to be called packing or crypting.

The product is specifically designed to be used by experienced Red Team Operators or Penetration-testers.
It comes with a many options to enable custom bypass-techniques or to change the behaviour for loading the final payload.
Demo videos of RustPack features can be found on our social media accounts: .

Some Features:

  • Each payload looks different, making signature creation more difficult.
  • Userland hooks are bypassed by default for each generated payload.
  • The encryption key is never fully embedded in the final payload but always retrieved on runtime.
    This is good for bypassing emulators or automatic unpacking engines.
  • Encrypted payloads can also be decoupled from the new binary to be loaded remotely at run time.
  • Multiple Anti-Debug techniques are applied to each payload by default.
  • Environmental Keying and Anti-Sandbox options included.
  • No cloud service. The software is delivered to the customer as a closed source solution

Evasion options

  • Several AMSI bypass techniques ranging from
    Patching to using Hardware Breakpoints
  • Multiple optional ETW bypasses
  • Support for Module stomping
  • Automated generation of DLL-Sideloading payloads
  • OPSec safe remote injection techniques such as
    ThreadlessInject or a customised Caro-Kann technique

Output formats

  • Unsigned executables (although not recommended to use against some vendors)
  • Dynamic Linked Libraries (DLLs)
  • Excel-Addin (XLL)
  • Control Panel Files (CPL)
  • Powershell scripts
  • More to come...

Vetting Information

This product is dual-use and cannot be sold to anyone. It's only sold to vetted companies, that actually provide Red Teaming or Penetration Testing as a service.
Once you contact us, the vetting process will begin. Any contact from a non-company email account will be completely ignored.

Pricing:

  • 600€ per user per year
  • A minimum of three user licences must be purchased
  • One licence cannot be used on multiple systems

Inquiry / Contact

If you're interested in buying this product, please contact us via E-Mail:













Home
Imprint
Privacy