@hasherezade.bsky.social
Programmer, #malware analyst. Author of #PEbear, #PEsieve, #TinyTracer. Private account. All opinions expressed here are mine only (not of my employer etc) ; https://hasherezade.net
Finally done with #FlareOn12. What a ride! I am looking forward to read other people’s solutions, especially of those who did the 9th task quickly.
October 11, 2025 at 4:26 PM
Finally done with #FlareOn12. What a ride! I am looking forward to read other people’s solutions, especially of those who did the 9th task quickly.
- option of custom parsing exports directory allows to pinpoint even the APIs that the malware author tried to hide by erasing exports table in memory: (github.com/hasherezade/...)
June 6, 2025 at 7:18 PM
- option of custom parsing exports directory allows to pinpoint even the APIs that the malware author tried to hide by erasing exports table in memory: (github.com/hasherezade/...)
- watching not only the functions arguments, but also, how they changed after the function execution, and the function return value: (github.com/hasherezade/...) - thanks to a new contributor, maxspl:
June 6, 2025 at 7:17 PM
- watching not only the functions arguments, but also, how they changed after the function execution, and the function return value: (github.com/hasherezade/...) - thanks to a new contributor, maxspl:
includes: tracing defined local functions (github.com/hasherezade/...):
June 6, 2025 at 7:15 PM
includes: tracing defined local functions (github.com/hasherezade/...):
New #TinyTracer (v3.0) is out - with many cool features: github.com/hasherezade/... - check them out!
June 6, 2025 at 7:11 PM
New #TinyTracer (v3.0) is out - with many cool features: github.com/hasherezade/... - check them out!
#PEbear (github.com/hasherezade/...) is now available via WinGet (learn.microsoft.com/en-us/window...)! You can install it easier than ever - just type: `winget install pe-bear` from Powershell.
March 9, 2025 at 4:07 PM
#PEbear (github.com/hasherezade/...) is now available via WinGet (learn.microsoft.com/en-us/window...)! You can install it easier than ever - just type: `winget install pe-bear` from Powershell.
New release: #IDA_IFL (Interactive Functions List) plugin v1.5 - works for IDA 9. Shout-out to my new contributor,
@mahmoudimus.bsky.social who added the support! github.com/hasherezade/...
@mahmoudimus.bsky.social who added the support! github.com/hasherezade/...
February 8, 2025 at 4:27 PM
New release: #IDA_IFL (Interactive Functions List) plugin v1.5 - works for IDA 9. Shout-out to my new contributor,
@mahmoudimus.bsky.social who added the support! github.com/hasherezade/...
@mahmoudimus.bsky.social who added the support! github.com/hasherezade/...
New #PEsieve & #HollowsHunter
(v0.4.0) are released: github.com/hasherezade/... & github.com/hasherezade/... - A lot has changed in the new version, check it out!
(v0.4.0) are released: github.com/hasherezade/... & github.com/hasherezade/... - A lot has changed in the new version, check it out!
December 14, 2024 at 4:33 PM
New #PEsieve & #HollowsHunter
(v0.4.0) are released: github.com/hasherezade/... & github.com/hasherezade/... - A lot has changed in the new version, check it out!
(v0.4.0) are released: github.com/hasherezade/... & github.com/hasherezade/... - A lot has changed in the new version, check it out!