creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 05:34:55 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
84b4699e593e7eccfb6f72a2fe0ebbe05fc59f01
Anthropic-Cybersecurity-Skills/skills/reverse-engineering-rust-malware/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

46 lines
1.7 KiB
Markdown
Raw Blame History

# API Reference: Reverse Engineering Rust Malware
## Rust Binary Indicators
| Indicator | Pattern | Description |
|-----------|---------|-------------|
| Panic strings | `panicked at` | Rust panic handler messages |
| Unwrap failure | `called.*unwrap.*on.*None` | Option/Result unwrap |
| Core panic | `core::panicking` | Standard library panic |
| Runtime start | `std::rt::lang_start` | Rust runtime entry point |
| Cargo registry | `.cargo/registry` | Crate dependency paths |
| Rustc version | `rustc X.Y.Z` | Compiler version string |
## Crate Extraction Pattern
| Pattern | Example Match |
|---------|---------------|
| `crates.io-<hash>/<name>-<ver>` | `crates.io-abc123/reqwest-0.11.22` |
| `.cargo/registry/src/<index>/<name>-<ver>` | `.cargo/registry/src/index.crates.io/aes-0.8.3` |
## Suspicious Crate Capabilities
| Crate | Capability | Malware Use |
|-------|-----------|-------------|
| reqwest / hyper | HTTP client | C2 communication |
| aes / chacha20 / rsa | Encryption | Ransomware encryption |
| ring | Crypto primitives | Key generation |
| winapi / winreg | Windows API | Persistence, injection |
| sysinfo | System info | Host enumeration |
| native-tls | TLS | Encrypted C2 channel |
## Python Libraries
| Library | Version | Purpose |
|---------|---------|---------|
| `re` | stdlib | Pattern matching for Rust indicators |
| `struct` | stdlib | PE header parsing |
| `hashlib` | stdlib | SHA256 sample hashing |
| `json` | stdlib | Report generation |
## References
- Ghidra: https://ghidra-sre.org/
- Binary Defense Rust Analysis: https://binarydefense.com/resources/blog/
- Bishop Fox Rust Malware: https://bishopfox.com/blog/rust-for-malware-development
Reference in New Issue View Git Blame Copy Permalink