I develop security tools and free software
I occassionally develop software - free tools and utilities that I share with the security community. I strongly believe that developing my very own security tools is the best way to gain an in-depth understanding of internal workings of the operating systems & network. The programs are small, fast and portable.
My tools evolved as are result of two decades of continuous security research and combine my interest in security, algorithms and programming. Some are simple scripts, some are quite advanced applications requiring a lot of research. I share them with the hope they will help others to work more efficiently.
Find out more about the software:
Create IDT/IDS files for IDA from MS libs with this script Calculate APPids with appid_calc.pl Convert Shellcode to Portable Executable with shell2exe Enumerate Pinned items on the Taskbar with pinenum Carve timestamps with timecraver Extract string islands with motu Explore file relationship for data reduction purposes with visualisation 'Filighting' tools Detect Compromise with Hexacorn Compromise Detector Intelligently extract 'strings' with HexDive Analyze malware with Hexacorn Application Monitor Decrypt 20+ Quarantine files+ hidden .exes DeXRAY Extract PE sections and their strings with PESectionExtractor Extract Russian strings from evidence with RUStrings.pl Detect timestomped and other suspicious PE files with PECluester Detect network sniffers with Hexacorn Sniffer Detector Explore keys covered by Regripper with 3R Develop RegRipper Plugins with 3RPG Discover hidden windows (keyloggers!) with Windows Disco
Older software - no longer available
Extract 50000+ API strings from evidence with HAPI(discontinued use HexDive) Extract $MFT from live systems and images with Hexacorn $MFT Extractor(discontinued)