Skip to content

Instantly share code, notes, and snippets.

Michael Gillespie Demonslay335

  • Facet Technologies, Inc.
  • United States
Block or report user

Report or block Demonslay335

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@Demonslay335
Demonslay335 / dump.py
Last active Oct 28, 2019
Dumps a PE from VirtualAlloc/VirtualProtect
View dump.py
import os
import sys
import time
import winappdbg
import traceback
class MyEventHandler(winappdbg.EventHandler):
last_alloc_memory = 0
@Demonslay335
Demonslay335 / permutations_of_arrays.cs
Last active Jan 31, 2019
Generate permutations of an array of arrays
View permutations_of_arrays.cs
// Get permutations of an array of arrays
// Adapted from: https://www.geeksforgeeks.org/combinations-from-n-arrays-picking-one-element-from-each-array/
public static IEnumerable<List<T>> PermutationsOfArrays<T>(IList<List<T>> arr)
{
// Number of arrays
int n = arr.Count();
// Keep track of next element in each of the n arrays
int[] indices = new int[n];
@Demonslay335
Demonslay335 / jemd_keygen.py
Created Dec 19, 2018
Keygen for Jemd Ransomware
View jemd_keygen.py
import os, sys, argparse
# Charset used by Jemd ransomware
charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
# https://en.wikipedia.org/wiki/Linear_congruential_generator
def lcg(modulus, a, c, seed):
while True:
seed = (a * seed + c) % modulus
yield seed
@Demonslay335
Demonslay335 / calculate_rsa.cs
Last active Dec 17, 2018
Generate private RSA key from factored primes
View calculate_rsa.cs
using System;
using Org.BouncyCastle.Math;
public BigInteger CalculateRSA(BigInteger p, BigInteger q, BigInteger e)
{
// n = p*q - for illustration
BigInteger n = p.Multiply(q);
// phi / r = (p-1)*(q-1)
BigInteger phi = p.Subtract(BigInteger.One).Multiply(q.Subtract(BigInteger.One));
@Demonslay335
Demonslay335 / peplink_ipsec.py
Created Oct 17, 2018
Get status of IPsec VPN tunnels on Peplink Balance
View peplink_ipsec.py
@Demonslay335
Demonslay335 / QueryQNAPUpdate-PS2.ps1
Created Sep 20, 2018
Query a QNAP for any available updates using the API (PowerShell 2)
View QueryQNAPUpdate-PS2.ps1
# Ignore self-certs
if (-not ([System.Management.Automation.PSTypeName]'ServerCertificateValidationCallback').Type)
{
$certCallback = @"
using System;
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
public class ServerCertificateValidationCallback
{
@Demonslay335
Demonslay335 / QueryQNAPUpdate.ps1
Created Sep 20, 2018
Query a QNAP for any available updates using the API (PowerShell 5)
View QueryQNAPUpdate.ps1
# Ignore self-certs
if (-not ([System.Management.Automation.PSTypeName]'ServerCertificateValidationCallback').Type)
{
$certCallback = @"
using System;
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
public class ServerCertificateValidationCallback
{
View rapid_config.py
"""
Extract Rapid 2.0 ransomware config from encrypter or decrypter
Author: @demonslay335
"""
import os, sys, string, re, binascii, base64, argparse
# https://stackoverflow.com/a/17197027/1301139
def strings(filename, min=4, max=10000):
with open(filename, "rb") as f: # Python 2.x
View rotbuster.ps1
# Credit: https://twitter.com/Lee_Holmes/status/964576204425580544
param([string]$a)
0..25 | % { [PSCustomObject] @{
Offset = $_
Value = & {
param($v, $o) -join ($v.ToCharArray() | % {
[char](((([int][char]$_) - ([int][char]'a') + $o) % 26) + ([int][char]'a'))
})
} $a $_
@Demonslay335
Demonslay335 / globeimposter_config.py
Last active Mar 18, 2019
Extract GlobeImposter ransomware config
View globeimposter_config.py
"""
Extract GlobeImposter 2.0 Ransomware Config
Author: @demonslay335
"""
import os
import sys
import binascii
import re
import hashlib
You can’t perform that action at this time.