Discover hasherezade/bootldr_demo Open Source project by @hasherezade

Converts PE into a shellcode

1,976

pe_to_shellcode

Materials for Windows Malware Analysis training (volume 1)

1,911

malware_training_vol1

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

1,806

hollows_hunter

1,659

libpeconv

A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl

A Pin Tool for tracing API calls etc

917

tiny_tracer

Demos of various injection techniques found in malware

880

demos

771

pe-bear-releases

PE-bear (builds only)

762

dll_to_exe

Converts a DLL into EXE

726

exe_to_dll

Converts a EXE into DLL

Portable Executable parsing library (from PE-bear)

657

bearparser

Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file

608

process_ghosting

551

mal_unpack

Dynamic unpacker based on PE-sieve

543

process_doppelganging

My implementation of enSilo's Process Doppelganging (PE injection technique)

489

transacted_hollowing

Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging

457

malware_analysis

Various snippets created during malware analysis

IFL - Interactive Functions List (plugin for IDA Pro)

447

ida_ifl

A more stealthy variant of "DLL hollowing"

392

module_overloading

318

process_overwriting

Yet another variant of Process Hollowing

Persistent IAT hooking application - based on bearparser

313

IAT_patcher

Demos of various (also non standard) persistence methods used by malware

236

persistence_demos

ChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports payload-side

214

chimera_pe

208

shellconv

Small tool for disassembling shellcode (using objdump)

A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.

144

masm_shc

Set of antianalysis techniques found in malware

136

antianalysis_demos

Password scrambler - a deterministic password re-generator (alternative to a password manager)

119

password_scrambler

A simple commandline injector using classic DLL injection

118

dll_injector

Parsers for custom malware formats ("Funky malware formats")

114

funky_malware_formats

A process overwriting its own PEB to make an illusion that it has been loaded from a different path.

process_chameleon

mal_unpack_drv

MalUnpack companion driver

Set of my small utils related to cryptography, encoding, decoding etc

crypto_utils

ViDi Visual Disassembler (experimental)

ViDi

Small visualizator for PE files

pe2pic

An experimental dynamic malware unpacker based on Intel Pin and PE-sieve

pin_n_sieve

A small library helping to parse commandline parameters (for C/C++)

paramkit

Application for cracking Red Petya key based on genetic algorithms.

petya_recovery

A decoder for Petya victim keys, using the Janus' masterkey.

petya_key

A ready-made template for a project based on libpeconv.

libpeconv_tpl

Small tool to convert beteween the PE alignments (raw and virtual).

pe_unmapper

Various scripts helpful in sorting collections of malware samples.

flareon2019

Flare-On solutions

mal_sort

Golang bindings for PE-sieve

pesieve-go

IAT_patcher_samples

Sample libraries to be used with IAT Patcher

A set of small utilities, helpers for PIN tracers

pe_utils

Parser for a custom executable format from Hidden Bee malware (first stage)

hidden_bee_tools

mal_unpack_py

Python wrappers for mal_unpack

Archive of ransomware decryptors

decryptors_archive

My small projects writen in 16 bit asm (NOTE: those are my practice projects that I wrote when I was 15, I give no warranty for this code!)

flareon2022

JavaScript

asm16_projects

tag_converter

Application for random attack on Green Petya's key

petya_green

A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.

metasploit_modules

My metasploit modules

Ruby

loaderine

jpassword_scrambler

Small utility to generate complicated passwords - version with GUI

Java

bunitu_tests

Scripts for communication with Bunitu Trojan C&Cs

Decoders for 7ev3n ransomware

7ev3n_decoders

A template for projects using both libPeConv and MS Detours

libpeconv_and_detours_tpl

Signature finder (from PE-bear)

sig_finder

A CMake template for projects using MS Detours

detours_cmake_tpl

CMake

passcrambler

https://hasherezade.github.io/passcrambler/

JavaScript

challs

My solutions for random crackmes and other challenges

My solutions for HackSys Extreme Vulnerable Driver

wke_exercises

drawings

Some of my drawings

pe_recovery_tools

A placeholder repository

hasherezade.github.io

My projects' homepage

HTML

mastercoder2014

My solutions

Demo projects and utilities made with the help of libPeConv

libpeconv_demo

External tests for bearparser

bearparser_tests

A ready-made template for a new project based on libPeConv library

libpeconv_wrappers

A template for a project using ParamKit

hasherezade

paramkit_tpl