Hello hackers. Hello maldevs. Hello reversers. Nice to see you here to explore the dark power of Zig!
- Intro
- Why Zig?
- Compiling the codes
- Payload Placement
- Payload Obfuscation
- Payload Encryption
- Payload Execution
- Reverse Shell
- Malware Techniques
- Maldev Tools
- Contribution
- Credits & References
- Star History
- Disclaimer
Important
This project is continuously updating!
This project provides many malware techniques implementation using Zig since I'm a huge fan of it. You can use this repo to weaponize Zig. Black-Hat-Zig is continuously updating to make sure it contains as more content as it could. It will be perfect if you want to create a PR for this project.
Okay, let's hack the planet!
- 🤝 Easy to interact with C/C++ source
- 🔎 It's newer, so it's harder to be detect
- 💪 Strongly low level control, even lower than C
- 😱 It's harder to RE because of the modern compiler
You can check the codes inside each directory. Also, if the code uses Windows API, you will see the hint in the corresponding project directory README.md, for example, this one.
I've already set the corresponding default building target to windows-x86_64 for those needed a Windows API, so you can easily copy & paste the following command to compile the code wherever you are on Linux, Windows, even MacOS! (But you still need a Windows environment to run the executables)
zig buildTechniques to place malicious payloads in various sections of an executable file.
Obfuscation techniques to disguise payloads and avoid detection through static analysis or pattern matching.
Various encryption schemes used to hide the real intent of a payload during storage or transmission.
Primitives for establishing reverse shells for C2 access or post-exploitation control.
A collection of common offensive tradecraft techniques adapted to Zig.
- ZYRA: Your Runtime Armor
- An executable packer written in Zig
- ZYPE: Your Payload Encryptor
- Generate a code template in Zig containing your encrypted/obfuscated payload and the corresponding decrypting/deobfuscating function.
This project is currently maintained by @CX330Blake. PRs are welcomed. Hope there's more people use Zig for malware developing so the ecosystem will be more mature.
This project is for ethical and educational purpose only. Don't be a cyber criminal.