Home - Phrozen

Contact

Code Review

I provide white-box penetration testing and code review services to a limited number of clients each year. My goal is to identify vulnerabilities and logic flaws in the source code that could lead to current or future security issues. Beyond detection, I work closely with development teams to help remediate these issues effectively.

Malware Research

My work in malware research focuses on dissecting and understanding the inner workings of malicious software through reverse engineering. By analyzing their behavior, functionality, and impact, I document key findings that provide valuable insights into how these threats operate.

Penetration Testing

I offer penetration testing services (Black Box, Grey Box) to identify vulnerabilities by simulating real-world attacks on your digital infrastructure. I provide tailored training sessions and strategic security guidance helping them build long-term cybersecurity capabilities and make informed decisions.

Open-Source

I am actively involved in open-source projects related to InfoSec, with a particular focus on malware research. By contributing to and collaborating within the community, I help develop tools and techniques that enhance our understanding and defense against malicious software and evolving cyber threats.

These are professional services offered to a limited number of clients per year. Services not marked with this icon represent self-financed initiatives, completely free, ad-free, and developed independently on my free time. Feel free to contact me for further details or specific inquiries.

Projects

Power Remote Desktop

Complete and Optimized Remote Desktop Application Entirely Coded in PowerShell (Multi-Screen, Keyboard Sync, Mouse Sync, Clipboard Sync, and More)

Comprehensive C# Project to Understand the Concept of Malware Command and Control (C2) Using FTP as a Communication Channel.

This C# demo enables interactive shell access to a remote system via SMB named pipes, with optional AES GCM encryption. Intended for educational use, not production deployment.

PowerRunAsSystem is a PowerShell script that runs commands or interactive processes as SYSTEM using native Windows features, without third-party tools like PsExec.

A faithful remake of the infamous SubSeven Remote Access Tool, version 2.2, originally released in the early 2000s.

This module runs a process as another user using known credentials, attaching input/output to the caller's console. It also functions as a standalone script.

Open-Source Application for Comprehensive Search and Exploration of Windows DLL Exported Functions for Malware Research and Analysis.

Comprehensive Search Engine for Malware Evasion Techniques (Documentation, Code Snippets, YARA Rules, and More)

Malware Museum: Showcasing the Most Impactful Malware from the 1990s to the Early 2000s. Get Ready to Journey Back to the Golden Age of Malware.

Secure remote desktop application for Microsoft Windows entirely written in PowerShell for the server and a cross-platform client.

Interview With Jean-Pierre LESUEUR - Founder of Malware Gallery

I recently had the pleasure of being interviewed by SafetyDetectives about Malware Gallery, a project dedicated to preserving the history and technical artistry of old-school malware (mostely Remote Access Trojans).

Read

A Malware Retrospective: IceCold and the Era of MSN Hack Tools

This first special issue of A Malware Retrospective recall a tool that shaped an entire generation during the MSN Messenger era. Known as IceCold, this infamous software was what we referred to as an "account freezer", a tool designed to block a target user’s access to services like chat applications or online games.

Read

Arcane — The PowerShell Remote Desktop

A new article has been published on Medium that delves into what Arcane is, providing a detailed explanation of how it works and why it stands out from typical remote desktop applications. The article not only covers the installation process but also provides a comprehensive guide on how to use Arcane. It walks you through both the automated, recommended installation method as well as the manual method, which includes instructions on how to build your own version and install it.

Read

Understanding Malware Patching: Resources

In this second article, we demonstrates how malware authors exploit Microsoft Windows application resources as malicious vectors to either store their dynamic configuration or additional payloads. The focus is on the Windows API, but it also details some aspects of the PE (Portable Executable) header, allowing for manual inspection and manipulation of resources.

Read

Understanding Malware Patching: EOF (End Of File)

In this new series of articles, we're looking at how malware authors deal with spreading their work, especially when they keep the source code secret. Malware configuration is key because it lets its malicious users to change settings to suit their needs. The first article will focus on a method called EOF, also known as PE Overlay, to show how it's used to store and read malware configuration.

Read

A Malware retrospective: PrjRAPTOR

In this latest article of our "Malware Retrospective" series, we shift our lens to PrjRAPTOR, a lesser-known Remote Access Trojan that made its mark around 2008-2009, closing out the golden era of Trojan development before the focus shifted to profit-driven cybercrime. Our exclusive interview with its creator, "Ryan," provides invaluable insights into the Trojan's unique interface, development, and impact on the scene.

Read

A Malware retrospective: SubSeven

We delve back into the depths of cybersecurity history. Following our thorough examination of Beast RAT, the early 2000s' formidable malware, we now turn our focus to another significant entity of that period, SubSeven. Conceived by the mysterious figure, Mobman, this Remote Access Trojan, also known as Sub7, remains an iconic marker in the evolution of digital threats. Join us as we explore its intriguing chronicles, offering both a retrospective glance and vital lessons for today's cybersecurity landscape.

Read

A Malware retrospective: The Beast RAT

In this inaugural instalment of the Malware Retrospective series, we take a trip down memory lane to revisit the Beast RAT, a notorious Windows RAT (Remote Access Trojan) developed by the elusive “Tataye.” This groundbreaking malware left an indelible mark on a whole generation of enthusiasts, including myself, who were captivated by its ingenuity and influence the whole scene back in it’s time.

Read

Code Snippets

Malware Gallery

Unprotect Project

Search for Registry Keys / Values	Malware Gallery	Delphi	June 12, 2025
Dump Process Memory via MiniDumpWriteDump	Malware Gallery	Delphi	June 11, 2025
Dump Process Memory via ReadProcessMemory	Malware Gallery	Delphi	June 9, 2025
Enumerate Local Process Modules via PEB	Malware Gallery	Delphi	June 2, 2025
Enumerate Remote Process Modules via PEB	Malware Gallery	Delphi	June 2, 2025
Enumerate Process Modules via CreateToolhelp32Snapshot	Malware Gallery	Delphi	May 27, 2025
Search for Files via FindFirstFile / FindNextFile	Malware Gallery	Delphi	May 23, 2025
Enumerate Files via FindFirstFile / FindNextFile	Malware Gallery	Delphi	May 23, 2025
Enumerate Remote Shares via WNetEnumResource	Malware Gallery	Delphi	May 13, 2025
Enumerate Local Shares via NetShareEnum	Malware Gallery	Delphi	May 9, 2025

View All

`whoami`

Jean-Pierre LESUEUR

Founder
Developer
Security and Malware Researcher

With over 20 years of experience in Information Technology, I am a seasoned Security Researcher, Penetration Tester and Malware Researcher/Reverse Engineer. My expertise extends to development, proficient in languages such as C#, Python, Go, Delphi, and ASM x86. In 2014, I founded PHROZEN, a venture dedicated to creating innovative cybersecurity solutions. My commitment lies in safeguarding our digital future, continuously advancing in knowledge and developing cutting-edge security measures.

France / Maisons Laffitte (78600)
jplesueur@phrozen.io

Download Public Key