39 open source projects by hasherezade

My implementation of enSilo's Process Doppelganging (PE injection technique)

Persistent IAT hooking application - based on bearparser

ChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports payload-side

Small tool for disassembling shellcode (using objdump)

Demos of various (also non standard) persistence methods used by malware

A more stealthy variant of "DLL hollowing"

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

Helper tools for recovering dumped PE files

Password scrambler - small util to make your easy passwords complicated!

A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.

ViDi Visual Disassembler (experimental)

A process overwriting its own PEB to make an illusion that it has been loaded from a different path.

Application for cracking Red Petya key based on genetic algorithms.

Application for random attack on Green Petya's key

Scripts for communication with Bunitu Trojan C&Cs

Converts PE into a shellcode

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

Demos of various injection techniques found in malware

Converts a DLL into EXE

A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl

Portable Executable parsing library (from PE-bear)

Various snippets created during malware analysis

A Pin Tool for tracing API calls etc

Converts a EXE into DLL

IFL - Interactive Functions List (plugin for IDA Pro)

Flare-On solutions

A ready-made template for a project based on libpeconv.

A decoder for Petya victim keys, using the Janus' masterkey.

Set of antianalysis techniques found in malware

Various scripts helpful in sorting collections of malware samples.

Sample libraries to be used with IAT Patcher

Parsers for custom malware formats ("Funky malware formats")

A simple commandline injector using classic DLL injection

My small projects writen in 16 bit asm (NOTE: those are my practice projects that I wrote when I was 15, I give no warranty for this code!)

An experimental dynamic malware unpacker based on Intel Pin and PE-sieve

MalUnpack companion driver

Set of my small utils related to cryptography, encoding, decoding etc

A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.

No description, website, or topics provided.