Black-Hat-Zig: Zig for Malware Development and Red Teaming

Hello hackers. Hello maldevs. Hello reversers. Nice to see you here to explore the dark power of Zig!

• Intro
• Why Zig?
• Compiling the codes
• Payload Placement
• Payload Obfuscation
• Payload Encryption
• Payload Execution
• Reverse Shell
• Malware Techniques
• Maldev Tools
• Contribution
• Credits & References
• Star History
• Disclaimer

This project provides many malware techniques implementation using Zig since I'm a huge fan of it. You can use this repo to weaponize Zig. Black-Hat-Zig is continuously updating to make sure it contains as more content as it could. It will be perfect if you want to create a PR for this project.

Okay, let's hack the planet!

• 🤝 Easy to interact with C/C++ source
• 🔎 It's newer, so it's harder to be detect
• 💪 Strongly low level control, even lower than C
• 😱 It's harder to RE because of the modern compiler

You can check the codes inside each directory. Also, if the code uses Windows API, you will see the hint in the corresponding project directory README.md, for example, this one.

I've already set the corresponding default building target to windows-x86_64 for those needed a Windows API, so you can easily copy & paste the following command to compile the code wherever you are on Linux, Windows, even MacOS! (But you still need a Windows environment to run the executables)

Techniques to place malicious payloads in various sections of an executable file.

• .data Section
• .rdata Section
• .text Section
• .rsrc Section

Obfuscation techniques to disguise payloads and avoid detection through static analysis or pattern matching.

• IP Address Obfuscation
  • IPv4 Obfuscation
  • IPv4 Deobfuscation
  • IPv6 Obfuscation
  • IPv6 Deobfuscation
• MAC Address Obfuscation
  • MAC Address Obfuscation
  • MAC Address Deobfuscation
• UUID Obfuscation
  • UUID Obfuscation
  • UUID Deobfuscation

Various encryption schemes used to hide the real intent of a payload during storage or transmission.

• XOR Encryption
  • XOR With Standard Library
• RC4 Encryption
  • RC4 With SystemFunction032
• AES Encryption
  • AES With Bcrypt.h
  • AES With Standard Library
  • AES With TinyAES

• DLL
• Shellcode

Primitives for establishing reverse shells for C2 access or post-exploitation control.

• Reverse Shell With Standard Library

A collection of common offensive tradecraft techniques adapted to Zig.

• Process Injection
  • DLL Injection
  • Shellcode Injection
• Payload Staging
  • From Web Server
  • From Windows Registry

• ZYRA: Your Runtime Armor
  • An executable packer written in Zig
• ZYPE: Your Payload Encryptor
  • Generate a code template in Zig containing your encrypted/obfuscated payload and the corresponding decrypting/deobfuscating function.

This project is currently maintained by @CX330Blake. PRs are welcomed. Hope there's more people use Zig for malware developing so the ecosystem will be more mature.

• Maldev Academy
• OffensiveNim

This project is for ethical and educational purpose only. Don't be a cyber criminal.