hasherezade

hasherezade hasherezade

5.9k followers · 34 following

Achievements

Highlights

libpeconv Public

A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl

pe-format pe-loader pe-file manual-mapping libpeconv

C++ 1,121 182 BSD 2-Clause "Simplified" License Updated Nov 25, 2024
tiny_tracer Public

A Pin Tool for tracing API calls etc

reverse-engineering dbi malware-analysis api-trace intel-pintools

C++ 1,309 141 Updated Nov 20, 2024
hasherezade.github.io Public

My projects' homepage

HTML 10 2 Updated Nov 18, 2024
flareon2024 Public

Python 25 4 Updated Nov 12, 2024
hollows_hunter Public

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

anti-malware malware-analysis memory-forensics malware-detection pe-sieve

C 2,038 255 BSD 2-Clause "Simplified" License Updated Nov 6, 2024
pe-sieve Public

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

scans anti-malware malware-analysis pe-format hooking pe-analyzer memory-forensics

C++ 3,111 434 BSD 2-Clause "Simplified" License Updated Nov 6, 2024
flareon2023 Public

Python 25 1 Updated Oct 30, 2024
ida_ifl Public

IFL - Interactive Functions List (plugin for IDA Pro)

ida-pro ida-plugin idapython-plugin

Python 425 64 Updated Oct 30, 2024
pe-bear Public

Portable Executable reversing tool with a friendly GUI

multiplatform malware-analysis pe-format pe-file pe-analyzer bearparser pe-editor

C++ 2,782 171 GNU General Public License v2.0 Updated Oct 28, 2024
libpeconv_tpl Public template

A ready-made template for a project based on libpeconv.

libpeconv

C++ 42 16 Updated Oct 21, 2024
hidden_bee_tools Public

Parser for a custom executable format from Hidden Bee malware (first stage)

C++ 39 12 Updated Sep 13, 2024
thread_namecalling Public

Process Injection using Thread Name

redteam shellcode-injector shellcode-injection processinjection

C 241 32 Updated Aug 30, 2024
bearparser Public

Portable Executable parsing library (from PE-bear)

parser-library multiplatform pe bearparser

C++ 647 108 BSD 2-Clause "Simplified" License Updated Aug 29, 2024
pin_n_sieve Public

An experimental dynamic malware unpacker based on Intel Pin and PE-sieve

C++ 57 7 Updated Aug 21, 2024
IAT-Tracer Public
Forked from YoavLevi/IAT-Tracer

An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (.tag) files.

Python 9 Updated Jul 12, 2024
masm_shc Public

A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.

shellcode shellcode-development

C++ 156 31 MIT License Updated Jul 11, 2024
malware_training_vol1 Public

Materials for Windows Malware Analysis training (volume 1)

malware-analysis malware-research windows-malware-analysis

Assembly 1,938 186 Updated Jul 1, 2024
mal_unpack_drv Public

MalUnpack companion driver

C++ 92 17 BSD 2-Clause "Simplified" License Updated Jun 17, 2024
sig_finder Public

Signature finder (from PE-bear)

pattern-matching pattern-searching

C++ 29 3 BSD 2-Clause "Simplified" License Updated Jun 14, 2024
instrumentation-callbacks Public
Forked from not-wlan/instrumentation-callbacks

based on https://github.com/secrary/Hooking-via-InstrumentationCallback

C++ 1 1 Updated Jun 13, 2024
shellc_encoder Public

Standalone Metasploit-like XOR encoder for shellcode

C 46 2 Updated May 12, 2024
process_ghosting Public

Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file

pefile pe-injector pe-injection

C 631 113 MIT License Updated Mar 11, 2024
process_overwriting Public

Yet another variant of Process Hollowing

C++ 355 75 Updated Mar 10, 2024
transacted_hollowing Public

Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging

pefile malware code-injection pe-injector

C 521 74 MIT License Updated Mar 8, 2024
module_overloading Public

A more stealthy variant of "DLL hollowing"

pe-injector process-hollowing

C 337 56 Updated Mar 8, 2024
mal_unpack Public

Dynamic unpacker based on PE-sieve

malware-analysis memory-forensics libpeconv pe-sieve malware-unpacker

C 657 68 BSD 2-Clause "Simplified" License Updated Feb 26, 2024
crypto_utils Public

Set of my small utils related to cryptography, encoding, decoding etc

Python 84 26 Updated Feb 22, 2024
pesieve-go Public

Golang bindings for PE-sieve

Go 40 2 Updated Nov 11, 2023
pe_utils Public

A set of small utilities, helpers for PIN tracers

C++ 31 13 Updated Oct 6, 2023
pe2pic Public

Small visualizator for PE files

visualization pefile malware-analysis pe-format pe-file

Python 67 15 Updated Sep 20, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

hasherezade hasherezade

Achievements

Achievements

Highlights

Block or report hasherezade

libpeconv Public

tiny_tracer Public

hasherezade.github.io Public

flareon2024 Public

hollows_hunter Public

pe-sieve Public

flareon2023 Public

ida_ifl Public

pe-bear Public

libpeconv_tpl Public template

hidden_bee_tools Public

thread_namecalling Public

bearparser Public

pin_n_sieve Public

IAT-Tracer Public

masm_shc Public

malware_training_vol1 Public

mal_unpack_drv Public

sig_finder Public

instrumentation-callbacks Public

shellc_encoder Public

process_ghosting Public

process_overwriting Public

transacted_hollowing Public

module_overloading Public

mal_unpack Public

crypto_utils Public

pesieve-go Public

pe_utils Public

pe2pic Public