hasherezade

hasherezade

Geek Repo

Location:Poland

Home Page:https://hasherezade.net

Twitter:@hasherezade

Github PK Tool:Github PK Tool

hasherezade's repositories

pe-sieve

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

Language:C++License:BSD-2-ClauseStargazers:2853Issues:103Issues:90

pe-bear

Portable Executable reversing tool with a friendly GUI

Language:C++License:GPL-2.0Stargazers:2353Issues:41Issues:28

pe_to_shellcode

Converts PE into a shellcode

Language:C++License:BSD-2-ClauseStargazers:2167Issues:55Issues:38

hollows_hunter

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

Language:CLicense:BSD-2-ClauseStargazers:1838Issues:64Issues:15

exe_to_dll

Converts a EXE into DLL

tiny_tracer

A Pin Tool for tracing API calls etc

libpeconv

A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl

Language:C++License:BSD-2-ClauseStargazers:1040Issues:37Issues:41

dll_to_exe

Converts a DLL into EXE

bearparser

Portable Executable parsing library (from PE-bear)

Language:C++License:BSD-2-ClauseStargazers:631Issues:39Issues:17

mal_unpack

Dynamic unpacker based on PE-sieve

Language:CLicense:BSD-2-ClauseStargazers:623Issues:29Issues:3

process_ghosting

Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file

transacted_hollowing

Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging

Language:CLicense:MITStargazers:481Issues:20Issues:4

process_overwriting

Yet another variant of Process Hollowing

module_overloading

A more stealthy variant of "DLL hollowing"

antianalysis_demos

Set of antianalysis techniques found in malware

crypto_utils

Set of my small utils related to cryptography, encoding, decoding etc

pe2pic

Small visualizator for PE files

paramkit

A small library helping to parse commandline parameters (for C/C++)

Language:C++Stargazers:54Issues:9Issues:0

pin_n_sieve

An experimental dynamic malware unpacker based on Intel Pin and PE-sieve

Language:C++Stargazers:53Issues:6Issues:0

libpeconv_tpl

A ready-made template for a project based on libpeconv.

Language:C++Stargazers:42Issues:7Issues:0

hidden_bee_tools

Parser for a custom executable format from Hidden Bee malware (first stage)

Language:C++Stargazers:41Issues:6Issues:0

pesieve-go

Golang bindings for PE-sieve

Language:GoStargazers:37Issues:3Issues:0

pe_utils

A set of small utilities, helpers for PIN tracers

mal_unpack_py

Python wrappers for mal_unpack

sig_finder

Signature finder (from PE-bear)

Language:C++License:BSD-2-ClauseStargazers:25Issues:3Issues:0
Language:PythonStargazers:22Issues:3Issues:0

libpeconv_and_detours_tpl

A template for projects using both libPeConv and MS Detours

Language:C++Stargazers:14Issues:4Issues:0

hasherezade.github.io

My projects' homepage

Language:HTMLStargazers:9Issues:4Issues:0

SweetDreams

Implementation of Advanced Module Stomping and Heap/Stack Encryption

Language:C++License:BSD-3-ClauseStargazers:7Issues:1Issues:0