I hereby claim:
- I am evilsocket on github.
- I am evilsocket (https://keybase.io/evilsocket) on keybase.
- I have a public key ASDQOex7WfTVV8cumbapyzHyv-NXXay_D0-RfJwOH8xKrQo
To claim this, I am signing this object:
Simone Margaritelli evilsocket
evilsocket
/ read_apple_note.py
Last active
October 19, 2022 18:35
Read Apple Notes content in python via quick&dirty AppleScript
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def get_apple_note_contents(account = 'iCloud', folder = 'Notes', note = 'Routine', strip_tags = True, as_lines = True): | |
| import subprocess | |
| import os | |
| import tempfile | |
| import re | |
| script = """ | |
| tell application "Notes" | |
| tell account "%s" | |
| tell folder "%s" |
evilsocket
/ spam_yuanopen.go
Last active
March 21, 2021 13:56
registers random users to a spam&scam network that's targeting EU
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "encoding/json" | |
| "fmt" | |
| "io/ioutil" | |
| "math/rand" | |
| "net/http" | |
| "net/url" | |
| "strings" |
evilsocket
/ keybase.md
Created
November 14, 2019 21:29
evilsocket
/ keybase.md
Created
November 30, 2017 11:19
I hereby claim:
- I am evilsocket on github.
- I am evilsocket (https://keybase.io/evilsocket) on keybase.
- I have a public key whose fingerprint is 7F1A D5FA 2A51 87DF DD53 DDA9 1564 D7F3 0393 A456
To claim this, I am signing this object:
evilsocket
/ magniber_decryptor.cpp
Created
October 19, 2017 14:09
Decryptor for Magniber ransomware ( https://blog.malwarebytes.com/threat-analysis/2017/10/magniber-ransomware-exclusively-for-south-koreans/ )
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * This tool will decrypt files encrypted by the Magniber ransomware with | |
| * AES128 ( CBC mode ) algorithm. | |
| * | |
| * RE and report by MalwareBytes ( @hasherezade ) | |
| * | |
| * https://blog.malwarebytes.com/threat-analysis/2017/10/magniber-ransomware-exclusively-for-south-koreans/ | |
| * | |
| * Decryptor written by Simone 'evilsocket' Margaritelli | |
| * |
evilsocket
/ gist:735587fbb1075af6394f9b634d224459
Created
May 4, 2017 12:58
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Verifying that "evilsocket.id" is my Blockstack ID. https://onename.com/evilsocket |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class Example < BetterCap::Proxy::UDP::Module | |
| meta( | |
| 'Name' => 'Example', | |
| 'Description' => 'Example UDP proxy module.', | |
| 'Version' => '1.0.0', | |
| 'Author' => "Simone 'evilsocket' Margaritelli", | |
| 'License' => 'GPL3' | |
| ) | |
| # Received when the victim is sending data to the upstream server. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Empty lines or lines starting with # will be ignored. | |
| # redirect *.google.com to the attacker ip address | |
| local .*google\.com | |
| # redirect *.microsoft.com to 10.10.10.10 | |
| 10.10.10.10 .*microsoft\.com |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class Example < BetterCap::Proxy::TCP::Module | |
| meta( | |
| 'Name' => 'Example', | |
| 'Description' => 'Example TCP proxy module.', | |
| 'Version' => '1.0.0', | |
| 'Author' => "Simone 'evilsocket' Margaritelli", | |
| 'License' => 'GPL3' | |
| ) | |
| # Received when the victim is sending data to the upstream server. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class HackTitle < BetterCap::Proxy::HTTP::Module | |
| meta( | |
| 'Name' => 'HackTitle', | |
| 'Description' => 'Adds a "!!! HACKED !!!" string to every webpage title.', | |
| 'Version' => '1.0.0', | |
| 'Author' => "Simone 'evilsocket' Margaritelli", | |
| 'License' => 'GPL3' | |
| ) | |
| # called before the request is performed |