Multi-Language Verifiers
Rust, Go, .NET, and PowerShell verification
malagent supports multiple languages beyond C++, enabling diverse EDR evasion technique development.
Available Verifiers
| Language | Verifier Class | Target | Cross-Compile |
|---|---|---|---|
| C++ | JointVerifier | Windows MSVC | Remote SSH |
| C++ | MinGWVerifier | Windows MinGW | Local |
| Rust | RustVerifier | Windows x86_64 | Local (cargo) |
| Go | GoVerifier | Windows x86_64 | Local (go build) |
| C#/.NET | DotNetVerifier | Windows .NET | Local (dotnet) |
| PowerShell | PowerShellVerifier | Windows PS1 | N/A (script) |
Rust Verifier
Compiles Rust code to Windows PE executables using Cargo.
Requirements
# Install Rust
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
# Add Windows target (or let malagent do it automatically)
rustup target add x86_64-pc-windows-gnu
# Install MinGW linker
sudo dnf install mingw64-gcc
Configuration
from malagent.verifiers import RustVerifier
verifier = RustVerifier(
timeout=120,
cross_compile=True, # Compile for Windows
auto_install_target=True, # Auto-install target via rustup
binary_cache_dir="./binaries" # Cache compiled binaries
)
Auto Target Installation
If the Windows target isn’t installed, malagent can install it automatically:
verifier = RustVerifier(
cross_compile=True,
auto_install_target=True # Will run: rustup target add x86_64-pc-windows-gnu
)
If rustup isn’t available, falls back to native compilation with a warning.
CLI Usage
malagent raft train --mode mvr --language rust
Go Verifier
Uses Go’s built-in cross-compilation (no external dependencies).
Configuration
from malagent.verifiers import GoVerifier
verifier = GoVerifier(
timeout=60,
cross_compile=True, # GOOS=windows GOARCH=amd64
cgo_enabled=False, # Pure Go (no C dependencies)
binary_cache_dir="./binaries"
)
CLI Usage
malagent raft train --mode mvr --language go
.NET/C# Verifier
Compiles C# code using dotnet publish for Windows.
Requirements
# Install .NET SDK
sudo dnf install dotnet-sdk-8.0
Configuration
from malagent.verifiers import DotNetVerifier
verifier = DotNetVerifier(
timeout=120,
target_framework="net8.0",
self_contained=True, # Bundle .NET runtime
single_file=True, # Single executable output
binary_cache_dir="./binaries"
)
CLI Usage
malagent raft train --mode mvr --language dotnet
PowerShell Verifier
Validates PowerShell scripts. Unlike compiled languages, verification happens via syntax checking.
Validation Modes
| Mode | Description | Requirements |
|---|---|---|
remote | Validate on Windows DEVBOX via SSH | DEVBOX configured |
local | Validate locally with pwsh | PowerShell Core installed |
none | Skip validation | None |
auto | Try remote โ local โ none | Best available |
Remote Validation (Recommended)
Uses the same Windows DEVBOX SSH connection as MSVC:
from malagent.verifiers import PowerShellVerifier
verifier = PowerShellVerifier(
validation_mode="remote", # Use Windows DEVBOX
win_host="10.0.0.152",
win_user="keys",
win_key="/home/user/.ssh/win"
)
Local Validation
Requires PowerShell Core (pwsh):
# Install PowerShell Core on Fedora
sudo dnf install powershell
verifier = PowerShellVerifier(
validation_mode="local"
)
CLI Usage
malagent raft train --mode mvr --language powershell
MinGW Verifier
Cross-compiles C/C++ on Linux using MinGW (no Windows DEVBOX needed).
Requirements
sudo dnf install mingw64-gcc-c++
Configuration
from malagent.verifiers import MinGWVerifier
verifier = MinGWVerifier(
timeout=30,
static_link=True, # Portable binary
binary_cache_dir="./binaries"
)
CLI Usage
malagent raft train --mode mvr --language mingw
Common Options
All verifiers support these base options:
verifier = AnyVerifier(
max_workers=8, # Parallel verification threads
enable_lint=True, # Fast pre-compilation checks
track_metrics=True, # Collect error analytics
log_failed_samples=False, # Store failed samples for analysis
binary_cache_dir="./cache" # Persist compiled binaries
)
See Verifier Features for details on lint, metrics, and caching.