Application Development

Phrozen develops powerful, efficient, user-friendly applications for all kinds of platforms (Microsoft Windows, MacOS, iOS) and in multiple languages (Pascal/Delphi, Python, C#, Swift/SwiftUI, Objective-C, PowerShell, etc.)

Web Development

Our web design pros create amazing-looking, highly secure websites and web applications in a variety of architectures (Python/Django, Python/Flask, NodeJS, Javascript, HTML5/CSS/LESS/SCSS)

Cyber Security

With our expert penetration testing services, you can rest assured that your valuable assets are protected.

Design

We also offer a range of design services to give your applications and websites a professional look and feel, such a logo creation, illustration, and motion design/animation.

Phrozen Timeline
Certification

(eCMAP) Certified Malware Analysis Professional

6 days, 3 hours ago

Tiny code snippet that demonstrate how to open a new Windows Explorer window with pre-selected files.

2 weeks, 2 days ago

Tiny Python code snippet to extract ASCII / Unicode strings from any file. This is a very simplified equivalent of UNIX strings command.

Supports:

  • ASCII string extraction
  • Unicode string extraction
  • Show extracted string offset
  • Define minimum extracted string length.

2 weeks, 3 days ago

Project Update
PsyloDbg 0.3 Release

  • Introduction of an option to keep certain information when process debug stops.
  • Program title is now dynamic (display debugged process id and elevation status).
  • Introduction of worker internal thread handling system.
  • Possibility to enumerate loaded modules.
  • Possibility to support child process inspection.
  • Memory map now support child process inspection.
  • Possibility to dump and partially reconstruct a portable executable image from memory (main and loaded modules).
  • Several code improvements.

3 weeks, 2 days ago

Project Update
PsyloDbg 0.2 Release

  • Possibility to view debugged process memory map.
  • Possibility to dump debugged process memory region(s).
  • Exception handling system added (beta).
  • Logging system added.
  • UX Theme support.

1 month, 2 weeks ago

New Project
PsyloDbg

PsyloDbg is a fast-growing and user-friendly open-source Windows Debugger entirely coded in Delphi.

The main goal of this project is to offer to Malware analysts another tool to short their response time during their analysis process.

The project is still in very early stage, it is expected to grow in feature progressively.

1 month, 3 weeks ago

New Unprotect C# Code Snippet added for technique Timestomp.

This tiny code snippet demonstrate the principle of file time stomping.

Steps:

  • Enumerate files in current directory (excluding the target file).
  • Sort enumerated files by modification date.
  • Takes the most recent file and apply its File Creation Date, File Last Modification and File Last Access to our target file.

Additional information:

  • Supports relative target file.
  • If no files lives inside the current directory, then current directory (parent folder) date information are used.
  • If no files lives inside the current directory and current directory is a root path, then timestomp procedure fails.

4 months ago

New Unprotect Delphi code snippet added for technique Process Hollowing, RunPE with support of both x86-32 and x86-64 in a single code.

5 months, 2 weeks ago

New Unprotect Delphi Code Snippet added for technique Checking Mouse Activity

5 months, 3 weeks ago

New Unprotect Delphi Code Snippet added for technique DLL Injection via CreateRemoteThread and LoadLibrary with both support of x86-32 and x86-64.

5 months, 3 weeks ago

New Unprotect Delphi Code Snippet added for technique ProcEnvInjection - Remote code injection by abusing process environment strings for both x86-32 and x86-64.

5 months, 3 weeks ago

Unprotect
(C#) File Melt

New code snippet that demonstrate how Malware authors create self-deleting application. This technique rely on an external command line interpreter process that attempt to delete malware sample when sample process is terminated.

5 months, 3 weeks ago

7 months, 3 weeks ago

  • Streaming performance considerably increased. FPS rate increased by 65% and can be optimised further by tweaking available options.
  • Streaming desktop resolution is now controlled by the viewer.
  • FastResize option was removed.
  • Code optimisation.
  • Windows key is now supported.
  • Virtual Desktop window will show above terminal window.
  • Beta support of LogonUI (Winlogon Protected Desktop).

9 months ago

New Project
PowerRunAsSystem

This PowerShell Module demonstrate another efficient way to spawn a new NT AUTHORITY/SYSTEM terminal using the Microsoft Windows Task Scheduler. The spawned terminal is interactive (opened on current active Windows session).

9 months, 2 weeks ago

  • Invoke-RemoteDesktopServer error fixed during module import.

9 months, 3 weeks ago

  • Code improvement.
  • Streaming performance increased.
  • X509 Certificate password supported.

10 months ago

  • Option to prevent server computer to enter sleep mode.
  • Streaming performance increased by using dirty region detection (motion update). Only the part of Remote Desktop that changed are sent to viewer.
  • Mouse control improved.
  • Keyboard control improved.
  • Code improvement.

10 months ago

New Project
PowerRunAsAttached

This PowerShell module gives the opportunity to switch from one local Windows account to another without spawning a new terminal session. User impersonation is done from the same caller terminal.

