hasherezade

pe_to_shellcode

Converts PE into a shellcode

exe_to_dll

Converts a EXE into DLL

dll_to_exe

Converts a DLL into EXE

pe-bear-releases

PE-bear (builds only)

process_doppelganging

My implementation of enSilo's Process Doppelganging (PE injection technique)

malware_analysis

Various snippets created during malware analysis

IAT_patcher

Persistent IAT hooking application - based on bearparser

persistence_demos

Demos of various (also non standard) persistence methods used by malware

chimera_pe

ChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports payload-side

dll_injector

A simple commandline injector using classic DLL injection

shellconv

Small tool for disassembling shellcode (using objdump)

antianalysis_demos

Set of antianalysis techniques found in malware

password_scrambler

Password scrambler - a deterministic password re-generator (alternative to a password manager)

pe_unmapper

Small tool to convert beteween the PE alignments (raw and virtual).

ViDi

ViDi Visual Disassembler (experimental)

paramkit

A small library helping to parse commandline parameters (for C/C++)

mal_unpack_py

Python wrappers for mal_unpack

IAT_patcher_samples

Sample libraries to be used with IAT Patcher

flareon2022

detours_cmake_tpl

A CMake template for projects using MS Detours

beardisasm

A wrapper for capstone for bearparser

libpeconv_and_detours_tpl

A template for projects using both libPeConv and MS Detours

drawings

Some of my drawings

SweetDreams

Implementation of Advanced Module Stomping and Heap/Stack Encryption

bearparser_tests

External tests for bearparser

hasherezade

pesieve_tests

External tests for PE-sieve

AceLdr

Cobalt Strike UDRL for memory scanner evasion.

paramkit_tpl

A template for a project using ParamKit

Ekko

Sleep Obfuscation