> For the complete documentation index, see [llms.txt](https://top-gun-diary.gitbook.io/blog/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://top-gun-diary.gitbook.io/blog/rust-series/rust-for-offensive-security.md).

# Rust For Offensive Security

<figure><img src="/files/HVLrdjCgb0jQfA7irInU" alt=""><figcaption></figcaption></figure>

{% embed url="<https://rust-lang.org/>" %}

{% embed url="<https://youtu.be/T_KrYLW4jw8?si=odoujltG18UC46s0>" %}

*I love coding at the **"bare metal"** level where software meets hardware. When I*
\
*started switching my security and exploit development from C/C++ to Rust, I*
\
*realized it wasn't just about memory safety; it was actually a game-changer for*
\
*staying under the radar. Because of how Rust compiles and manages its code, it has a*
\
*natural advantage in bypassing modern AV and EDR systems that are specifically*
\
*tuned to catch older C-based attack patterns.*

\
*I’ve used these **"superpowers"** to build reliable tools for red teaming and security*
\
*research. While I keep my most sensitive "secret sauce" tooling private (if you're in*
\
*the red team space, you definitely know the drill), I’ve shared several projects on*
\
*GitHub. These public repos serve as an educational deep dive into why Rust is now*
\
*my go-to language for building modern security tools*

\
*That said, evasion is a moving target. Something that slips through today might get*
\
*caught tomorrow. The real value here is understanding the fundamentals and the*
\
*concepts behind why these techniques work.*

*Along the way, we'll build some solid tooling and projects together. No strict*
\
*prerequisites are needed, but if you've already got some **pentesting or red team***
\
*experience, it'll give you a big head start.*
\
*Alright, enough intro let's jump straight into it.*

## **Why Rust !?**&#x20;

<figure><img src="/files/F8DIOwgiCJ4u0xOKXjoz" alt=""><figcaption></figcaption></figure>

*Rust has blown up in popularity because it nails three things that were quite challenging to get all at once:*

1. *Rock-solid memory safety without a garbage collector*
2. *Performance that's right up there with C and C++*
3. *Concurrency support that actually lets you write multithreaded code without constant fear of data races or weird bugs*

*The Rust compiler catches tons of nasty issues: **null dereferences, buffer overflows, use-after-free, race conditions, and more all** at compile time, before your code even runs.*

*For **red teamers** and anyone building offensive tooling, Rust has become a very attractive language. It provides low-level control similar to C/C++ while dramatically reducing common memory safety issues.*

*In traditional exploit tooling written in C, bugs such as **buffer overflows, use-after-free, or double-free conditions** can easily cause unstable payloads or crashes during execution. Rust’s ownership and borrowing system forces strict compile-time guarantees around memory access, which often results in more stable binaries and fewer unexpected runtime failures.*

{% embed url="<https://systemweakness.com/rust-vs-c-how-are-vulnerabilities-different-9731194eb3db>" %}

*The power of Rust is best demonstrated by its massive industry adoption. AWS built its Firecracker micro-VM with Rust to safely run millions of Lambda and Fargate workloads with minimal overhead. Microsoft is actively rewriting core Windows kernel components and drivers in Rust to eliminate decades-old memory vulnerabilities.*

*Google has integrated it into the Android Open Source Project for secure media processing. Meta utilized it to rebuild internal source control tools to handle massive codebases with faster concurrency. Discord switched its backend services from Go to Rust to solve latency spikes. Cloudflare replaced NGINX with its Rust-based Pingora proxy to slash CPU usage. Dropbox overhauled its sync engine to improve cross-platform reliability.*

{% embed url="<https://rust.code-maven.com/companies>" %}

## Threat Actors Using Rust to Deploy Malware

<figure><img src="/files/GmMv3gDWdRbQdcm8BxK8" alt=""><figcaption></figcaption></figure>

**On the flip side, threat actors** have noticed these exact same benefits.

*Checkpoint reported a surge in Rust-based malware in real-world campaigns. Because Rust compiles to highly efficient native code, it is naturally harder for some traditional analysis tools to pick apart quickly.*

{% embed url="<https://blog.checkpoint.com/research/global-cyber-threats-july-snapshot-of-an-accelerating-crisis>" %}

<figure><img src="/files/6InK4gu85aDSm2k0ELkJ" alt=""><figcaption></figcaption></figure>

*A prime example is the recent activity by **SloppyLemming** (an India-nexus actor). They have expanded their arsenal to include custom Rust-based keyloggers with advanced reconnaissance capabilities, such as port scanning and network enumeration. By using Rust, they deliver high-performance, cross-platform malware that targets critical infrastructure and government entities while significantly complicating the task for defenders attempting to reverse-engineer their tools.*

{% embed url="<https://arcticwolf.com/resources/blog/sloppylemming-deploys-burrowshell-and-rust-based-rat-to-target-pakistan-and-bangladesh/>" %}

*The trend extends heavily into the ransomware landscape as well. The Luna Ransomware was one of the early examples utilizing Rust’s cross-platform capabilities to simultaneously target Windows, Linux, and ESXi systems.*&#x20;

