Pinned Repositories
Active-Directory-Kill-Chain-Attack-Defense
Here we are elaborating the tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention. And understand Active Directory Kill Chain Attack and Modern Post Exploitation Adversary Tradecraft Activity.
airixss
Finding XSS during recon
burp-bounty-profiles
Burp Bounty profiles compilation, feel free to contribute!
HandleKatz
PIC lsass dumper using cloned handles
magisk-frida
You are probably looking for: https://github.com/ViRb3/magisk-frida
Pentest-Tools
REW-sploit
Emulate and Dissect MSF and *other* attacks
Scrummage
The Ultimate OSINT and Threat Hunting Framework
joel-correa's Repositories
joel-correa/magisk-frida
You are probably looking for: https://github.com/ViRb3/magisk-frida
joel-correa/burp-bounty-profiles
Burp Bounty profiles compilation, feel free to contribute!
joel-correa/HandleKatz
PIC lsass dumper using cloned handles
joel-correa/REW-sploit
Emulate and Dissect MSF and *other* attacks
joel-correa/Active-Directory-Kill-Chain-Attack-Defense
Here we are elaborating the tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention. And understand Active Directory Kill Chain Attack and Modern Post Exploitation Adversary Tradecraft Activity.
joel-correa/awesome-arm-exploitation
A collection of awesome videos, articles, books and resources about ARM exploitation.
joel-correa/Awesome-Bugbounty-Writeups
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
joel-correa/Awesome-Cloud-PenTest
joel-correa/Beaconator
A beacon generator using Cobalt Strike and a variety of tools.
joel-correa/CyberRange
The Open-Source AWS Cyber Range
joel-correa/electerm
📻Terminal/ssh/sftp client(linux, mac, win)
joel-correa/Galaxy-Bugbounty-Checklist
Tips and Tutorials for Bug Bounty and also Penetration Tests.
joel-correa/GitTools
A repository with 3 tools for pwn'ing websites with .git repositories available
joel-correa/Invoke-SharpLoader
joel-correa/ios_15_rce
Remote Code Execution V1 For iOS 15 sent through airdrop after the device was connected to a trusted host
joel-correa/KingOfBugBountyTips
Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Onelinetips and explain the commands, for the better understanding of new hunters..
joel-correa/kubesploit
Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.
joel-correa/luda
Malicious actors often reuse code to deploy their malware, phishing website or CNC server. As a result, similiaries can be found on URLs path by inspecting internet traffic. Moreover, deep learning models or even regular ML model do not fit for inline deployment in terms of running performance. However, regexes ( or YARA rules ) can be deployed on a proxy and work in real time on all the traffic. LUDA can take a set of malicious and benign URLs and return a list of regexes ready to be deployed inline !
joel-correa/Magic-CheckList-for-Web-Applications
Web Security Checklist (Bug Bounty & Pentesting)
joel-correa/objection
📱 objection - runtime mobile exploration
joel-correa/Penetration-Testing-Tools
A collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.
joel-correa/PowerSharpPack
joel-correa/privilege-escalation-awesome-scripts-suite
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
joel-correa/PSSW100AVB
A list of useful Powershell scripts with 100% AV bypass (At the time of publication).
joel-correa/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
joel-correa/SharpImpersonation
A User Impersonation tool - via Token or Shellcode injection
joel-correa/SharpNamedPipePTH
Pass the Hash to a named pipe for token Impersonation
joel-correa/sleep_python_bridge
This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client. NOTE: This project is very much in BETA. The goal is to provide a playground for testing and is in no way an officially support feature. Perhaps this could be something added in the future to the core product.
joel-correa/sql-injection-payload-list
🎯 SQL Injection Payload List
joel-correa/tomcatWarDeployer
Apache Tomcat auto WAR deployment & pwning penetration testing tool.