Discover @G0ldenGunSec Open Source projects

@G0ldenGunSec

G0ldenGunSec

Stars
1,059
Global Rank 28,783 (Top 1.0 %)
Followers 218
Registered over 7 years ago
Most used languages

C#
40.0 %

Python
30.0 %

PowerShell
20.0 %

C
10.0 %

SharpSecDump

.Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py

SharpTransactedLoad

Load .net assemblies from memory while having them appear to be loaded from an on-disk location.

PowerPriv

A Powershell implementation of PrivExchange designed to run under the current user's context

GetWebDAVStatus

Determine if the WebClient Service (WebDAV) is running on a remote system

wmiServSessEnum

.net tool that uses WMI queries to enumerate active sessions and accounts configured to run services on remote systems

DayBird

Extension functionality for the NightHawk operator client

backdoorLnkMacroStagerObfuscated

Obfuscated Powershell Empire 2.x stager that allows for creation of a macro which uses VBA to backdoor .lnk files on the system. This is done to obtain a shell via follow-up user interaction natively through powershell, in order to evade tools that monitor process execution. Backdoors are self-cleaning on execution.

PreliminaryBackdoorLnkMacroStager

Original testing version of the backdoorLnkMacroStager - please reference backdoorLnkMacroStagerObfuscated or backdoorLnkMacroStagerCellEmbed for current versions

backdoorLnkMacroStagerCellEmbed

Powershell Empire 2.x stager that allows for creation of a macro which uses VBA to backdoor .lnk files on the system. This is done to obtain a shell via follow-up user interaction natively through powershell, in order to evade tools that monitor process execution. Data is embedded in .xls cells and called in the macro to evade detection. Backdoors are self-cleaning on execution.

Service-Executable-Permissions-Checker

StandIn

StandIn is a small .NET35/45 AD post-exploitation toolkit