Process injection alternative
https://github.com/CICADA8-Research/IHxExec
https://cicada-8.medium.com/process-injection-is-dead-long-live-ihxhelppaneserver-af8f20431b5d

EDR TELEMETRY BLOCKING VIA PERSON-IN-THE-MIDDLE ATTACKS
https://tierzerosecurity.co.nz/2024/07/23/edr-telemetry-blocker.html

Leak of any user's NetNTLM hash
https://github.com/MzHmO/LeakedWallpaper

The tool that bypasses the firewall's Application Based Rules and lets you connect to anywhere, ANY IP, ANY PORT and ANY APPLICATION.
https://github.com/keywa7/keywa7

A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities
https://github.com/SafeBreach-Labs/WindowsDowndate

Scanning tool for identifying local privilege escalation issues in vulnerable MSI installers
https://github.com/sec-consult/msiscan?tab=readme-ov-file

This comprehensive process injection series is crafted for cybersecurity enthusiasts, researchers, and professionals who aim to stay at the forefront of the field. It serves as a central repository of knowledge, offering in-depth exploration of various process injection techniques used by adversaries.
https://github.com/Offensive-Panda/ProcessInjectionTechniques

Proof of Concept to leverage Windows App to create an LSASS dump
https://github.com/rweijnen/createdump

LSASS memory dumper using only NTAPIs, creating a minimal minidump, built in Rust with no_std and independent of the C runtime (CRT). It supports XOR encryption and remote file transmission.
https://github.com/safedv/RustiveDump

This krbrelay version acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP.
It's 90% based on @cube0x0's KrbRelay: https://github.com/cube0x0/KrbRelay

https://github.com/decoder-it/KrbRelay-SMBServer/tree/master

This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone is created, it utilizes MINIDUMP_CALLBACK_INFORMATION callbacks to generate a memory dump of the cloned process
https://github.com/Offensive-Panda/LsassReflectDumping

CVE-2024-30090 - LPE PoC
https://github.com/Dor00tkit/CVE-2024-30090

USB Army Knife – the ultimate close access tool for penetration testers and red teamers.
https://github.com/i-am-shodan/USBArmyKnife

Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advanced techniques to dump memory, allowing to access sensitive data in LSASS memory.

https://github.com/Offensive-Panda/ShadowDumper

Complete list of LPE exploits for Windows (starting from 2023)
https://github.com/MzHmO/Exploit-Street

fortimanager rce cve-2024-47575
https://github.com/rapid7/metasploit-framework/pull/19648

TokenCert is a C# tool that will create a network token (LogonType 9) using a provided certificate via PKINIT. This way, we can have a make-token functionality using certificates instead of passwords. The tool was created after reading the excellent post "Understanding and evading Microsoft Defender for Identity PKINIT detection".
https://github.com/nettitude/TokenCert