hasherezade / pe-bear-releasesView external linksLinks
PE-bear (builds only)
☆781Jun 4, 2023Updated 2 years ago
Alternatives and similar repositories for pe-bear-releases
Users that are interested in pe-bear-releases are comparing it to the libraries listed below
Sorting:
- Portable Executable parsing library (from PE-bear)☆659Oct 4, 2025Updated 4 months ago
- Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks,…☆2,310Oct 31, 2025Updated 3 months ago
- Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-mem…☆3,553Oct 31, 2025Updated 3 months ago
- Dynamic unpacker based on PE-sieve☆796Sep 13, 2025Updated 5 months ago
- Portable Executable reversing tool with a friendly GUI☆3,482Nov 2, 2025Updated 3 months ago
- A Pin Tool for tracing API calls etc☆1,616Feb 8, 2026Updated last week
- Converts PE into a shellcode☆2,734Aug 30, 2025Updated 5 months ago
- Materials for Windows Malware Analysis training (volume 1)☆2,024Jul 1, 2024Updated last year
- A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl☆1,323Oct 31, 2025Updated 3 months ago
- Converts a DLL into EXE☆815Jul 23, 2023Updated 2 years ago
- Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging☆581Mar 8, 2024Updated last year
- A more stealthy variant of "DLL hollowing"☆363Mar 8, 2024Updated last year
- Parsers for custom malware formats ("Funky malware formats")☆98Jan 8, 2022Updated 4 years ago
- AV/EDR evasion via direct system calls.☆1,988Jan 1, 2023Updated 3 years ago
- PE file viewer/editor for Windows, Linux and MacOS.☆1,189Updated this week
- Quickly debug shellcode extracted during malware analysis☆623May 23, 2023Updated 2 years ago
- Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…☆682Mar 11, 2024Updated last year
- Open-Source Shellcode & PE Packer☆2,066Feb 3, 2024Updated 2 years ago
- Windows kernel and user mode emulation.☆1,841Feb 4, 2026Updated last week
- Some of my publicly available Malware analysis and Reverse engineering.☆933Jun 3, 2024Updated last year
- My implementation of enSilo's Process Doppelganging (PE injection technique)☆637Aug 30, 2022Updated 3 years ago
- AV/EDR evasion via direct system calls.☆1,789Sep 3, 2022Updated 3 years ago
- Advanced usermode anti-anti-debugger. Forked from https://bitbucket.org/NtQuery/scyllahide☆4,001Jun 4, 2024Updated last year
- IFL - Interactive Functions List (plugin for IDA Pro)☆486Nov 16, 2025Updated 3 months ago
- Program for determining types of files for Windows, Linux and MacOS.☆10,229Updated this week
- DIE engine☆2,968Updated this week
- xAnalyzer plugin for x64dbg☆1,185Aug 13, 2025Updated 6 months ago
- The FLARE team's open-source tool to identify capabilities in executable files.☆5,821Updated this week
- FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.☆3,877Feb 3, 2026Updated 2 weeks ago
- Linker/Compiler/Tool detector for Windows, Linux and MacOS.☆568Updated this week
- Windows Object Explorer 64-bit☆1,883Updated this week
- PDBRipper is a utility for extract an information from PDB-files.☆876Updated this week
- Tool to bypass LSA Protection (aka Protected Process Light)☆986Dec 4, 2022Updated 3 years ago
- Inject .NET assemblies into an existing process☆508Jan 19, 2022Updated 4 years ago
- A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering env…☆8,338Dec 23, 2025Updated last month
- MalUnpack companion driver☆99Jun 17, 2024Updated last year
- Defeating Windows User Account Control☆7,350Jan 11, 2026Updated last month
- ☆2,169Feb 21, 2023Updated 2 years ago
- Simple (relatively) things allowing you to dig a bit deeper than usual.☆3,462Updated this week