Scanning tool for identifying local privilege escalation issues in vulnerable MSI installers
https://github.com/sec-consult/msiscan?tab=readme-ov-file

This comprehensive process injection series is crafted for cybersecurity enthusiasts, researchers, and professionals who aim to stay at the forefront of the field. It serves as a central repository of knowledge, offering in-depth exploration of various process injection techniques used by adversaries.
https://github.com/Offensive-Panda/ProcessInjectionTechniques

Proof of Concept to leverage Windows App to create an LSASS dump
https://github.com/rweijnen/createdump

LSASS memory dumper using only NTAPIs, creating a minimal minidump, built in Rust with no_std and independent of the C runtime (CRT). It supports XOR encryption and remote file transmission.
https://github.com/safedv/RustiveDump

This krbrelay version acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP.
It's 90% based on @cube0x0's KrbRelay: https://github.com/cube0x0/KrbRelay

https://github.com/decoder-it/KrbRelay-SMBServer/tree/master

This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone is created, it utilizes MINIDUMP_CALLBACK_INFORMATION callbacks to generate a memory dump of the cloned process
https://github.com/Offensive-Panda/LsassReflectDumping

CVE-2024-30090 - LPE PoC
https://github.com/Dor00tkit/CVE-2024-30090

USB Army Knife – the ultimate close access tool for penetration testers and red teamers.
https://github.com/i-am-shodan/USBArmyKnife

Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advanced techniques to dump memory, allowing to access sensitive data in LSASS memory.

https://github.com/Offensive-Panda/ShadowDumper

Complete list of LPE exploits for Windows (starting from 2023)
https://github.com/MzHmO/Exploit-Street

fortimanager rce cve-2024-47575
https://github.com/rapid7/metasploit-framework/pull/19648

TokenCert is a C# tool that will create a network token (LogonType 9) using a provided certificate via PKINIT. This way, we can have a make-token functionality using certificates instead of passwords. The tool was created after reading the excellent post "Understanding and evading Microsoft Defender for Identity PKINIT detection".
https://github.com/nettitude/TokenCert

CVE-2024-48990: Linux LPE via needrestart

PATCHED: Nov 19, 2024

PoC: https://github.com/makuga01/CVE-2024-48990-PoC

Info: https://www.qualys.com/2024/11/19/needrestart/needrestart.txt

A #Mythic Agent written in fully position independent (#PIC) C (plus a tiny bit of C++). It is based off the Stardust template created by C5pider.
https://github.com/MythicAgents/Hannibal
Articles:
• https://silentwarble.com/posts/making-monsters-1/
• https://silentwarble.com/posts/making-monsters-2/
• https://silentwarble.com/posts/making-monsters-3/

shellcode loader :
https://github.com/NtDallas/Ulfberht

https://github.com/xuanxuan0/DripLoader

ShadowHound: A SharpHound Alternative Using Native PowerShell
https://github.com/Friends-Security/ShadowHound
blog:
https://blog.fndsec.net/2024/11/25/shadowhound/

KrbRelayEx is a tool designed for performing Man-in-the-Middle (MitM) attacks by relaying Kerberos AP-REQ tickets. It listens for incoming SMB connections and forwards the AP-REQ to the target host, enabling access to SMB shares or HTTP ADCS (Active Directory Certificate Services) endpoints on behalf of the targeted identity.
https://github.com/decoder-it/KrbRelayEx

play with amsi
https://github.com/ASP4RUX/Invoke-AMSI

Test & upgrade your Linux security with:
- 31 persistence modules & 50+ techniques
- Easily revert changes post-testing
- Map to MITRE ATT&CK
- 10+ fresh additions: LD_PRELOAD, PAM backdoors, rootkits, and more!

https://github.com/Aegrah/PANIX

kapersky open-sourced GReAT’s plugin for the IDA Pro decompiler - an indispensable set of tools for analyzing malware, shellcodes, etc. Grab our secret ingredient for reverse engineering and check out the GIFs demonstrating its usage
https://github.com/KasperskyLab/hrtng

Boot Execute allows native applications—executables with the NtProcessStartup entry point and dependencies solely on ntdll.dll—to run prior to the complete initialization of the Windows operating system.
https://github.com/rad9800/BootExecuteEDR