Instantly share code, notes, and snippets.

# Michael GillespieDemonslay335

• Sort options
Last active Oct 28, 2019
Dumps a PE from VirtualAlloc/VirtualProtect
View dump.py
 import os import sys import time import winappdbg import traceback class MyEventHandler(winappdbg.EventHandler): last_alloc_memory = 0
Last active Jan 31, 2019
Generate permutations of an array of arrays
View permutations_of_arrays.cs
 // Get permutations of an array of arrays // Adapted from: https://www.geeksforgeeks.org/combinations-from-n-arrays-picking-one-element-from-each-array/ public static IEnumerable> PermutationsOfArrays(IList> arr) { // Number of arrays int n = arr.Count(); // Keep track of next element in each of the n arrays int[] indices = new int[n];
Created Dec 19, 2018
Keygen for Jemd Ransomware
View jemd_keygen.py
 import os, sys, argparse # Charset used by Jemd ransomware charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ' # https://en.wikipedia.org/wiki/Linear_congruential_generator def lcg(modulus, a, c, seed): while True: seed = (a * seed + c) % modulus yield seed
Last active Dec 17, 2018
Generate private RSA key from factored primes
View calculate_rsa.cs
 using System; using Org.BouncyCastle.Math; public BigInteger CalculateRSA(BigInteger p, BigInteger q, BigInteger e) { // n = p*q - for illustration BigInteger n = p.Multiply(q); // phi / r = (p-1)*(q-1) BigInteger phi = p.Subtract(BigInteger.One).Multiply(q.Subtract(BigInteger.One));
Created Oct 17, 2018
Get status of IPsec VPN tunnels on Peplink Balance
Created Sep 20, 2018
Query a QNAP for any available updates using the API (PowerShell 2)
View QueryQNAPUpdate-PS2.ps1
 # Ignore self-certs if (-not ([System.Management.Automation.PSTypeName]'ServerCertificateValidationCallback').Type) { \$certCallback = @" using System; using System.Net; using System.Net.Security; using System.Security.Cryptography.X509Certificates; public class ServerCertificateValidationCallback {
Created Sep 20, 2018
Query a QNAP for any available updates using the API (PowerShell 5)
View QueryQNAPUpdate.ps1
 # Ignore self-certs if (-not ([System.Management.Automation.PSTypeName]'ServerCertificateValidationCallback').Type) { \$certCallback = @" using System; using System.Net; using System.Net.Security; using System.Security.Cryptography.X509Certificates; public class ServerCertificateValidationCallback {
Created Aug 17, 2018
View rapid_config.py
 """ Extract Rapid 2.0 ransomware config from encrypter or decrypter Author: @demonslay335 """ import os, sys, string, re, binascii, base64, argparse # https://stackoverflow.com/a/17197027/1301139 def strings(filename, min=4, max=10000): with open(filename, "rb") as f: # Python 2.x
Created Feb 16, 2018
Rot Buster
View rotbuster.ps1
 # Credit: https://twitter.com/Lee_Holmes/status/964576204425580544 param([string]\$a) 0..25 | % { [PSCustomObject] @{ Offset = \$_ Value = & { param(\$v, \$o) -join (\$v.ToCharArray() | % { [char](((([int][char]\$_) - ([int][char]'a') + \$o) % 26) + ([int][char]'a')) }) } \$a \$_
Last active Mar 18, 2019
Extract GlobeImposter ransomware config
View globeimposter_config.py
 """ Extract GlobeImposter 2.0 Ransomware Config Author: @demonslay335 """ import os import sys import binascii import re import hashlib
You can’t perform that action at this time.