hasherezade's repositories
pe_to_shellcode
Converts PE into a shellcode
hollows_hunter
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
exe_to_dll
Converts a EXE into DLL
tiny_tracer
A Pin Tool for tracing API calls etc
dll_to_exe
Converts a DLL into EXE
pe-bear-releases
PE-bear (builds only)
bearparser
Portable Executable parsing library (from PE-bear)
mal_unpack
Dynamic unpacker based on PE-sieve
process_ghosting
Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file
transacted_hollowing
Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging
process_overwriting
Yet another variant of Process Hollowing
module_overloading
A more stealthy variant of "DLL hollowing"
antianalysis_demos
Set of antianalysis techniques found in malware
crypto_utils
Set of my small utils related to cryptography, encoding, decoding etc
pin_n_sieve
An experimental dynamic malware unpacker based on Intel Pin and PE-sieve
libpeconv_tpl
A ready-made template for a project based on libpeconv.
hidden_bee_tools
Parser for a custom executable format from Hidden Bee malware (first stage)
pesieve-go
Golang bindings for PE-sieve
mal_unpack_py
Python wrappers for mal_unpack
sig_finder
Signature finder (from PE-bear)
libpeconv_and_detours_tpl
A template for projects using both libPeConv and MS Detours
hasherezade.github.io
My projects' homepage
SweetDreams
Implementation of Advanced Module Stomping and Heap/Stack Encryption