Sign up for your own profile on GitHub, the best place to host code, manage projects, and build software alongside 40 million developers.
Hide content and notifications from this user.
Learn more about blocking users
Contact Support about this user’s behavior.
Learn more about reporting abuse
Dynamic unpacker based on PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
My projects' homepage
A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_project_template
A more stealthy variant of "DLL hollowing"
Demos of various injection techniques found in malware
ChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports payload-side
Password scrambler - small util to make your easy passwords complicated!
Parser for a custom executable format from Hidden Bee malware (first stage)
My implementation of enSilo's Process Doppelganging (PE injection technique)
Portable Executable parsing library (from PE-bear)
A ready-made template for a project based on libpeconv.
Various snippets created during malware analysis
Sample libraries to be used with IAT Patcher
A Pin Tool for tracing API calls etc
IFL - Interactive Functions List (plugin for IDA Pro)
My solutions for random crackmes and other challenges
Converts a DLL into EXE
Parsers for custom malware formats ("Funky malware formats")
PE-bear (builds only)
ViDi Visual Disassembler (experimental)
Persistent IAT hooking application - based on bearparser
Converts PE into a shellcode
A ready-made template for a new project based on libPeConv library
A process overwriting its own PEB to make an illusion that it has been loaded from a different path.
My solutions for HackSys Extreme Vulnerable Driver
Set of my small utils related to cryptography, encoding, decoding etc
A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.