Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advanced techniques to dump memory, allowing to access sensitive data in LSASS memory.
https://github.com/Offensive-Panda/ShadowDumper

RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging
https://github.com/DarkSpaceSecurity/RunAs-Stealer

sandbox approach for malware developers and red teamers to test payloads against detection mechanisms before deployment
https://github.com/BlackSnufkin/LitterBox

KrbRelayEx-RPC is a tool similar to my KrbRelayEx designed for performing Man-in-the-Middle (MitM) attacks by relaying Kerberos AP-REQ tickets.
Listens for authenticated ISystemActivator requests and extracts the AP-REQ tickets
Extracts dynamic port bindings from EPMAPPER/OXID resolutions
Relay the AP-REQ to access SMB shares or HTTP ADCS (Active Directory Certificate Services) on behalf of the victim
Forwards the victim's requests dynamically and transparently to the real destination RPC/DCOM application so the victim is unaware that their requests are being intercepted and relayed

https://github.com/decoder-it/KrbRelayEx-RPC

CVE-2025-24071: NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File
https://cti.monster/blog/2025/03/18/CVE-2025-24071.html
https://github.com/0x6rss/CVE-2025-24071_PoC

Apache Tomcat (CVE-2025-24813)
https://github.com/iSee857/CVE-2025-24813-PoC/tree/main

UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It automates the collection of artifacts from a wide range of Unix-like systems, including AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris.
https://github.com/tclahr/uac

another poc lnk generator
https://gist.github.com/nafiez/1236cc4c808a489e60e2927e0407c8d1

Experience the next level of tunneling with the new Ligolo-ng GUI version, designed to make your operations more seamless and efficient:

✅ Automatic TUN Management – Streamline tunnel setup without manual configuration.
✅ Unlimited Concurrent Relays – Handle multiple relays simultaneously without limitations.
✅ SOCKS and HTTP Proxy Support – Flexible proxying options to adapt to various network conditions.
✅ Loopback Routing to Target Machine – Directly route to the target's loopback without needing port forwarding.
✅ Independent Listeners as Redirectors – Create separate, adaptable listeners for greater control.
✅ Dynamic mTLS-Enabled Agent Generation – Generate obfuscated agent binaries on the fly with mTLS support.
✅ Simplified Certificate Management – Easy-to-manage certificates for secure communication.
✅ Intuitive Terminal-Based GUI – Clean and user-friendly interface for better command and control.
https://github.com/ttpreport/ligolo-mp

ghidraMCP is an Model Context Protocol server for allowing LLMs to autonomously reverse engineer applications. It exposes numerous tools from core Ghidra functionality to MCP clients.
https://github.com/LaurieWired/GhidraMCP

IDA Pro MCP
https://github.com/mrexodia/ida-pro-mcp
sample crackme:
https://github.com/NoraCodes/crackmes

IngressNightmare-POCs
https://github.com/sandumjacob/IngressNightmare-POCs

Burpsuite MCP
https://portswigger.net/bappstore/9952290f04ed4f628e624d0aa9dccebc

Loki C2
https://github.com/boku7/Loki

RemoteMonologue - A Windows credential harvesting attack that leverages the Interactive User RunAs key and coerces NTLM authentications via DCOM. Remotely compromise users without moving laterally or touching LSASS.
https://www.ibm.com/think/x-force/remotemonologue-weaponizing-dcom-ntlm-authentication-coercions#1
https://github.com/xforcered/RemoteMonologue

Impersonate Tokens using only NTAPI functions
https://github.com/ricardojoserf/NativeTokenImpersonate

A new Mythic service container that allows you to auto-populate VECTR test cases based on your Mythic taskings for purple team.
https://github.com/MythicAgents/VECTR

BloodHound-MCP-AI is integration that connects BloodHound with AI through Model Context Protocol, allowing security professionals to analyze Active Directory attack paths using natural language instead of complex Cypher queries.
https://github.com/MorDavid/BloodHound-MCP-AI

Exploitation module for CVE-2025-32433 (Erlang/OTP)
https://github.com/exa-offsec/ssh_erlangotp_rce