Skip to content

Instantly share code, notes, and snippets.

Michael Gillespie Demonslay335

  • Facet Technologies, Inc.
  • United States
Block or report user

Report or block Demonslay335

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@Demonslay335
Demonslay335 / sporachecker.py
Last active Mar 10, 2017
Checks for files encrypted by Spora
View sporachecker.py
"""
Spora Encryption Checker
Author: @demonslay335
"""
import sys
import zlib
import struct
import os
@Demonslay335
Demonslay335 / btcware_config.py
Last active Jan 17, 2018
Extract BTCWare ransomware config
View btcware_config.py
"""
Extract BTCWare Ransomware Config
Author: @demonslay335
"""
import sys
import string
import re
import os
import argparse
@Demonslay335
Demonslay335 / globeimposter_config.py
Last active Mar 18, 2019
Extract GlobeImposter ransomware config
View globeimposter_config.py
"""
Extract GlobeImposter 2.0 Ransomware Config
Author: @demonslay335
"""
import os
import sys
import binascii
import re
import hashlib
View rotbuster.ps1
# Credit: https://twitter.com/Lee_Holmes/status/964576204425580544
param([string]$a)
0..25 | % { [PSCustomObject] @{
Offset = $_
Value = & {
param($v, $o) -join ($v.ToCharArray() | % {
[char](((([int][char]$_) - ([int][char]'a') + $o) % 26) + ([int][char]'a'))
})
} $a $_
View rapid_config.py
"""
Extract Rapid 2.0 ransomware config from encrypter or decrypter
Author: @demonslay335
"""
import os, sys, string, re, binascii, base64, argparse
# https://stackoverflow.com/a/17197027/1301139
def strings(filename, min=4, max=10000):
with open(filename, "rb") as f: # Python 2.x
@Demonslay335
Demonslay335 / QueryQNAPUpdate.ps1
Created Sep 20, 2018
Query a QNAP for any available updates using the API (PowerShell 5)
View QueryQNAPUpdate.ps1
# Ignore self-certs
if (-not ([System.Management.Automation.PSTypeName]'ServerCertificateValidationCallback').Type)
{
$certCallback = @"
using System;
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
public class ServerCertificateValidationCallback
{
@Demonslay335
Demonslay335 / QueryQNAPUpdate-PS2.ps1
Created Sep 20, 2018
Query a QNAP for any available updates using the API (PowerShell 2)
View QueryQNAPUpdate-PS2.ps1
# Ignore self-certs
if (-not ([System.Management.Automation.PSTypeName]'ServerCertificateValidationCallback').Type)
{
$certCallback = @"
using System;
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
public class ServerCertificateValidationCallback
{
@Demonslay335
Demonslay335 / peplink_ipsec.py
Created Oct 17, 2018
Get status of IPsec VPN tunnels on Peplink Balance
View peplink_ipsec.py
@Demonslay335
Demonslay335 / calculate_rsa.cs
Last active Dec 17, 2018
Generate private RSA key from factored primes
View calculate_rsa.cs
using System;
using Org.BouncyCastle.Math;
public BigInteger CalculateRSA(BigInteger p, BigInteger q, BigInteger e)
{
// n = p*q - for illustration
BigInteger n = p.Multiply(q);
// phi / r = (p-1)*(q-1)
BigInteger phi = p.Subtract(BigInteger.One).Multiply(q.Subtract(BigInteger.One));
@Demonslay335
Demonslay335 / jemd_keygen.py
Created Dec 19, 2018
Keygen for Jemd Ransomware
View jemd_keygen.py
import os, sys, argparse
# Charset used by Jemd ransomware
charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
# https://en.wikipedia.org/wiki/Linear_congruential_generator
def lcg(modulus, a, c, seed):
while True:
seed = (a * seed + c) % modulus
yield seed
You can’t perform that action at this time.