This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone is created, it utilizes MINIDUMP_CALLBACK_INFORMATION callbacks to generate a memory dump of the cloned process
https://github.com/Offensive-Panda/LsassReflectDumping

CVE-2024-30090 - LPE PoC
https://github.com/Dor00tkit/CVE-2024-30090

USB Army Knife – the ultimate close access tool for penetration testers and red teamers.
https://github.com/i-am-shodan/USBArmyKnife

Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advanced techniques to dump memory, allowing to access sensitive data in LSASS memory.

https://github.com/Offensive-Panda/ShadowDumper

Complete list of LPE exploits for Windows (starting from 2023)
https://github.com/MzHmO/Exploit-Street

fortimanager rce cve-2024-47575
https://github.com/rapid7/metasploit-framework/pull/19648

TokenCert is a C# tool that will create a network token (LogonType 9) using a provided certificate via PKINIT. This way, we can have a make-token functionality using certificates instead of passwords. The tool was created after reading the excellent post "Understanding and evading Microsoft Defender for Identity PKINIT detection".
https://github.com/nettitude/TokenCert

CVE-2024-48990: Linux LPE via needrestart

PATCHED: Nov 19, 2024

PoC: https://github.com/makuga01/CVE-2024-48990-PoC

Info: https://www.qualys.com/2024/11/19/needrestart/needrestart.txt

A #Mythic Agent written in fully position independent (#PIC) C (plus a tiny bit of C++). It is based off the Stardust template created by C5pider.
https://github.com/MythicAgents/Hannibal
Articles:
• https://silentwarble.com/posts/making-monsters-1/
• https://silentwarble.com/posts/making-monsters-2/
• https://silentwarble.com/posts/making-monsters-3/

shellcode loader :
https://github.com/NtDallas/Ulfberht

https://github.com/xuanxuan0/DripLoader

ShadowHound: A SharpHound Alternative Using Native PowerShell
https://github.com/Friends-Security/ShadowHound
blog:
https://blog.fndsec.net/2024/11/25/shadowhound/

KrbRelayEx is a tool designed for performing Man-in-the-Middle (MitM) attacks by relaying Kerberos AP-REQ tickets. It listens for incoming SMB connections and forwards the AP-REQ to the target host, enabling access to SMB shares or HTTP ADCS (Active Directory Certificate Services) endpoints on behalf of the targeted identity.
https://github.com/decoder-it/KrbRelayEx

play with amsi
https://github.com/ASP4RUX/Invoke-AMSI

Test & upgrade your Linux security with:
- 31 persistence modules & 50+ techniques
- Easily revert changes post-testing
- Map to MITRE ATT&CK
- 10+ fresh additions: LD_PRELOAD, PAM backdoors, rootkits, and more!

https://github.com/Aegrah/PANIX

kapersky open-sourced GReAT’s plugin for the IDA Pro decompiler - an indispensable set of tools for analyzing malware, shellcodes, etc. Grab our secret ingredient for reverse engineering and check out the GIFs demonstrating its usage
https://github.com/KasperskyLab/hrtng

Boot Execute allows native applications—executables with the NtProcessStartup entry point and dependencies solely on ntdll.dll—to run prior to the complete initialization of the Windows operating system.
https://github.com/rad9800/BootExecuteEDR

ActiveScan++ Burp Suite Plugin
https://github.com/albinowax/ActiveScanPlusPlus

take ovet microsoft sccm
https://github.com/subat0mik/Misconfiguration-Manager/blob/main/attack-techniques/TAKEOVER/TAKEOVER-1/takeover-1_denoscription.md

An advanced lateral movement technique to upload and execute custom payloads on remote targets.

Blog: https://www.deepinstinct.com/blog/forget-psexec-dcom-upload-execute-backdoor

https://github.com/deepinstinct/DCOMUploadExec

PendingFileRenameOperations + Junctions EDR Disable

https://github.com/rad9800/FileRenameJunctionsEDRDisable

A Rust implementation of Internal-Monologue — retrieving NetNTLM hashes without touching LSASS, leveraging SSPI for NTLM negotiation and indirect NTAPIs for core operations.
https://github.com/safedv/RustSoliloquy