CVE-2024-27397

https://github.com/google/security-research/blob/master/pocs/linux/kernelctf/CVE-2024-27397_mitigation/docs/exploit.md

Microsoft Configuration Manager (ConfigMgr / SCCM) 2403 Unauthenticated SQL injections (CVE-2024-43468) exploit
https://github.com/synacktiv/CVE-2024-43468

A new reverse shell called ReverseShell_2025_01.ps1 has been added to the repository. As of January 28, 2025, no antivirus vendors have flagged this file as malicious.
https://github.com/tihanyin/PSSW100AVB/blob/main/ReverseShell_2025_01.ps1

Proof of concept WMI virus. Does what it looks like it does. Virus isn't stored on the filsystem (in any way an AV would detect), but within the WMI. Contains PoC code for extracting it from the WMI- which can also be achieved at boot from within the WMI itself using powershell. So, self-extracting WMI virus that never touches the disk.
https://github.com/pulpocaminante/Stuxnet

https://github.com/RedTeamPentesting/pretender
Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS, LLMNR and NetBIOS-NS spoofing

Tired of using ts::multirdp, because Mimikatz is a nogo nowadays and get's flagged anyway most of the time? 🧐

Well, here is a standalone patching implementation with Win11 support:

Easy to port to a BOF/Coff🤠🔥
https://gist.github.com/S3cur3Th1sSh1t/8294ec59d1ef38cba661697edcfacb9b

https://x.com/ShitSecure/status/1887519686251676034

DECeption with Evaluative Integrated Validation Engine (DECEIVE): Let an LLM do all the hard honeypot work!
https://github.com/splunk/DECEIVE

Reaping treasures from strings in remote processes memory

https://github.com/boku7/StringReaper

A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell.
https://github.com/Sh3lldon/FullBypass

A PowerShell console in C/C++ with all the security features disabled
https://github.com/scrt/PowerChell

Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advanced techniques to dump memory, allowing to access sensitive data in LSASS memory.
https://github.com/Offensive-Panda/ShadowDumper

RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging
https://github.com/DarkSpaceSecurity/RunAs-Stealer

sandbox approach for malware developers and red teamers to test payloads against detection mechanisms before deployment
https://github.com/BlackSnufkin/LitterBox

KrbRelayEx-RPC is a tool similar to my KrbRelayEx designed for performing Man-in-the-Middle (MitM) attacks by relaying Kerberos AP-REQ tickets.
Listens for authenticated ISystemActivator requests and extracts the AP-REQ tickets
Extracts dynamic port bindings from EPMAPPER/OXID resolutions
Relay the AP-REQ to access SMB shares or HTTP ADCS (Active Directory Certificate Services) on behalf of the victim
Forwards the victim's requests dynamically and transparently to the real destination RPC/DCOM application so the victim is unaware that their requests are being intercepted and relayed

https://github.com/decoder-it/KrbRelayEx-RPC

CVE-2025-24071: NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File
https://cti.monster/blog/2025/03/18/CVE-2025-24071.html
https://github.com/0x6rss/CVE-2025-24071_PoC

Apache Tomcat (CVE-2025-24813)
https://github.com/iSee857/CVE-2025-24813-PoC/tree/main