There are no reviews yet. Be the first to send feedback to the community and the maintainers!
pe-bear
Portable Executable reversing tool with a friendly GUIpe_to_shellcode
Converts PE into a shellcodemalware_training_vol1
Materials for Windows Malware Analysis training (volume 1)hollows_hunter
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).libpeconv
A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpltiny_tracer
A Pin Tool for tracing API calls etcdemos
Demos of various injection techniques found in malwarepe-bear-releases
PE-bear (builds only)dll_to_exe
Converts a DLL into EXEexe_to_dll
Converts a EXE into DLLbearparser
Portable Executable parsing library (from PE-bear)process_ghosting
Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted filemal_unpack
Dynamic unpacker based on PE-sieveprocess_doppelganging
My implementation of enSilo's Process Doppelganging (PE injection technique)transacted_hollowing
Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgängingmalware_analysis
Various snippets created during malware analysisida_ifl
IFL - Interactive Functions List (plugin for IDA Pro)module_overloading
A more stealthy variant of "DLL hollowing"process_overwriting
Yet another variant of Process HollowingIAT_patcher
Persistent IAT hooking application - based on bearparserpersistence_demos
Demos of various (also non standard) persistence methods used by malwarechimera_pe
ChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports payload-sideshellconv
Small tool for disassembling shellcode (using objdump)masm_shc
A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.antianalysis_demos
Set of antianalysis techniques found in malwarepassword_scrambler
Password scrambler - a deterministic password re-generator (alternative to a password manager)dll_injector
A simple commandline injector using classic DLL injectionfunky_malware_formats
Parsers for custom malware formats ("Funky malware formats")process_chameleon
A process overwriting its own PEB to make an illusion that it has been loaded from a different path.mal_unpack_drv
MalUnpack companion drivercrypto_utils
Set of my small utils related to cryptography, encoding, decoding etcViDi
ViDi Visual Disassembler (experimental)pe2pic
Small visualizator for PE filespin_n_sieve
An experimental dynamic malware unpacker based on Intel Pin and PE-sieveparamkit
A small library helping to parse commandline parameters (for C/C++)petya_recovery
Application for cracking Red Petya key based on genetic algorithms.petya_key
A decoder for Petya victim keys, using the Janus' masterkey.libpeconv_tpl
A ready-made template for a project based on libpeconv.pe_unmapper
Small tool to convert beteween the PE alignments (raw and virtual).flareon2019
Flare-On solutionsmal_sort
Various scripts helpful in sorting collections of malware samples.pesieve-go
Golang bindings for PE-sieveIAT_patcher_samples
Sample libraries to be used with IAT Patcherpe_utils
A set of small utilities, helpers for PIN tracershidden_bee_tools
Parser for a custom executable format from Hidden Bee malware (first stage)mal_unpack_py
Python wrappers for mal_unpackdecryptors_archive
Archive of ransomware decryptorsflareon2022
asm16_projects
My small projects writen in 16 bit asm (NOTE: those are my practice projects that I wrote when I was 15, I give no warranty for this code!)petya_green
Application for random attack on Green Petya's keybootldr_demo
Demo bootloaders - created just for funmetasploit_modules
My metasploit modulesloaderine
A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.jpassword_scrambler
Small utility to generate complicated passwords - version with GUIbunitu_tests
Scripts for communication with Bunitu Trojan C&Cs7ev3n_decoders
Decoders for 7ev3n ransomwarelibpeconv_and_detours_tpl
A template for projects using both libPeConv and MS Detourssig_finder
Signature finder (from PE-bear)detours_cmake_tpl
A CMake template for projects using MS Detourspasscrambler
https://hasherezade.github.io/passcrambler/challs
My solutions for random crackmes and other challengeswke_exercises
My solutions for HackSys Extreme Vulnerable Driverdrawings
Some of my drawingspe_recovery_tools
A placeholder repositoryhasherezade.github.io
My projects' homepagemastercoder2014
My solutionslibpeconv_demo
Demo projects and utilities made with the help of libPeConvbearparser_tests
External tests for bearparserlibpeconv_wrappers
A ready-made template for a new project based on libPeConv libraryhasherezade
paramkit_tpl
A template for a project using ParamKitpesieve_tests
External tests for PE-sieveLove Open Source and this site? Check out how you can help us