JoelGMSec

Joel GM's starred repositories

CVE-2024-1086

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.

Language:CMIT209300

Invoke-SessionHunter

Retrieve and display information about active user sessions on remote computers. No admin privileges required.

Language:PowerShellGPL-3.011100

NetExec

The Network Execution Tool

Language:PythonBSD-2-Clause245500

Invisi-Shell

Hide your Powershell script in plain sight. Bypass all Powershell security features

Language:C++MIT103900

DavRelayUp

DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the default settings).

Language:C#50100

nopowershell

PowerShell rebuilt in C# for Red Teaming purposes

Language:C#BSD-3-Clause88800

commando-vm

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandiant.com

Language:PowerShellApache-2.0675400

sshame

brute force SSH public-key authentication

Language:PythonMIT7200

WSPCoerce

PoC to coerce authentication from Windows hosts using MS-WSP

Language:C#21600

DarkWidow

Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing + Api resolving from TIB + API hashing

Language:CMIT48200

PetitPotato

Local privilege escalation via PetitPotam (Abusing impersonate privileges).

Language:C39100

KRBUACBypass

UAC Bypass By Abusing Kerberos Tickets

Language:C#45000

go-secdump

Tool to remotely dump secrets from the Windows registry

Language:GoMIT34400

elevationstation

elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative

Language:C++GPL-3.033500

GIUDA

Ask a TGS on behalf of another user without password

Language:Pascal45500

OSCE3-Complete-Guide

OSWE, OSEP, OSED, OSEE

238200

BlackLotus

BlackLotus UEFI Windows Bootkit

Language:C185500

TakeMyRDP

A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes, It utilizes a low-level keyboard input hook, allowing it to record keystrokes in certain contexts (like in mstsc.exe and CredentialUIBroker.exe)

Language:C++MIT37400

FullPowers

Recover the default privilege set of a LOCAL/NETWORK SERVICE account

Language:C++52400

monkey365

Monkey365 provides a tool for security consultants to easily conduct not only Microsoft 365, but also Azure subscriptions and Microsoft Entra ID security configuration reviews.

Language:PowerShellApache-2.073200

HiddenDesktop

HVNC for Cobalt Strike

Language:CMIT112000

AllForOne

AllForOne allows bug bounty hunters and security researchers to collect all Nuclei YAML templates from various public repositories,

Language:PythonMIT52600

yetAnotherObfuscator

C# obfuscator that bypass windows defender

Language:C#67000

LTESniffer

An Open-source LTE Downlink/Uplink Eavesdropper

Language:C++134200

LOLDrivers

Living Off The Land Drivers

Language:YARAApache-2.091500

evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

Language:GoBSD-3-Clause1013000

Medusa

Medusa is a cross-platform C2 agent compatible with Python 2.7 and 3.8, compatible with Mythic

Language:Python15600

pwndoc-ng

Pentest Report Generator

Language:JavaScriptMIT31800

resocks

mTLS-Encrypted Back-Connect SOCKS5 Proxy

Language:GoMIT37500

Exegol

Fully featured and community-driven hacking environment

Language:PythonGPL-3.0161100