About Me

Hello, world;

Welcome to my blog! I’m a passionate programmer with a keen interest in malware development and red team operations. My goal is to specialise in malware development, either as part of a team of security researchers or as a malware specialist on a sophisticated red team.

This blog is my personal knowledge base, a place where I can keep track of my progress and share some cool stuff I’ve been working on. Whether you’re new to this field or you’ve been around the block a few times, I hope you’ll find something interesting or useful here.

Feel free to check out my GitHub and YouTube channel, where I share my own projects and material. I’m excited to contribute my unique content to the cybersecurity community.

Modern malware development is in some places adopting Rust and Go, possibly due to the current challenges in accurately decompiling them, and Rust’s capabilities are somewhat comparable to C++ (in that it is a systems programming language). My main drivers for malware development (legal & ethical) and offensive engineering are C and C++, mainly due to their smaller runtime & size. However, I am also learning and gaining expertise in Rust and Go.

Rust offers advantages for higher-level programming, such as improved ergonomics and reduced memory errors, while maintaining full interoperability with C libraries through its Foreign Function Interface, eliminating the need to rewrite C-based frameworks. This makes Rust an excellent platform for ensuring the reliability of offensive engagements. Threat actors are observed developing Go-based malware; whilst a Go binary can serve as a post-exploitation framework (such as second stage payloads - Sliver is written in Go), I will not be using Go for implant development, and instead, I’ll be using it for web technology (such as C2 or any old infrastructure used in engagements).

While previously I have favoured using Rust over C++ for both the higher and lower-level parts of malware development, it is becoming clear, as I gain more experience with Rust, that it is essentially C++ with extra (convoluted) steps when it comes to the lower-level operations we need to perform as offensive engineers.

C++, Rust, Go, Python, C#, etc., are all tools in the toolbox of a modern offensive security engineer/red teamer. As I am more interested in Windows internals and the “nitty-gritty” stages of the cyber kill chain, I focus on C/C++ and Rust for the bulk of my skill set, while maintaining general skills in higher-level, less niche areas, with Go, Python, etc.

Highlights

See my blog post highlights below:

  1. Hells Gate Rust - EDR Evasion with syscalls
  2. EDR Evasion ETW patching in Rust
  3. Remote process DLL injection in Rust
  4. An introduction to adversary emulation with a dotnet stealer and a Go c2 server
  5. Str Crypter - Payload string encryption with Rust
  6. Sanctum EDR (Introduction post) - a Rust EDR proof of concept I am building

Contact and Collaboration

I am always open to connecting with fellow cybersecurity professionals. Whether you have a project idea, need collaboration, or just want to discuss the latest trends in malware development, feel free to reach out. You can contact me via my Twitter, or email me at fluxsec@proton.me. More than happy for collaboration; however - I will only respond to legitimate, legal, and ethical requests. No exceptions, we are here on this planet to leave it a better place than we found it.

Any content posted here is for ethical purposes only, I do not condone the use of offensive cyber security for any purpose which breaks the law or harms others, and I do not condone or permit any user to take learning, or code samples from this blog, and use them for illegal or ethically questionable activity. This blog is strictly for educational purposes, and for the furthering of my own knowledge.

You may NOT under any circumstance use any code, theory, or information from my blog and use it in a manner which is illegal, unethical or that harms any living being. You may not use any code or information from this blog to do anything on a system that you do not have the full explicit permission of the system owner to do. I cannot be held responsible for the actions of others whom consume this information. I post these blogs specifically to help encourage and motivate people to learn offensive cyber security for the greater good of society and our cyber defences. I am also blogging to document my growth and to consolidate learning.

Why do I like offensive security? In my opinion it significantly enhances defensive security strategies over time. Think about it, offensive cyber provides invaluable insights into the mindset, techniques, and tools used by attackers, enabling us to anticipate and counteract potential threats more effectively. By understanding the vulnerabilities and attack vectors that the big bads exploit, we can proactively identify and fortify weaknesses in our systems before they are compromised. It also allows for the development of more robust and resilient security architectures, policies, and response protocols.