hasherezade/pe-sieve external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

hasherezade/pe-sieve

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/hasherezade/pe-sieve)

Close

hasherezade / pe-sieveView on GitHubMore

• External links
• Readme badge

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

☆3,562Oct 31, 2025Updated 4 months ago

Alternatives and similar repositories for pe-sieve

Users that are interested in pe-sieve are comparing it to the libraries listed below

• hasherezade / hollows_hunter

  View on GitHub
  Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks,…
  ☆2,314Oct 31, 2025Updated 4 months ago
• hasherezade / libpeconv

  View on GitHub
  A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl
  ☆1,331Oct 31, 2025Updated 4 months ago
• hasherezade / mal_unpack

  View on GitHub
  Dynamic unpacker based on PE-sieve
  ☆799Sep 13, 2025Updated 5 months ago
• hasherezade / pe_to_shellcode

  View on GitHub
  Converts PE into a shellcode
  ☆2,747Aug 30, 2025Updated 6 months ago
• forrest-orr / moneta

  View on GitHub
  Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs
  ☆807Mar 16, 2024Updated last year
• hasherezade / tiny_tracer

  View on GitHub
  A Pin Tool for tracing API calls etc
  ☆1,625Feb 8, 2026Updated 3 weeks ago
• ayoubfaouzi / al-khaser

  View on GitHub
  Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
  ☆6,868Updated this week
• monoxgas / sRDI

  View on GitHub
  Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode
  ☆2,507Nov 15, 2023Updated 2 years ago
• TheWover / donut

  View on GitHub
  Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…
  ☆4,470Jul 8, 2025Updated 7 months ago
• jthuraisamy / SysWhispers

  View on GitHub
  AV/EDR evasion via direct system calls.
  ☆1,990Jan 1, 2023Updated 3 years ago
• mandiant / speakeasy

  View on GitHub
  Windows kernel and user mode emulation.
  ☆1,860Feb 27, 2026Updated last week
• phra / PEzor

  View on GitHub
  Open-Source Shellcode & PE Packer
  ☆2,069Feb 3, 2024Updated 2 years ago
• hasherezade / dll_to_exe

  View on GitHub
  Converts a DLL into EXE
  ☆816Jul 23, 2023Updated 2 years ago
• jthuraisamy / SysWhispers2

  View on GitHub
  AV/EDR evasion via direct system calls.
  ☆1,795Sep 3, 2022Updated 3 years ago
• everdox / InfinityHook

  View on GitHub
  Hook system calls, context switches, page faults and more.
  ☆2,637May 9, 2023Updated 2 years ago
• mandiant / flare-floss

  View on GitHub
  FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.
  ☆3,909Feb 23, 2026Updated last week
• d35ha / CallObfuscator

  View on GitHub
  Obfuscate specific windows apis with different apis
  ☆1,023Feb 21, 2021Updated 5 years ago
• jxy-s / herpaderping

  View on GitHub
  Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the in…
  ☆1,183Jul 5, 2023Updated 2 years ago
• mandiant / capa

  View on GitHub
  The FLARE team's open-source tool to identify capabilities in executable files.
  ☆5,844Feb 27, 2026Updated last week
• mgeeky / ThreadStackSpoofer

  View on GitHub
  Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation fr…
  ☆1,196Jun 17, 2022Updated 3 years ago
• hasherezade / pe-bear

  View on GitHub
  Portable Executable reversing tool with a friendly GUI
  ☆3,489Nov 2, 2025Updated 4 months ago
• DarthTon / Blackbone

  View on GitHub
  Windows memory hacking library
  ☆5,348Jan 26, 2024Updated 2 years ago
• JKornev / hidden

  View on GitHub
  🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc
  ☆2,005Jul 13, 2022Updated 3 years ago
• hasherezade / process_doppelganging

  View on GitHub
  My implementation of enSilo's Process Doppelganging (PE injection technique)
  ☆638Aug 30, 2022Updated 3 years ago
• outflanknl / Dumpert

  View on GitHub
  LSASS memory dumper using direct system calls and API unhooking.
  ☆1,576Jan 5, 2021Updated 5 years ago
• wbenny / injdrv

  View on GitHub
  proof-of-concept Windows Driver for injecting DLL into user-mode processes using APC
  ☆1,272May 1, 2024Updated last year
• HyperDbg / HyperDbg

  View on GitHub
  State-of-the-art native debugging tools
  ☆3,654Feb 24, 2026Updated last week
• Mr-Un1k0d3r / EDRs

  View on GitHub
  ☆2,168Feb 21, 2023Updated 3 years ago
• JLospinoso / gargoyle

  View on GitHub
  A memory scanning evasion technique
  ☆899May 24, 2017Updated 8 years ago
• mrexodia / TitanHide

  View on GitHub
  Hiding kernel-driver for x86/x64.
  ☆2,619Sep 2, 2025Updated 6 months ago
• hfiref0x / KDU

  View on GitHub
  Kernel Driver Utility
  ☆2,428Feb 17, 2026Updated 2 weeks ago
• hfiref0x / WinObjEx64

  View on GitHub
  Windows Object Explorer 64-bit
  ☆1,888Updated this week
• hasherezade / malware_training_vol1

  View on GitHub
  Materials for Windows Malware Analysis training (volume 1)
  ☆2,028Jul 1, 2024Updated last year
• med0x2e / SigFlip

  View on GitHub
  SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature…
  ☆1,254Aug 27, 2023Updated 2 years ago
• hasherezade / module_overloading

  View on GitHub
  A more stealthy variant of "DLL hollowing"
  ☆363Mar 8, 2024Updated last year
• hasherezade / transacted_hollowing

  View on GitHub
  Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging
  ☆580Mar 8, 2024Updated last year
• googleprojectzero / sandbox-attacksurface-analysis-tools

  View on GitHub
  Set of tools to analyze Windows sandboxes for exposed attack surface.
  ☆2,273Nov 6, 2025Updated 4 months ago
• hfiref0x / UACME

  View on GitHub
  Defeating Windows User Account Control
  ☆7,404Feb 17, 2026Updated 2 weeks ago
• klezVirus / SysWhispers3

  View on GitHub
  SysWhispers on Steroids - AV/EDR evasion via direct system calls.
  ☆1,594Jul 31, 2024Updated last year