Proof of concept WMI virus. Does what it looks like it does. Virus isn't stored on the filsystem (in any way an AV would detect), but within the WMI. Contains PoC code for extracting it from the WMI- which can also be achieved at boot from within the WMI itself using powershell. So, self-extracting WMI virus that never touches the disk.
https://github.com/pulpocaminante/Stuxnet

https://github.com/RedTeamPentesting/pretender
Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS, LLMNR and NetBIOS-NS spoofing

Tired of using ts::multirdp, because Mimikatz is a nogo nowadays and get's flagged anyway most of the time? 🧐

Well, here is a standalone patching implementation with Win11 support:

Easy to port to a BOF/Coff🤠🔥
https://gist.github.com/S3cur3Th1sSh1t/8294ec59d1ef38cba661697edcfacb9b

https://x.com/ShitSecure/status/1887519686251676034

DECeption with Evaluative Integrated Validation Engine (DECEIVE): Let an LLM do all the hard honeypot work!
https://github.com/splunk/DECEIVE

Reaping treasures from strings in remote processes memory

https://github.com/boku7/StringReaper

A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell.
https://github.com/Sh3lldon/FullBypass

A PowerShell console in C/C++ with all the security features disabled
https://github.com/scrt/PowerChell

Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advanced techniques to dump memory, allowing to access sensitive data in LSASS memory.
https://github.com/Offensive-Panda/ShadowDumper

RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging
https://github.com/DarkSpaceSecurity/RunAs-Stealer

sandbox approach for malware developers and red teamers to test payloads against detection mechanisms before deployment
https://github.com/BlackSnufkin/LitterBox

KrbRelayEx-RPC is a tool similar to my KrbRelayEx designed for performing Man-in-the-Middle (MitM) attacks by relaying Kerberos AP-REQ tickets.
Listens for authenticated ISystemActivator requests and extracts the AP-REQ tickets
Extracts dynamic port bindings from EPMAPPER/OXID resolutions
Relay the AP-REQ to access SMB shares or HTTP ADCS (Active Directory Certificate Services) on behalf of the victim
Forwards the victim's requests dynamically and transparently to the real destination RPC/DCOM application so the victim is unaware that their requests are being intercepted and relayed

https://github.com/decoder-it/KrbRelayEx-RPC

CVE-2025-24071: NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File
https://cti.monster/blog/2025/03/18/CVE-2025-24071.html
https://github.com/0x6rss/CVE-2025-24071_PoC

Apache Tomcat (CVE-2025-24813)
https://github.com/iSee857/CVE-2025-24813-PoC/tree/main

UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It automates the collection of artifacts from a wide range of Unix-like systems, including AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris.
https://github.com/tclahr/uac

another poc lnk generator
https://gist.github.com/nafiez/1236cc4c808a489e60e2927e0407c8d1

Experience the next level of tunneling with the new Ligolo-ng GUI version, designed to make your operations more seamless and efficient:

✅ Automatic TUN Management – Streamline tunnel setup without manual configuration.
✅ Unlimited Concurrent Relays – Handle multiple relays simultaneously without limitations.
✅ SOCKS and HTTP Proxy Support – Flexible proxying options to adapt to various network conditions.
✅ Loopback Routing to Target Machine – Directly route to the target's loopback without needing port forwarding.
✅ Independent Listeners as Redirectors – Create separate, adaptable listeners for greater control.
✅ Dynamic mTLS-Enabled Agent Generation – Generate obfuscated agent binaries on the fly with mTLS support.
✅ Simplified Certificate Management – Easy-to-manage certificates for secure communication.
✅ Intuitive Terminal-Based GUI – Clean and user-friendly interface for better command and control.
https://github.com/ttpreport/ligolo-mp

ghidraMCP is an Model Context Protocol server for allowing LLMs to autonomously reverse engineer applications. It exposes numerous tools from core Ghidra functionality to MCP clients.
https://github.com/LaurieWired/GhidraMCP

IDA Pro MCP
https://github.com/mrexodia/ida-pro-mcp
sample crackme:
https://github.com/NoraCodes/crackmes