hasherezade / drawings
Some of my drawings
☆10Updated 2 years ago
Related projects: ⓘ
- An experimental dynamic malware unpacker based on Intel Pin and PE-sieve☆57Updated 3 weeks ago
- Python wrappers for mal_unpack☆34Updated last year
- Sample project that encrypts windows 32-bit executables with password☆52Updated 2 years ago
- Enumerate user mode shared memory mappings on Windows.☆112Updated 3 years ago
- ☆60Updated 7 months ago
- ☆83Updated this week
- Command line utility for copying files on NTFS using low level disk access☆32Updated 5 months ago
- Shows different icons for 64 and 32-bit DLLs. Register with RegSvr32 to install☆32Updated 2 years ago
- ☆35Updated last year
- A DLL that serves OutputDebugString content over a TCP connection☆33Updated 2 years ago
- Demos and presentation from SECArmy Village Grayhat 2020☆36Updated last year
- ☆53Updated 3 years ago
- A local copy of Alex Ionescu's seemingly abandoned native-nt-toolkit project containing knowledge inherited from the ReactOS project.☆53Updated 4 years ago
- A small library helping to parse commandline parameters (for C/C++)☆53Updated last year
- Metadata hash incorporating the Rich Header for robustness against packing and other malware tricks☆57Updated 3 years ago
- ☆15Updated this week
- A set of small utilities, helpers for PIN tracers☆31Updated 11 months ago
- Windows 11 Syscall table. Ready to use in direct syscall. Actively maintained.☆19Updated 2 years ago
- Add an empty section to a PE file☆49Updated 7 years ago
- A tool to extract RTTI information from Delphi executables, written in pure Python☆22Updated 4 years ago
- Keep it secret, keep it safe☆75Updated last year
- Blocks drivers from loading by using a name collision technique. #nsacyber☆44Updated 6 years ago
- ☆27Updated last year
- I was challenged by a friend to list all the processes and drivers in a system using more "unusual" methods. By doing this I learned quit…☆16Updated 8 years ago
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆69Updated last year
- Small visualizator for PE files☆66Updated last year
- Various tools, PoCs and experiments related to my blog at https://www.forrest-orr.net/☆35Updated 3 years ago
- A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…☆91Updated 4 years ago
- CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers☆129Updated 4 years ago
- Python 3 - Manipulation and conversation with different data type (Bytes operations)☆26Updated 2 years ago