Skip to content
Avatar

Highlights

  • Arctic Code Vault Contributor
  • Pro

Popular repositories

  1. Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

    C++ 1.3k 217

  2. Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

    C 648 106

  3. Converts PE into a shellcode

    Assembly 586 166

  4. Demos of various injection techniques found in malware

    C 557 153

  5. Converts a DLL into EXE

    C++ 497 123

  6. A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl

    C++ 408 96

1,667 contributions in the last year

Oct Nov Dec Jan Feb Mar Apr May Jun Jul Aug Sep Oct Mon Wed Fri

Contribution activity

October 2020

Created an issue in hasherezade/pe-bear-releases that received 1 comment

Invalid RVA -> VA conversion in "go to raw"

The raw address is correctly converted to RVA: However, if we choose conversion to VA, the image base is (mistakenly) added to the raw address, in…

1 comment
39 contributions in private repositories Oct 12 – Oct 22

Seeing something unexpected? Take a look at the GitHub profile guide.

You can’t perform that action at this time.