RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging
https://github.com/DarkSpaceSecurity/RunAs-Stealer

sandbox approach for malware developers and red teamers to test payloads against detection mechanisms before deployment
https://github.com/BlackSnufkin/LitterBox

KrbRelayEx-RPC is a tool similar to my KrbRelayEx designed for performing Man-in-the-Middle (MitM) attacks by relaying Kerberos AP-REQ tickets.
Listens for authenticated ISystemActivator requests and extracts the AP-REQ tickets
Extracts dynamic port bindings from EPMAPPER/OXID resolutions
Relay the AP-REQ to access SMB shares or HTTP ADCS (Active Directory Certificate Services) on behalf of the victim
Forwards the victim's requests dynamically and transparently to the real destination RPC/DCOM application so the victim is unaware that their requests are being intercepted and relayed

https://github.com/decoder-it/KrbRelayEx-RPC

CVE-2025-24071: NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File
https://cti.monster/blog/2025/03/18/CVE-2025-24071.html
https://github.com/0x6rss/CVE-2025-24071_PoC

Apache Tomcat (CVE-2025-24813)
https://github.com/iSee857/CVE-2025-24813-PoC/tree/main

UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It automates the collection of artifacts from a wide range of Unix-like systems, including AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris.
https://github.com/tclahr/uac

another poc lnk generator
https://gist.github.com/nafiez/1236cc4c808a489e60e2927e0407c8d1

Experience the next level of tunneling with the new Ligolo-ng GUI version, designed to make your operations more seamless and efficient:

✅ Automatic TUN Management – Streamline tunnel setup without manual configuration.
✅ Unlimited Concurrent Relays – Handle multiple relays simultaneously without limitations.
✅ SOCKS and HTTP Proxy Support – Flexible proxying options to adapt to various network conditions.
✅ Loopback Routing to Target Machine – Directly route to the target's loopback without needing port forwarding.
✅ Independent Listeners as Redirectors – Create separate, adaptable listeners for greater control.
✅ Dynamic mTLS-Enabled Agent Generation – Generate obfuscated agent binaries on the fly with mTLS support.
✅ Simplified Certificate Management – Easy-to-manage certificates for secure communication.
✅ Intuitive Terminal-Based GUI – Clean and user-friendly interface for better command and control.
https://github.com/ttpreport/ligolo-mp

ghidraMCP is an Model Context Protocol server for allowing LLMs to autonomously reverse engineer applications. It exposes numerous tools from core Ghidra functionality to MCP clients.
https://github.com/LaurieWired/GhidraMCP

IDA Pro MCP
https://github.com/mrexodia/ida-pro-mcp
sample crackme:
https://github.com/NoraCodes/crackmes

IngressNightmare-POCs
https://github.com/sandumjacob/IngressNightmare-POCs

Burpsuite MCP
https://portswigger.net/bappstore/9952290f04ed4f628e624d0aa9dccebc

Loki C2
https://github.com/boku7/Loki

RemoteMonologue - A Windows credential harvesting attack that leverages the Interactive User RunAs key and coerces NTLM authentications via DCOM. Remotely compromise users without moving laterally or touching LSASS.
https://www.ibm.com/think/x-force/remotemonologue-weaponizing-dcom-ntlm-authentication-coercions#1
https://github.com/xforcered/RemoteMonologue

Impersonate Tokens using only NTAPI functions
https://github.com/ricardojoserf/NativeTokenImpersonate

A new Mythic service container that allows you to auto-populate VECTR test cases based on your Mythic taskings for purple team.
https://github.com/MythicAgents/VECTR

BloodHound-MCP-AI is integration that connects BloodHound with AI through Model Context Protocol, allowing security professionals to analyze Active Directory attack paths using natural language instead of complex Cypher queries.
https://github.com/MorDavid/BloodHound-MCP-AI

Exploitation module for CVE-2025-32433 (Erlang/OTP)
https://github.com/exa-offsec/ssh_erlangotp_rce

CVE-2025-21204 exploit simulation for non-admin users via junction-based path hijack.
https://cyberdom.blog/abusing-the-windows-update-stack-to-gain-system-access-cve-2025-21204/
https://raw.githubusercontent.com/eshlomo1/CloudSec/refs/heads/main/Attacking%20the%20Cloud/CVE-2025-21204/Exploit-CVE2025-UpdateStackLPE-NonAdmin.ps1