Critical vulnerability in Windows Server 2025 allows attackers with KDS root key access to generate passwords for all dMSA/gMSA accounts forest-wide. New research reveals design flaw in ManagedPasswordId structure - only 1,024 possible combinations makes brute-force trivial.
https://github.com/Semperis/GoldenDMSA
https://www.semperis.com/blog/golden-dmsa-what-is-dmsa-authentication-bypass/

CVE-2025-53770 exploit
https://github.com/soltanali0/CVE-2025-53770-Exploit

PowerShell collector for adding MSSQL attack paths to BloodHound with OpenGraph
https://github.com/SpecterOps/MSSQLHound

TAP SSH VPN - this will allow you to VPN your machine into the remote TAP device through a reverse SSH tunnel.

https://github.com/trustedsec/tap/blob/master/noscripts/ssh-tunnel.sh

Your template-based BloodHound terminal companion tool
https://github.com/fin3ss3g0d/cypherhound

Weaponize DLL hijacking easily. Backdoor any function in any DLL
https://github.com/Print3M/DllShimmer

you can call something like NtAllocateVirtualMemoryEx without ever touching ntdll!

https://github.com/whokilleddb/function-collections/blob/main/winapi_alternatives/NtAllocateMemoryEx/main.c

https://github.com/whokilleddb/hoontr

Group Policy Objects manipulation and exploitation framework
https://github.com/synacktiv/GroupPolicyBackdoor

Named in homage to pwndrop, pwnlift is a simple dotnet server application for uploading files from a desktop without the use of a C2. Useful if you have a console access to a machine and need to take files offline for analysis (such as Code Integrity Policy files).
https://github.com/rasta-mouse/pwnlift

Comprehensive Windows Syscall Extraction & Analysis Framework
https://github.com/xaitax/NTSleuth

Say hello to Eternal Tux🐧, a 0-click RCE exploit against the Linux kernel from KSMBD N-Days (CVE-2023-52440 & CVE-2023-4130)

https://github.com/BitsByWill/ksmbd-n-day

EDR-Freeze is a tool that puts a process of EDR, AntiMalware into a coma state.
https://github.com/TwoSevenOneT/EDR-Freeze