I develop security tools and free software

I occassionally develop software - free tools and utilities that I share with the security community. I strongly believe that developing my very own security tools is the best way to gain an in-depth understanding of internal workings of the operating systems & network. The programs are small, fast and portable.

My tools evolved as are result of two decades of continuous security research and combine my interest in security, algorithms and programming. Some are simple scripts, some are quite advanced applications requiring a lot of research. I share them with the hope they will help others to work more efficiently.

Find out more about the software:

   Create IDT/IDS files for IDA from MS libs with this script
   Calculate APPids with appid_calc.pl
   Convert Shellcode to Portable Executable with shell2exe
   Enumerate Pinned items on the Taskbar with pinenum
   Carve timestamps with timecraver
   Extract string islands with motu
   Explore file relationship for data reduction purposes with visualisation 'Filighting' tools
   Detect Compromise with Hexacorn Compromise Detector
   Intelligently extract 'strings' with HexDive
   Analyze malware with Hexacorn Application Monitor
   Decrypt 20+ Quarantine files+ hidden .exes DeXRAY
   Extract PE sections and their strings with PESectionExtractor
   Extract Russian strings from evidence with RUStrings.pl
   Detect timestomped and other suspicious PE files with PECluester
   Detect network sniffers with Hexacorn Sniffer Detector
   Explore keys covered by Regripper with 3R
   Develop RegRipper Plugins with 3RPG
   Discover hidden windows (keyloggers!) with Windows Disco

Older software - no longer available

   Extract 50000+ API strings from evidence with HAPI(discontinued use HexDive)
   Extract $MFT from live systems and images with Hexacorn $MFT Extractor(discontinued)