<figure><img src="/files/oU27tVF3AuWwZsx7Skf5" alt=""><figcaption></figcaption></figure>

{% embed url="<https://www.elastic.co/security-labs/luna-ransomware-attack-pattern>" %}

<figure><img src="/files/TItTCE9B40UOIwirrOdc" alt=""><figcaption></figcaption></figure>

*This was followed by **RansomExx2** (developed by Hive0091), a rewrite of the original RansomExx in Rust to improve Linux-based targeting. Furthermore, the Agenda (Qilin) group has used Rust variants to implement sophisticated strategies like intermittent encryption, which evades detection and accelerates the encryption process.*

{% embed url="<https://www.ibm.com/think/x-force/ransomexx-upgrades-rust>" %}

*These cases prove that Rust is no longer just for legitimate developers; it is becoming a go-to choice for modern, high-impact offensive operations.*

## Getting Started : Installing and Configuring Rust

*Although the Rust Playground is a great way to learn Rust and experiment with code quickly, I’ll also include the relevant URL and usage guidance for beginners who want hands-on experience without installing anything locally.*&#x20;

{% embed url="<https://play.rust-lang.org/?edition=2024&mode=debug&version=stable>" %}

*That said, I strongly recommend installing Rust natively on your environment whether you use **Windows, Linux, or macOS** since it gives you far more flexibility to build, tweak, debug, and explore projects in depth. Working locally also provides a more realistic development workflow, especially for low-level systems programming and security research where direct access to your tooling and environment configuration matters....*

*We’ll begin by installing the Rust programming language using the official `rustup` installer, which also provides Cargo Rust’s built-in package manager and build system.*

<figure><img src="/files/mUjgFSaDnbP1YEyqZNeL" alt=""><figcaption></figcaption></figure>

{% embed url="<https://rust-lang.org/tools/install/>" %}

*After the installation is complete, verify that Rust was installed correctly by running the following command in your terminal or command prompt*

```
// rustc --version
```

<figure><img src="/files/w2TOuRw3ujya0c44rIVz" alt=""><figcaption></figcaption></figure>

*After that, we’ll set up **Visual Studio Code (VSCode)**, one of the most widely used editors.*

<figure><img src="/files/LiTGPmXWQycAzLrYaqjA" alt=""><figcaption></figcaption></figure>

{% embed url="<https://code.visualstudio.com/>" %}

*Finally, we’ll install the `rust-analyzer` extension to enable powerful IDE features such as intelligent code completion, inline diagnostics, type hints, and debugging support.*&#x20;

<figure><img src="/files/RaY3Ub1t1r5dLLWZBjOT" alt=""><figcaption></figcaption></figure>

*Once your Rust toolchain is installed and configured, you will also need to install the **Microsoft C++ Build Tools.***

<figure><img src="/files/HuJEaHA4R0kacjfVKaAp" alt="" width="534"><figcaption></figcaption></figure>

{% embed url="<https://visualstudio.microsoft.com/visual-cpp-build-tools/>" %}

*In the installer, choose the **“Desktop development with C++”** workload. You do not need the full Visual Studio IDE only the required build tools.*

*Make sure the following components are selected (they are usually enabled by default)*

* ***MSVC v143 – VS 2022 C++ x64/x86 build tools** (or the latest available version)*
* ***Windows 10 SDK** or **Windows 11 SDK** (latest version available)*
* ***C++ C-Make tools for Windows** (optional, but recommended)*

*After confirming the selections, click **Install**. The download and installation size is typically around **6–8 GB**, so the process may take some time depending on your internet speed and system performance*

*Once finished, **restart your computer** (or at least restart your terminal/PowerShell) so Rust can detect the linker properly.*

*Now that your Rust environment is fully set up, it’s time to write your first Rust program: **Hello World.***

## Writing and Running Your First Rust Program

*You can follow along using the Rust Playground or your own local development environment. For this demonstration, I’ll be using a local setup to show how to write and run a simple **“Hello, World!”** program in Rust.*

### Step 1 : Create a New Rust Project

*Open your terminal (or PowerShell on Windows) & Now run the following command to create a new “Hello, World!” Rust project:*

```
cargo new hello_world
cd hello_world
```

<figure><img src="/files/6zcJw4z9IuQKTJteP5Uj" alt=""><figcaption></figcaption></figure>

### Step 2 : Write the Code&#x20;

<figure><img src="/files/0Yci8Xwr8raA06gjh5cz" alt=""><figcaption></figcaption></figure>

*Open **src/main.rs** it already contains:*

```
fn main() {
    println!("Hello, world!");
}
```

<figure><img src="/files/jVvd7cvlts8fCSlyebpZ" alt=""><figcaption></figcaption></figure>

*That’s literally all you need !! in the next part we will explore the fundamentals of **Rust Syntax...!!***


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://top-gun-diary.gitbook.io/blog/rust-series/rust-for-offensive-security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.