@hasherezade

1.4K Followers
34 Following
42 Posts
Programmer, #malware analyst. Author of #PEbear, #PEsieve, #TinyTracer.
Homepagehttps://hasherezade.net
Twitterhttps://twitter.com/hasherezade
hasherezadeMar 10
I just got back home from @REverseConf . I had an amazing time, and I want to thank the organisers and all the people I met! The talks went great, and I was honoured to be part of the process of choosing and refining them. If you are thinking about where to submit next year, I highly recommend this event, in beautiful Orlando!
Show threadhasherezadeDec 14, 2024
Now you can use #HollowsHunter it in the classic mode, as well as in ETW mode - as a multi-threaded listener.
hasherezadeDec 14, 2024
New #PEsieve
& #HollowsHunter (v0.4.0) are released: https://github.com/hasherezade/pe-sieve/releases & https://github.com/hasherezade/hollows_hunter/releases - A lot has changed in the new version, check it out!
Releases 路 hasherezade/pe-sieve

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches). - hasherezade/pe-sieve

GitHub
hasherezadeJul 26, 2024
In my new blog for #CheckPointResearch I propose a new injection technique, using the Thread Name API - check it out! 馃挋 : https://research.checkpoint.com/2024/thread-name-calling-using-thread-name-for-offense // #ThreadNameCalling #processInjection
Thread Name-Calling - using Thread Name for offense - Check Point Research

Research by: hasherezade Highlights: Introduction Process injection is one of the important techniques used by attackers. We can find its variants implemented in almost every malware. It serves purposes such as: Due to the fact that interference in the memory of a process by malicious modules can cause a lot of damage, all sorts of AV [鈥

Check Point Research
hasherezadeFeb 25, 2024
New #PEsieve/#HollowsHunter (v0.3.9): https://github.com/hasherezade/pe-sieve/releases/ & https://github.com/hasherezade/hollows_hunter/releases - now you can search for your own signatures in memory. Details: https://github.com/hasherezade/pe-sieve/wiki/4.11.-Detect-shellcode-by-custom-patterns-(pattern). Check it out!
Releases 路 hasherezade/pe-sieve

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches). - hasherezade/pe-sieve

GitHub
hasherezadeJan 8, 2024
New Year with new #PEbear - release 0.6.7 is ready! I added some new features, such as Strings view, searching for binary patterns, remapping of PEs dumped from memory, and more. Check it out: https://github.com/hasherezade/pe-bear/releases/
Releases 路 hasherezade/pe-bear

Portable Executable reversing tool with a friendly GUI - hasherezade/pe-bear

GitHub
hasherezadeNov 10, 2023
New #PEsieve/#HollowsHunter (v0.3.8) is out: https://github.com/hasherezade/pe-sieve/releases & https://github.com/hasherezade/hollows_hunter/releases
- including features discussed in the following video: https://www.youtube.com/watch?v=liSSm1sWBGg
Releases 路 hasherezade/pe-sieve

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches). - hasherezade/pe-sieve

GitHub
hasherezadeApr 1, 2023
I did a writeup on #Magniber - an obfuscated #ransomware using raw #syscalls to call functions. The writeup has more of a tutorial form, demonstrating usage of some of my tools (mainly #TinyTracer) in action, and also sharing some of my approaches & workflow. Check it out: https://hshrzd.wordpress.com/2023/03/30/magniber-ransomware-analysis/
Magniber ransomware analysis: Tiny Tracer in action

hasherezade's 1001 nights
hasherezadeNov 6, 2022
New #PEsieve/#HollowsHunter (v0.3.5): https://github.com/hasherezade/pe-sieve/releases/ & https://github.com/hasherezade/hollows_hunter/releases - with some bugfixes & improvements. Check it out!
Releases 路 hasherezade/pe-sieve

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches). - hasherezade/pe-sieve

GitHub