hasherezade
@hasherezade
Followers
84,239
Following
845
Media
1,182
Statuses
23,339
Programmer, #malware analyst. Author of #PEbear , #PEsieve , #TinyTracer . Private account. All opinions expressed here are mine only (not of my employer etc)
Poland
Joined July 2013
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Davido
• 533452 Tweets
Nancy
• 73502 Tweets
Drew
• 72445 Tweets
Madonna
• 62745 Tweets
#WWERaw
• 58519 Tweets
Burna
• 51489 Tweets
Katy Tur
• 34920 Tweets
#WWEDraft
• 20210 Tweets
Luciano
• 18965 Tweets
Braun
• 18299 Tweets
Tatum
• 17227 Tweets
Derrick White
• 15534 Tweets
Aleska
• 14367 Tweets
D White
• 13993 Tweets
Rony
• 13622 Tweets
Endrick
• 11452 Tweets
Surprise!
#PEbear
is Open Source now! - please check it out and let me know what do you think!
44
698
2K
BTW, I am not saying that this is what happened in the
#xz
backdoor case, but what does not help is, github makes it quite trivial to spoof user accounts... I was just able to make a commit as this person, in my own repository:
103
171
2K
To whomever it concerns: I am NOT in any ways affiliated with Azov (or any other
#ransomware
). It’s a common practice among cyber criminals to try to frame security researchers.
70
282
2K
I made a small utility to automatically convert a DLL into EXE: (similarly like: )
14
551
1K
email: "I got ransomware"
Gmail suggested response: "I'm so proud of you!"
😆
27
199
1K
I started writing down some tips on "How to start RE/malware analysis": - feedback most welcome
19
370
864
age++
I am glad I made it till 32. not (just) because of the current pandemic, but because in general no day of life is given for granted. feeling grateful for all I’ve got and seen so far, the good and the bad. life’s beautiful.
104
10
810
If anyone interested, I made an implementation of
#TransactedHollowing
- the PE injection technieque used by the
#Osiris
loader:
13
257
743
New release:
#PEbear
0.6.5: - several new features, fixes and improvements - check it out!
18
167
670
New
#PEsieve
/
#HollowsHunter
(v0.3.8) is out: &
- including features discussed in the following video:
Sneak preview of the upcoming
#PEsieve
/
#HollowsHunter
: -detecting obfuscated beacons. You can get a test version from the AppVeyor build server. Feedback welcome 😊
5
127
365
12
210
645
there is a stereotype that Christmas with family = memorable, while Christmas alone = miserable. but in real life it may be quite opposite. in whatever situation you are - be good to yourself, and don't treat this whole thing too serious.
17
143
616
Due to the fact that I am gonna be more and more busy with my family life, I am looking for a person who would like to become a successor of my open source projects. You need to know C/C++, and be very committed. Please share your offers!
52
84
623
Finally our paper about the "Silent Night"
#Zloader
/
#Zbot
is out! - by me (analysis) and
@prsecurity_
(intelligence): - via
@Malwarebytes
21
264
613
When I read my code from many years ago, I not only remember the code, but often also get a full-blown flashback from the moment of writing it: random memories of the whole surroundings, with sounds, smells, emotions, etc. Anyone else can relate?
81
38
603
Idea for a new Netflix series: like “Narcos”, but about malware authors
40
106
603
if you are planning to invite me to speak at your conference just because I am a woman, better punch me on the face instead
32
63
554
"procrastination-based project" - a project that you start doing in order to procrastinate doing another project 😉
10
97
526
Slides from my talk "
#PEsieve
an open source scanner for hunting and unpacking malware"
#BlueHatIL
11
225
523
New release:
#TinyTracer
v2.3 : - with improved syscalls tracing support - now syscalls are automatically mapped to corresponding functions names
7
168
520
If you follow your dreams and work hard enough, one day you will prove your worth to all the doubters. But on the way you may find out that their approval is the least important thing in your life.
13
115
503
From non IT-related things, this year I started to learn drawing. This is my current status (may delete later)
35
5
508
Happy New Year! I have for you a new
#PEbear
(v0.6.7) with some of the requested features, such as strings, and patterns searching. Plus other improvements & bugfixes. Check it out! 🐻💙
10
149
503
I know some people use
#PEbear
to unmap PEs dumped from memory. Since upcoming releases you will be able to do it just by one click:
13
124
502
If anyone wants to play with the good old
#Stuxnet
, I uploaded a bundle of its components to
@virusbay_io
:
9
181
490
18
186
490
age++
what a strange year... sometimes it feels like a month, sometimes like 10 years has passed...
