I provide white-box penetration testing and code review services to a limited number of clients each year. My goal is to identify vulnerabilities and logic flaws in the source code that could lead to current or future security issues. Beyond detection, I work closely with development teams to help remediate these issues effectively.
My work in malware research focuses on dissecting and understanding the inner workings of malicious software through reverse engineering. By analyzing their behavior, functionality, and impact, I document key findings that provide valuable insights into how these threats operate.
I offer penetration testing services (Black Box, Grey Box) to identify vulnerabilities by simulating real-world attacks on your digital infrastructure. I provide tailored training sessions and strategic security guidance helping them build long-term cybersecurity capabilities and make informed decisions.
I am actively involved in open-source projects related to InfoSec, with a particular focus on malware research. By contributing to and collaborating within the community, I help develop tools and techniques that enhance our understanding and defense against malicious software and evolving cyber threats.
These are professional services offered to a limited number of clients per year. Services not marked with this icon represent self-financed initiatives, completely free, ad-free, and developed independently on my free time. Feel free to contact me for further details or specific inquiries.
This module runs a process as another user using known credentials, attaching input/output to the caller's console. It also functions as a standalone script.
More
PowerRunAsSystem is a PowerShell script that runs commands or interactive processes as SYSTEM using native Windows features, without third-party tools like PsExec.
More
A faithful remake of the infamous SubSeven Remote Access Tool, version 2.2, originally released in the early 2000s.
More
This C# demo enables interactive shell access to a remote system via SMB named pipes, with optional AES GCM encryption. Intended for educational use, not production deployment.
More
Secure remote desktop application for Microsoft Windows entirely written in PowerShell for the server and a cross-platform client.
More
Open-Source Application for Comprehensive Search and Exploration of Windows DLL Exported Functions for Malware Research and Analysis.
More
Comprehensive C# Project to Understand the Concept of Malware Command and Control (C2) Using FTP as a Communication Channel.
More
Complete and Optimized Remote Desktop Application Entirely Coded in PowerShell (Multi-Screen, Keyboard Sync, Mouse Sync, Clipboard Sync, and More)
More
Malware Museum: Showcasing the Most Impactful Malware from the 1990s to the Early 2000s. Get Ready to Journey Back to the Golden Age of Malware.
More
Comprehensive Search Engine for Malware Evasion Techniques (Documentation, Code Snippets, YARA Rules, and More)
More
I recently had the pleasure of being interviewed by SafetyDetectives about Malware Gallery, a project dedicated to preserving the history and technical artistry of old-school malware (mostely Remote Access Trojans).
Read
This first special issue of A Malware Retrospective recall a tool that shaped an entire generation during the MSN Messenger era. Known as IceCold, this infamous software was what we referred to as an "account freezer", a tool designed to block a target user’s access to services like chat applications or online games.
Read
A new article has been published on Medium that delves into what Arcane is, providing a detailed explanation of how it works and why it stands out from typical remote desktop applications. The article not only covers the installation process but also provides a comprehensive guide on how to use Arcane. It walks you through both the automated, recommended installation method as well as the manual method, which includes instructions on how to build your own version and install it.
Read
In this second article, we demonstrates how malware authors exploit Microsoft Windows application resources as malicious vectors to either store their dynamic configuration or additional payloads. The focus is on the Windows API, but it also details some aspects of the PE (Portable Executable) header, allowing for manual inspection and manipulation of resources.
Read
In this new series of articles, we're looking at how malware authors deal with spreading their work, especially when they keep the source code secret. Malware configuration is key because it lets its malicious users to change settings to suit their needs. The first article will focus on a method called EOF, also known as PE Overlay, to show how it's used to store and read malware configuration.
Read
In this latest article of our "Malware Retrospective" series, we shift our lens to PrjRAPTOR, a lesser-known Remote Access Trojan that made its mark around 2008-2009, closing out the golden era of Trojan development before the focus shifted to profit-driven cybercrime. Our exclusive interview with its creator, "Ryan," provides invaluable insights into the Trojan's unique interface, development, and impact on the scene.
