Discover @hasherezade Open Source projects

@hasherezade

hasherezade

Stars
21,413
Global Rank 691 (Top 0.03 %)
Followers 4,979
Following 27
Registered over 11 years ago
Most used languages

C++
52.2 %

C
17.4 %

Python
13.0 %

Assembly
7.2 %

JavaScript
2.9 %

HTML
1.4 %

Java
1.4 %

Ruby
1.4 %

CMake 1.4 %

Go
1.4 %
Location 🇵🇱 Poland
Country Total Rank 8
Country Ranking

Assembly
1

C++
1

C
2

CMake 7

Python
20

Go
96

Ruby
218

HTML
299

Java
488

JavaScript
563

pe-bear

Portable Executable reversing tool with a friendly GUI

pe_to_shellcode

Converts PE into a shellcode

malware_training_vol1

Materials for Windows Malware Analysis training (volume 1)

hollows_hunter

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

libpeconv

A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl

tiny_tracer

A Pin Tool for tracing API calls etc

demos

Demos of various injection techniques found in malware

pe-bear-releases

PE-bear (builds only)

dll_to_exe

Converts a DLL into EXE

exe_to_dll

Converts a EXE into DLL

bearparser

Portable Executable parsing library (from PE-bear)

process_ghosting

Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file

mal_unpack

Dynamic unpacker based on PE-sieve

process_doppelganging

My implementation of enSilo's Process Doppelganging (PE injection technique)

transacted_hollowing

Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging

malware_analysis

Various snippets created during malware analysis

ida_ifl

IFL - Interactive Functions List (plugin for IDA Pro)

module_overloading

A more stealthy variant of "DLL hollowing"

process_overwriting

Yet another variant of Process Hollowing

IAT_patcher

Persistent IAT hooking application - based on bearparser

persistence_demos

Demos of various (also non standard) persistence methods used by malware

chimera_pe

ChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports payload-side

shellconv

Small tool for disassembling shellcode (using objdump)

masm_shc

A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.

antianalysis_demos

Set of antianalysis techniques found in malware

password_scrambler

Password scrambler - a deterministic password re-generator (alternative to a password manager)

dll_injector

A simple commandline injector using classic DLL injection

funky_malware_formats

Parsers for custom malware formats ("Funky malware formats")

process_chameleon

A process overwriting its own PEB to make an illusion that it has been loaded from a different path.

mal_unpack_drv

MalUnpack companion driver

crypto_utils

Set of my small utils related to cryptography, encoding, decoding etc

ViDi

ViDi Visual Disassembler (experimental)

pe2pic

Small visualizator for PE files

pin_n_sieve

An experimental dynamic malware unpacker based on Intel Pin and PE-sieve

paramkit

A small library helping to parse commandline parameters (for C/C++)

petya_recovery

Application for cracking Red Petya key based on genetic algorithms.

petya_key

A decoder for Petya victim keys, using the Janus' masterkey.

libpeconv_tpl

A ready-made template for a project based on libpeconv.

pe_unmapper

Small tool to convert beteween the PE alignments (raw and virtual).

flareon2019

Flare-On solutions

mal_sort

Various scripts helpful in sorting collections of malware samples.

pesieve-go

Golang bindings for PE-sieve

IAT_patcher_samples

Sample libraries to be used with IAT Patcher

pe_utils

A set of small utilities, helpers for PIN tracers

hidden_bee_tools

Parser for a custom executable format from Hidden Bee malware (first stage)

mal_unpack_py

Python wrappers for mal_unpack

decryptors_archive

Archive of ransomware decryptors

flareon2022

asm16_projects

My small projects writen in 16 bit asm (NOTE: those are my practice projects that I wrote when I was 15, I give no warranty for this code!)

tag_converter

petya_green

Application for random attack on Green Petya's key

bootldr_demo

Demo bootloaders - created just for fun

metasploit_modules

My metasploit modules

loaderine

A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.

jpassword_scrambler

Small utility to generate complicated passwords - version with GUI

beardisasm

A wrapper for capstone for bearparser

bunitu_tests

Scripts for communication with Bunitu Trojan C&Cs

7ev3n_decoders

Decoders for 7ev3n ransomware

libpeconv_and_detours_tpl

A template for projects using both libPeConv and MS Detours

sig_finder

Signature finder (from PE-bear)

detours_cmake_tpl

A CMake template for projects using MS Detours

passcrambler

https://hasherezade.github.io/passcrambler/

challs

My solutions for random crackmes and other challenges

wke_exercises

My solutions for HackSys Extreme Vulnerable Driver

drawings

Some of my drawings

pe_recovery_tools

A placeholder repository

hasherezade.github.io

My projects' homepage

mastercoder2014

libpeconv_demo

Demo projects and utilities made with the help of libPeConv

bearparser_tests

External tests for bearparser

libpeconv_wrappers

A ready-made template for a new project based on libPeConv library

hasherezade

paramkit_tpl

A template for a project using ParamKit

pesieve_tests

External tests for PE-sieve