Application Development
Phrozen develops powerful, efficient, user-friendly applications for all kinds of platforms (Microsoft Windows, MacOS, iOS) and in multiple languages (Pascal/Delphi, Python, C#, Swift/SwiftUI, Objective-C, PowerShell, etc.)
Phrozen develops powerful, efficient, user-friendly applications for all kinds of platforms (Microsoft Windows, MacOS, iOS) and in multiple languages (Pascal/Delphi, Python, C#, Swift/SwiftUI, Objective-C, PowerShell, etc.)
Our web design pros create amazing-looking, highly secure websites and web applications in a variety of architectures (Python/Django, Python/Flask, NodeJS, Javascript, HTML5/CSS/LESS/SCSS)
With our expert penetration testing services, you can rest assured that your valuable assets are protected.
We also offer a range of design services to give your applications and websites a professional look and feel, such a logo creation, illustration, and motion design/animation.
In this inaugural instalment of the Malware Retrospective series, we take a trip down memory lane to revisit the Beast RAT, a notorious Windows RAT (Remote Access Trojan) developed by the elusive “Tataye.” This groundbreaking malware left an indelible mark on a whole generation of enthusiasts, including myself, who were captivated by its ingenuity and influence the whole scene back in it’s time.
1 month ago
A new version of the unprotect portal has been released with updates including:
FeaturedAPI is a new feature that allows for the mapping of common Microsoft Windows API's used by specific evasion techniques, with the ability to consult the most commonly used API's for each technique and their associated caution level (Low, Medium, High) as well as access to official and unofficial documentation.
The team is also making progress on the sample scanner to match scanned samples to potential fitting techniques.
4 months ago
Happy New Year 2023
Happy New Year!
As we ring in the new year, we at PHROZEN would like to extend our warmest wishes to all of our clients, partners, and friends. We hope that the coming year brings you health, happiness, and prosperity.
As we look ahead to the year ahead, we are excited to announce that we will be focusing our efforts on the Unprotect project contribution, as well as working towards in passing new offensive-security certifications. While we have always been committed to delivering top-quality work to our clients, we believe that these efforts will allow us to better serve you and stay at the forefront of our industry.
We understand that this may mean that we will not be able to take on as many public projects as we have in the past, but we hope that you will understand and continue to support us as we work towards these important goals.
Thank you for your continued trust and support. Here's to a successful and fulfilling new year!
Sincerely,
4 months, 3 weeks ago
We are thrilled that our new tool, DLest, was featured on the Qualys blog in the "New Tools & Techniques" section for December 2022. Keep an eye out for more exciting updates from us in the future!
5 months ago
DLest is a Microsoft Windows application that helps developers and malware analysts analyze and manipulate exported functions in Portable Executable (PE) files, especially DLLs. It allows you to enumerate exported functions using various methods and supports the analysis of memory-loaded modules in real time. It also has the ability to dump a reconstructed version of any module for further analysis. DLest is fully multithreaded and efficient for processing large numbers of PE files. It is useful for developers and malware analysts and streamlines their tasks.
5 months, 1 week ago
(eCMAP) Certified Malware Analysis Professional
5 months, 4 weeks ago
Tiny code snippet that demonstrate how to open a new Windows Explorer window with pre-selected files.
6 months, 1 week ago
Tiny Python code snippet to extract ASCII / Unicode strings from any file. This is a very simplified equivalent of UNIX strings
command.
Supports:
6 months, 1 week ago
6 months, 2 weeks ago
7 months, 1 week ago
We are excited to announce that our latest tool, PsyloDbg, has been featured in the "Tools & Exploits" section of Bad Sector Labs Blog's Last Week in Security. Stay tuned for more updates and improvements to come from us at PsyloDbg!
7 months, 2 weeks ago
PsyloDbg is a versatile, user-friendly, and open-source debugger for the Windows platform. It is entirely written in Delphi, and its purpose is to assist malware analysts in their work by providing them with a fast and effective tool. As a result, analysts can save time and improve their response to malware threats.
7 months, 2 weeks ago
New Unprotect C# Code Snippet added for technique Timestomp
.
This tiny code snippet demonstrate the principle of file time stomping.
Steps:
Additional information:
9 months, 3 weeks ago
New Unprotect Delphi code snippet added for technique Process Hollowing, RunPE with support of both x86-32 and x86-64 in a single code.
11 months, 1 week ago
New Unprotect Delphi Code Snippet added for technique Checking Mouse Activity
11 months, 2 weeks ago
New Unprotect Delphi Code Snippet added for technique DLL Injection via CreateRemoteThread and LoadLibrary
with both support of x86-32 and x86-64.
11 months, 2 weeks ago
New Unprotect Delphi Code Snippet added for technique ProcEnvInjection - Remote code injection by abusing process environment strings
for both x86-32 and x86-64.
11 months, 2 weeks ago
New code snippet that demonstrate how Malware authors create self-deleting application. This technique rely on an external command line interpreter process that attempt to delete malware sample when sample process is terminated.
11 months, 2 weeks ago
FastResize
option was removed. 1 year, 2 months ago
The purpose of this tool is to allow users to run applications with system-level privileges in the context of their current active Windows session, using only the Microsoft Windows Task Scheduler.
Unlike other common tools, this technique does not require any external software or services, and can be easily configured to launch the system terminal and run the desired application within the current session. This allows users to access system-level functionality and interact with the application in real time.
1 year, 3 months ago
Invoke-RemoteDesktopServer
error fixed during module import.1 year, 3 months ago
1 year, 3 months ago
1 year, 3 months ago
PowerRunAsAttached is a ported version of RunAsAttached in pure PowerShell.
1 year, 4 months ago
PowerBruteLogon is a ported version of WinBruteLogon in pure PowerShell.
1 year, 4 months ago
CTRL+C
SecureString
for authentication password.1 year, 4 months ago
TransportMode
option removed.1 year, 4 months ago
1 year, 4 months ago
SecureString
to handle password.1 year, 4 months ago
1 year, 4 months ago
1 year, 4 months ago
1 year, 4 months ago
Power Remote Desktop is a powerful and easy-to-use remote desktop application that is written entirely in PowerShell. Unlike other remote desktop solutions, it does not rely on any external software or protocols to function, making it quick and easy to install and use. Its primary advantage is its use of PowerShell, which allows for seamless integration with other scripts and tools, as well as its user-friendly interface. Power Remote Desktop is a versatile and reliable solution for anyone needing to access and control remote computers.
1 year, 4 months ago
The tool is a PowerShell module that allows you to load and execute .NET assemblies from memory, transferred over a network connection such as HTTP. It consists in retrieving the .NET assembly located at an URL. It then loads the assembly into memory and executes with given parameters.
This tool is useful for anyone who needs to load and execute .NET assemblies over a network connection, such as during a penetration testing engagement or when working with remote systems. It allows you to easily load and execute assemblies from memory, without the need to save them to disk first.
1 year, 7 months ago
This PoC project demonstrate the dangerousness of InnoSetup installers. Installers should never be trusted, not only it can contain Malwares, it is also possible to entirely code a complete and functional Malware using their embedded scripting engines.
In this PoC, we explorer the InnoSetup scripting engine (derived from Pascal) to execute a shellcode generated with msfvenom
1 year, 10 months ago