Author Archives: hasherezade

About hasherezade

Programmer and researcher, interested in InfoSec.

PE-bear – version 0.3.8 available

It has been a long time since I abandoned PE-bear project (version 0.3.7 was released in 2014!). But due to the fact that it still has new downloads, and I keep getting messages from its users, I understood it would … Continue reading

Posted in PE-bear | 4 Comments

White Rabbit crackme!

UPDATE: We already got the three winners. Good job guys! However, we are waiting for the writeups to select the reward for the best one – so if you are still in between of doing the crackme, don’t give up! … Continue reading

Posted in CrackMe | Tagged , | 9 Comments

Unpacking a malware with libPeConv (Pykspa case study)

In one of the recent episodes of “Open Analysis Live!” Sergei demonstrated how to statically unpack the Pykspa Malware using a Python script. If you haven’t seen this video yet, I recommend you to watch, it is available here – … Continue reading

Posted in Malware, Programming, Tutorial | Tagged | Leave a comment

Solving a PyInstaller-compiled crackme

I got this crackme from one of my readers, who asked me for the help in understanding how to solve it. As he wrote in the e-mail, it comes “from last year competition by the CheckPoint company”. I promised to … Continue reading

Posted in CrackMe, Tutorial | Tagged , | Leave a comment

Process Doppelgänging – a new way to impersonate a process

Recently at Black Hat Europe conference, Tal Liberman and Eugene Kogan form enSilo lab presented a new technique called Process Doppelgänging. The video from the talk is available here. (Also, it is worth mentioning that Tal Liberman is an author … Continue reading

Posted in Malware, Programming, Techniques | Tagged , | 3 Comments

Hook the planet! Solving FlareOn4 Challenge6 with libPeConv

Recently I started making a small library for loading and converting PE files (libpeconv – EARLY BETA available on my GitHub). In my previous post, I demonstrated how the Challenge 3 from FlareOn4 could be solved with it’s help: I … Continue reading

Posted in CrackMe, Programming, Tools | Tagged , , , | Leave a comment

Import all the things! Solving FlareOn4 Challenge 3 with libPeConv

Recently I started making a small library for loading and converting PE files (libpeconv, available on my GitHub). The library is still on early stages of development, so please don’t judge and don’t use it in any serious projects. The … Continue reading

Posted in CrackMe, Programming, Tools | Tagged , , , | Leave a comment