hasherezade's repositories
pe_to_shellcode
Converts PE into a shellcode
hollows_hunter
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
malware_training_vol1
Materials for Windows Malware Analysis training (volume 1)
tiny_tracer
A Pin Tool for tracing API calls etc
exe_to_dll
Converts a EXE into DLL
mal_unpack
Dynamic unpacker based on PE-sieve
bearparser
Portable Executable parsing library (from PE-bear)
malware_analysis
Various snippets created during malware analysis
process_overwriting
Yet another variant of Process Hollowing
thread_namecalling
Process Injection using Thread Name
waiting_thread_hijacking
Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread
mal_unpack_drv
MalUnpack companion driver
crypto_utils
Set of my small utils related to cryptography, encoding, decoding etc
pin_n_sieve
An experimental dynamic malware unpacker based on Intel Pin and PE-sieve
hidden_bee_tools
Parser for a custom executable formats from Hidden Bee and Rhadamanthys malware
libpeconv_tpl
A ready-made template for a project based on libpeconv.
sig_finder
Signature finder (from PE-bear)
detours_cmake_tpl
A CMake template for projects using MS Detours
hasherezade.github.io
My projects' homepage
IAT-Tracer
An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (.tag) files.
bearparser_tests
External tests for bearparser