-
Recent Posts
Archives
- November 2022 (1)
- October 2022 (2)
- February 2022 (1)
- January 2022 (1)
- October 2021 (3)
- January 2021 (1)
- December 2020 (1)
- September 2019 (1)
- June 2019 (1)
- January 2019 (1)
- July 2018 (1)
- April 2018 (1)
- February 2018 (1)
- January 2018 (2)
- December 2017 (2)
- November 2017 (1)
- June 2017 (4)
- May 2017 (2)
- December 2016 (1)
- November 2016 (1)
- July 2016 (3)
- June 2016 (1)
- April 2016 (1)
- March 2016 (2)
- February 2016 (1)
- October 2014 (1)
- March 2014 (1)
- February 2014 (2)
- January 2014 (1)
- November 2013 (1)
- October 2013 (1)
- September 2013 (1)
- August 2013 (1)
- July 2013 (3)
- July 2012 (1)
- May 2012 (1)
- April 2012 (1)
Categories
- CONfidence (3)
- CrackMe (18)
- KernelMode (4)
- Malware (13)
- Malware Decryptor (5)
- PE-bear (12)
- Programming (5)
- Techniques (4)
- Tools (9)
- Tutorial (14)
- Uncategorized (3)
- WKE (3)
Blog Stats
- 911,609 hits
All my works included here are licensed under:
Category Archives: Tools
Python scripting for WinDbg: a quick introduction to PyKd
PyKd is a plugin for WinDbg allowing to deploy Python scripts . It can be very helpful i.e. for tracing and deobfuscation of obfuscated code. In this small tutorial I will demonstrate how to install it and make everything work. … Continue reading
Posted in Tools, Tutorial
6 Comments
PE-bear – version 0.3.9 available
[UPDATE] This release introduced some stability issues, fixed in 0.3.9.5 Hello! Several months have passed since I released PE-bear 0.3.8. Since it was my old, abandoned project, I did not plan to start developing it again. Initially, I got convinced … Continue reading
Posted in PE-bear, Tools
6 Comments
Hook the planet! Solving FlareOn4 Challenge6 with libPeConv
Recently I started making a small library for loading and manipulating PE files (libpeconv – it’s open source, available on my GitHub). In my previous post, I demonstrated how the Challenge 3 from FlareOn4 could be solved with it’s help: … Continue reading
Import all the things! Solving FlareOn4 Challenge 3 with libPeConv
Recently I started making a small library for loading and converting PE files (libpeconv, available on my GitHub). The library is still on early stages of development, so please don’t judge and don’t use it in any serious projects. The … Continue reading
Introducing PE_unmapper
Recently I wrote a small tool, that can be used as a helper in malware analysis. Various malware types unpack their core modules in memory, load them and run. In order to unpack them fast, we can let the malware … Continue reading
Anti-Petya live CD (the fastest Stage1 key decoder)
❗❗❗ATTENTION❗❗❗ Please use the LATEST version of the decoder, available here: https://github.com/hasherezade/petya_key UPDATE: 17-th July a new version of Petya has been released. At the moment, there is no way to decrypt the disk. Don’t let the infection reach the … Continue reading
Posted in Malware, Malware Decryptor, Tools
5 Comments
Petya key decoder
❗❗❗ATTENTION❗❗❗ Please use the LATEST version of the decoder, available here: https://github.com/hasherezade/petya_key CODE Sourcecodes of my applications related to recovery from Petya attacks Key decoder for multiple Petyas based on Janus’ masterkey Petya Green – app for brutforce attack on … Continue reading
Posted in Malware, Malware Decryptor, Tools
21 Comments
DMA Unlocker
I managed to crack some of the variants of DMA Locker ransomware (version with RSA key), described [here]. For those who are hit by this version , there is an experimental decryptor for it. More details and updates you can … Continue reading
Posted in Malware, Malware Decryptor, Tools
Leave a comment
Introducing PE-bear: a new viewer/editor for PE files
Hi! Today I would like to introduce my new project – PE-bear. In short words – it is a viewer/editor for PE32 and PE64 files. You may ask – why the hell another PE reversing tool? Well, I started developing … Continue reading
Posted in PE-bear, Tools
Tagged malware analysis, PE, PE editor, PE reverser, PE viewer, PE-bear, RCE tools
4 Comments
hasherezade's 1001 nights 