For example, this is very useful during penetration tests or red team operations when you want to switch to another user without spawning another remote shell connection.

10 months, 2 weeks ago

New Project
Power Brute Logon

Power Brute Logon is a ported version of Win Brute Logon from Delphi to PowerShell.

Since it is written in PowerShell and mono thread, it is less efficient than the original Win Brute Logon.

10 months, 2 weeks ago

  • Application protocol redesigned to be more fast, stable and modular.
  • Session concurrency now supported. Multiple viewers can connect to the same server at the same time.
  • Possibility to shutdown server using CTRL+C
  • Streaming quality is now controlled by the viewer.
  • Desktop image size is now requested server-side.
  • Bug fix in virtual desktop alignement.
  • Timeout implement during protocol negotiations to avoid possible dead locks.
  • Virtual desktop can now be set on top of other windows.
  • Server supports SecureString for authentication password.

10 months, 2 weeks ago

  • Deprecated TransportMode option removed.
  • Streaming performance improved.
  • Code improvement, release stability is good enough to mark release as stable.

10 months, 3 weeks ago

  • Code improvement.
  • Ingress / Egress event support.
  • Bug fix for password generation algorithm.
  • Bug fix for virtual keyboard.
  • Clipboard synchronisation implemented.
  • View only option added. If used remote viewer cannot control remote server.

10 months, 3 weeks ago

  • Viewer now support SecureString to handle password.
  • Certificate fingerprint validation implemented server-side.
  • Trust a remote server temporarily or definitively (can be revoked)
  • Server-trust management system.

10 months, 4 weeks ago

  • Possibility to control desktop streaming image quality.
  • Support multiple monitors. You can choose which monitor to stream.

11 months ago

  • HDPI is completely supported for both viewer and server.

11 months ago

  • Desktop streaming is now sent in raw rather than base64 encoded thus increasing streaming performance. Base64 streaming encoding is still available as an option but marked as deprecated.
  • Application protocol revisited.
  • TLS v1.3 now optionally supported.
  • Code improvements.
  • Password complexity is enforced to avoid hosting a dangerous Remote Desktop server.
  • Console verbosity can be disabled.
  • Versions synchronisation implemented. Viewer version must fit with remote server and vis versa.

11 months ago

New Project
Power Remote Desktop

Power Remote Desktop is a fully functional Remote Desktop Application entirely coded in PowerShell.

It doesn't rely on any existing Remote Desktop Application or Protocol to function. A serious advantage of this application is its nature (PowerShell) and its ease of use and installation.

This project demonstrate why PowerShell contains the word Power. It is unfortunately often an underestimated programming language that is not only resumed to running commands or being a more fancy replacement to the old Windows command-line interpreter (cmd).

11 months ago

New Project
PowerAssembly

This PowerShell Module allows to load .NET assemblies from a remote location. The .NET assembly is transferred over HTTP then loaded and executed from memory.

1 year, 1 month ago

This PoC project demonstrate the dangerousness of InnoSetup installers. Installers should never be trusted, not only it can contain Malwares, it is also possible to entirely code a complete and functional Malware using their embedded scripting engines.

In this PoC, we explorer the InnoSetup scripting engine (derived from Pascal) to execute a shellcode generated with msfvenom

1 year, 4 months ago

New code snippet that demonstrate how Malware authors create self-deleting application. This technique rely on code injection to a remote process that is tasked to inspect for malware sample process end.

1 year, 9 months ago

This paper demonstrate how to take advantage of PostgreSQL UDF (User Defined Function) to execute shellcode on a remote server.

2 years ago

New Project
YASE Encoder

YASE (Yet Another Sub Encoder) Encoder is python project created during my OSCE (Offensive Security Certified Expert) preparation to better understand and simplify the process of sub encoding shellcode in order to escape bad character restriction.

2 years ago

New code snippet to demonstrate an alternative of famous GetProcAddress Windows API through parsing target DLL PE Header.

2 years ago

New code snippet that demonstrate how to automatically detect code caves in Microsoft Windows PE Files.

It is then possible to inject a shellcode in located code-cave (optionally encrypted) and redirect PE file entrypoint to shellcode.

This was a common technique used by old school viruses to inject other applications and self-replicate.

Available commands:

  • -f / --file : Valid PE File location (Ex: /path/to/calc.exe).
  • -p / --payload : Shellcode Payload (Example: "\x01\x02\x03…\x0a").
  • -x / --encrypt : Encrypt main section (entry point section).
  • -k / --encryption-key : Define custom encryption key (1 Byte only).
  • -c / --cave-opcodes : Define code opcode list to search for.
  • -s / --cave-min-size : Minimum size of region to be considered as code cave.
  • -e / --egg : Define a custom egg name (ESP Restore Mechanism).

2 years ago

2 years, 1 month ago

New snippet that demonstrate the use of Windows API OutputDebugStringA and OutputDebugStringW to detect the presence of debuggers.

2 years, 2 months ago