JoelGMSec

Joel GM's starred repositories

CVE-2024-1086

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.

Language:CMIT193500

Invoke-SessionHunter

Retrieve and display information about active user sessions on remote computers. No admin privileges required.

Language:PowerShellGPL-3.09600

NetExec

The Network Execution Tool

Language:PythonBSD-2-Clause218100

Invisi-Shell

Hide your Powershell script in plain sight. Bypass all Powershell security features

Language:C++MIT103100

DavRelayUp

DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the default settings).

Language:C#49700

nopowershell

PowerShell rebuilt in C# for Red Teaming purposes

Language:C#BSD-3-Clause88600

commando-vm

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandiant.com

Language:PowerShellApache-2.0672200

sshame

brute force SSH public-key authentication

Language:PythonMIT7200

WSPCoerce

PoC to coerce authentication from Windows hosts using MS-WSP

Language:C#21600

DarkWidow

Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing + Api resolving from TIB + API hashing

Language:CMIT46800

PetitPotato

Local privilege escalation via PetitPotam (Abusing impersonate privileges).

Language:C38800

KRBUACBypass

UAC Bypass By Abusing Kerberos Tickets

Language:C#44600

go-secdump

Tool to remotely dump secrets from the Windows registry

Language:GoMIT32100

elevationstation

elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative

Language:C++GPL-3.033200

GIUDA

Ask a TGS on behalf of another user without password

Language:Pascal45300

OSCE3-Complete-Guide

OSWE, OSEP, OSED, OSEE

237500

BlackLotus

BlackLotus UEFI Windows Bootkit

Language:C184800

TakeMyRDP

A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes, It utilizes a low-level keyboard input hook, allowing it to record keystrokes in certain contexts (like in mstsc.exe and CredentialUIBroker.exe)

Language:C++MIT37000

FullPowers

Recover the default privilege set of a LOCAL/NETWORK SERVICE account

Language:C++51900

monkey365

Monkey365 provides a tool for security consultants to easily conduct not only Microsoft 365, but also Azure subscriptions and Microsoft Entra ID security configuration reviews.

Language:PowerShellApache-2.072700

HiddenDesktop

HVNC for Cobalt Strike

Language:CMIT110900

AllForOne

AllForOne allows bug bounty hunters and security researchers to collect all Nuclei YAML templates from various public repositories,

Language:PythonMIT51900

yetAnotherObfuscator

C# obfuscator that bypass windows defender

Language:C#66200

LTESniffer

An Open-source LTE Downlink/Uplink Eavesdropper

Language:C++133200

LOLDrivers

Living Off The Land Drivers

Language:YARAApache-2.090000

evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

Language:GoBSD-3-Clause1001200

Medusa

Medusa is a cross-platform C2 agent compatible with Python 2.7 and 3.8, compatible with Mythic

Language:Python15800

pwndoc-ng

Pentest Report Generator

Language:JavaScriptMIT31200

resocks

mTLS-Encrypted Back-Connect SOCKS5 Proxy

Language:GoMIT37000

Exegol

Fully featured and community-driven hacking environment

Language:PythonGPL-3.0159200