Read
We delve back into the depths of cybersecurity history. Following our thorough examination of Beast RAT, the early 2000s' formidable malware, we now turn our focus to another significant entity of that period, SubSeven. Conceived by the mysterious figure, Mobman, this Remote Access Trojan, also known as Sub7, remains an iconic marker in the evolution of digital threats. Join us as we explore its intriguing chronicles, offering both a retrospective glance and vital lessons for today's cybersecurity landscape.
Read
In this inaugural instalment of the Malware Retrospective series, we take a trip down memory lane to revisit the Beast RAT, a notorious Windows RAT (Remote Access Trojan) developed by the elusive “Tataye.” This groundbreaking malware left an indelible mark on a whole generation of enthusiasts, including myself, who were captivated by its ingenuity and influence the whole scene back in it’s time.
Read
Search for Registry Keys / Values
|
Malware Gallery | Delphi | June 12, 2025 |
|
Dump Process Memory via MiniDumpWriteDump
|
Malware Gallery | Delphi | June 11, 2025 |
|
Dump Process Memory via ReadProcessMemory
|
Malware Gallery | Delphi | June 9, 2025 |
|
Enumerate Local Process Modules via PEB
|
Malware Gallery | Delphi | June 2, 2025 |
|
Enumerate Remote Process Modules via PEB
|
Malware Gallery | Delphi | June 2, 2025 |
|
Enumerate Process Modules via CreateToolhelp32Snapshot
|
Malware Gallery | Delphi | May 27, 2025 |
|
Search for Files via FindFirstFile / FindNextFile
|
Malware Gallery | Delphi | May 23, 2025 |
|
Enumerate Files via FindFirstFile / FindNextFile
|
Malware Gallery | Delphi | May 23, 2025 |
|
Enumerate Remote Shares via WNetEnumResource
|
Malware Gallery | Delphi | May 13, 2025 |
|
Enumerate Local Shares via NetShareEnum
|
Malware Gallery | Delphi | May 9, 2025 |
whoami
With over 20 years of experience in Information Technology, I am a seasoned Security Researcher, Penetration Tester and Malware Researcher/Reverse Engineer. My expertise extends to development, proficient in languages such as C#, Python, Go, Delphi, and ASM x86. In 2014, I founded PHROZEN, a venture dedicated to creating innovative cybersecurity solutions. My commitment lies in safeguarding our digital future, continuously advancing in knowledge and developing cutting-edge security measures.
France / Maisons Laffitte (78600)
jplesueur@phrozen.io
-----BEGIN PGP PUBLIC KEY BLOCK----- xjMEZQDTERYJKwYBBAHaRw8BAQdAUICkUuZmCktHcxi1tfHGQTTT/TrJCOqA jymKVkrN6q/NK2pwbGVzdWV1ckBwaHJvemVuLmlvIDxqcGxlc3VldXJAcGhy b3plbi5pbz7CjAQQFgoAPgWCZQDTEQQLCQcICZAqv1dYE4gcUwMVCAoEFgAC AQIZAQKbAwIeARYhBHEqqY9tzg5HN9EB+yq/V1gTiBxTAACuFQD/UllBJFEY CqE4+W/aR/vX+TLJmvNcmfTCcLE4DLNihDsA/2rms3XBBySjSmGTBizIvAYu aB8fEEjtjUNGU6VOGL4IzjgEZQDTERIKKwYBBAGXVQEFAQEHQIn/iNRs3IO1 Eh/8FG6+1FV/nEywsK28hDgXwOzDQIJxAwEIB8J4BBgWCAAqBYJlANMRCZAq v1dYE4gcUwKbDBYhBHEqqY9tzg5HN9EB+yq/V1gTiBxTAAD7sAD/fkYNudvg fEiBdAPaKVXCzTQP2tT8uBAGVLPjzAmXzHEBAKlQ5auOh+8tyfeK73RfCbW7 zRt12rJmulmCvpFscq8G =3Qtg -----END PGP PUBLIC KEY BLOCK-----Download Public Key
eCMAP - Certified Malware Analysis Professional
SLAE32 - SecurityTube Linux Assembly Expert 32
C|EH - Certified Ethical Hacker
Embarcadero Certified Delphi Developer