Exploit Development: No Code Execution? No Problem! Living The Age of VBS, HVCI, and Kernel CFG

https://connormcgarr.github.io/hvci/

Java deserialization tricks

https://www.synacktiv.com/publications/java-deserialization-tricks

Grok open release
https://github.com/xai-org/grok-1

UAC Bypass
https://medium.com/tenable-techblog/uac-bypass-by-mocking-trusted-directories-24a96675f6e

Windows Kernel Pool (clfs.sys) Corruption Privilege Escalation. (CVE-2023-36424)

https://github.com/Nassim-Asrir/CVE-2023-36424

VM Escape Exploit for Parallels Desktop Hypervisor (Pwn2Own 2021) source code + video walkthrough

https://zerodayengineering.com/research/pwn2own-2021-vm-escape.html

A virtual machine escape exploit will typically require kernel privileges in the guest OS. In this exploit it off-loading the reverse-engineered toolgate protocol implementation to a Python module, while keeping low-level kernel code minimal, just enough to implement the attack interface - a nod to the principle of least privilege in systematic software engineering, which is missed a lot in non-trivial exploit development.
ⓒ Alisa Shevchenko

Attacking AWS
https://rezaduty-1685945445294.hashnode.dev/attacking-aws

Tycoon 2FA: an in-depth analysis of the latest version of the AiTM phishing kit
https://blog.sekoia.io/tycoon-2fa-an-in-depth-analysis-of-the-latest-version-of-the-aitm-phishing-kit/

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.
https://github.com/notselwyn/cve-2024-1086

A Practical Tutorial on PCIe for Total Beginners on Windows
https://ctf.re/windows/kernel/pcie/tutorial/2023/02/14/pcie-part-1/

PCIe Part 2 - All About Memory: MMIO, DMA, TLPs, and more!
https://ctf.re/kernel/pcie/tutorial/dma/mmio/tlp/2024/03/26/pcie-part-2/

CVE-2024-2432 Palo_Alto GlobalProtect EoP

https://github.com/Hagrid29/CVE-2024-2432-PaloAlto-GlobalProtect-EoP

GitHub - berylliumsec/neutron: AI Powered Terminal Based Ethical Hacking Assistant

https://github.com/berylliumsec/neutron

Everything I Know About the Xz Backdoor
https://boehs.org/node/everything-i-know-about-the-xz-backdoor

LPE exploit for CVE-2024-0582

https://github.com/ysanatomic/io_uring_LPE-CVE-2024-0582

LPE works on most Linux kernels from 5.14 to v6.6

https://github.com/Notselwyn/CVE-2024-1086

Pre-Pentest Checklist Part 1: Essential Questions to Answer Before Your Next Pentest

https://www.hackerone.com/penetration-testing/pre-pentest-checklist-part1

ExploitGSM
Exploit for 6.4 - 6.5 kernels and another exploit for 5.15 - 6.5
https://github.com/YuriiCrimson/ExploitGSM

APK downloader from few sources
https://github.com/kiber-io/apkd

CVE-2024-21338: Windows Admin-to-Kernel LPE

Windows 10 & 11

PoC: https://github.com/hakaioffsec/CVE-2024-21338

Blog: https://hakaisecurity.io/cve-2024-21338-from-admin-to-kernel-through-token-manipulation-and-windows-kernel-exploitation/research-blog/

LSA Whisperer is a set of tools for interacting with authentication packages using their individual message protocols. Support is currently provided for the cloudap, kerberos, msv1_0, negotiate, pku2u, and schannel packages and cloudap's AzureAD plugin.
https://github.com/EvanMcBroom/lsa-whisperer

Windows Admin to Kernel (KSecDD driver)

https://github.com/floesen/KExecDD