77
3
470
Victims of !XPTLOCK5.0 - please do not pay the ransom! I've got the key, help coming soon (at least for some of you) //
#ransomware
8
574
462
Now DLL_to_EXE supports also 64bit DLLs:
5
182
452
Sometimes malware authors create their own executable format - it's really fun to reverse the full structure (sample: )
7
171
444
My new post for
@Malwarebytes
"Reversing malware in a custom format:
#HiddenBee
elements" :
3
243
444
It was the beginning of 2000 when I decided that I will learn programming. I was 11-12 at the time. Had absolutely no resources, and no idea where to begin, but I didn’t give up. So, in 2020 I will be celebrating 20th anniversary of being in this amazing field.
16
25
433
I woke up to this news and still not sure if I am not dreaming:
- thank you
@Forbes
, I feel so much honored! and congratulations to
@Fox0x01
and
@StackSmashing
65
45
427
#MalwareTipsAndTricks
: did you know this (lower level) way of enumerating processes? snippet: [1/3]
12
137
428
New
#PEsieve
/
#HollowsHunter
(v0.3.9): & - now you can search for your own signatures in memory. Details: . Check it out!
8
166
436
Interesting trick to make a persistence key unnoticed by autoruns:
7
292
429
I am near to finish the longest & most detailed malware analysis writeup I ever written... coming soon! I hope you will like it 😊
13
24
427
How to solve the
@Malwarebytes
#CrackMe
: a step-by-step tutorial (this time by me 😉): - thx to all who played!
9
227
414
Did you miss my bedtime stories? 😉 Because some new stuff is coming...
I am happy to announce that now I am a part of
@_CPResearch_
!
Let's explore the link between
#Rhadamanthys
stealer and
#HiddenBee
coin miner!
In our latest blog,
@hasherezade
walks you through the custom executable formats, evolution, and features of this interesting, multilayer malware toolkit.
5
80
180
60
29
415
I wanted to play with this technique, and there was no PoC provided, so I made my own. If anyone needs, it is here: //
#ProcessGhosting
‼️ Process Ghosting: a new process tampering technique for AV evasion. Nice write-up by
@GabrielLandau
6
141
339
2
143
392
I made a writeup on
#Magniber
#ransomware
(from 2022) demonstrating the capabilities of the latest
#TinyTracer
:
15
122
388
New release:
#mal_unpack
(0.9.4): + the (experimental) companion driver (0.1.1.17): - check it out & share your opinions!
10
126
379
Did you know this
#antidebug
technique? (detecting if kernel mode debugging is enabled) - implementation:
7
100
372
a simple but nice trick for obfuscating the execution flow: can you spot what happens there? //
#NSISpacker
11
73
365
Sneak preview of the upcoming
#PEsieve
/
#HollowsHunter
: -detecting obfuscated beacons. You can get a test version from the AppVeyor build server. Feedback welcome 😊
5
127
365
New
#PEsieve
/
#HollowsHunter
(v0.3.3) - with new features and many improvements - check it out: &
11
106
359
Recently I started working on a driver for mal_unpack ( a tool from
#PEsieve
family) - if anyone curious, I open-sourced the code: - please share what do you think
3
129
363
New
#mal_unpack
(0.9): - with the (experimental) companion driver: - is ready! Check it out & share your opinions!
6
146
353
3
89
348
Do you know this trick for checking OS architecture? I found it in
#Kronos
and looks pretty neat:
15
156
334
New release: pe_to_shellcode (
#pe2shc
) v1.0 - with new stubs - added features & improvements:
4
112
338
3
190
337
I crossed 10000 Github contributions 👀... I guess I can call it some milestone 😉
11
9
337
17
3
336
To whoever needs to hear it: putting other people down may give you some delusion of superiority, but it won’t make you any ahead in life. In fact, you are sabotaging yourself the most.
12
46
323
My new small utility: PE to shellcode converter: - for now it is experimental, available for testing (32 bit only)
5
159
317
Nice set of video tutorials - DLL injection, simple keyloggers and more: (C/C++)
0
147
316
3
146
311
In this paper I share some ideas on how to generate a shellcode in assembly from your C code
3
98
315
New release:
#pe_to_shellcode
(
#pe2shc
) - added DCP support: now the generated shellcode can be injected into a processes with DCP ( "Dynamic Code Prohibited" ) enabled
2
116
309
6
170
305
Slides from my talk presented today at
@WarConPL
- "Building a Malwarestein. Adapting and repurposing existing malware into new projects":
4
156
304