godap: A complete TUI for LDAP written in Golang
https://github.com/Macmod/godap

CVE-2023-45866: Unauthenticated Bluetooth keystroke-injection in Android, Linux, macOS and iOS
https://github.com/skysafe/reblog/tree/main/cve-2023-45866

Unhooking EDR by remapping ntdll.dll
https://bobvanderstaak.medium.com/unhooking-edr-by-remapping-ntdll-dll-101a99887dfe

Elevating Privileges with SeBackupPrivilege on Windows
https://infosecwriteups.com/elevating-privileges-with-sebackupprivilege-on-windows-107bd34befa2

Unicode XSS via Combining Characters
https://gist.github.com/paj28/86c7b8f37371d89c9a36ed0280fcf450

Tricks for Reliable Split-Second DNS Rebinding in Chrome and Safari
https://www.intruder.io/research/split-second-dns-rebinding-in-chrome-and-safari

RPC or Not, Here We Log: Preventing Exploitation and Abuse with RPC Firewall
https://blog.nviso.eu/2023/12/08/rpc-or-not-here-we-log-preventing-exploitation-and-abuse-with-rpc-firewall

The Pool Party You Will Never Forget: New Process Injection Techniques Using Windows Thread Pools
https://www.safebreach.com/blog/process-injection-using-windows-thread-pools
PoolParty: A set of fully-undetectable process injection techniques abusing Windows Thread Pools
https://github.com/SafeBreach-Labs/PoolParty

Pentesting with Secure LDAP and LDAP Channel Binding
https://rootsecdev.medium.com/pentesting-with-secure-ldap-and-ldap-channel-binding-fd5baa0f7345

Apt style exploitation of Chrome 0day CVE-2023-4357
https://github.com/OgulcanUnveren/CVE-2023-4357-APT-Style-exploitation

Simple Shellcode Runner in Rust Language
https://github.com/CyberSecurityUP/shellcode-runner-rust

Defender Exclusions Creator BOF
https://github.com/EspressoCake/Defender-Exclusions-Creator-BOF

Cookie Monster BOF: Steal browser cookies for edge, chrome and firefox through a BOF or exe! Cookie-Monster will extract the WebKit master key, locate a browser process with a handle to the Cookies and Login Data files, copy the handle(s) and then filelessly download the target
https://github.com/KingOfTheNOPs/cookie-monster

Black Hat Europe 2023 slides
https://github.com/onhexgroup/Conferences/tree/main/Black%20Hat%20Europe%202023%20slides

Useful resources for iOS hacking
https://github.com/Siguza/ios-resources

Proof of Concept (PoC) of 5G NR Attacks against commercial smartphones, CPE routers, USB Modems, etc
https://github.com/asset-group/5ghoul-5g-nr-attacks

New payload to exploit Error-based SQL injection - Oracle database
https://www.mannulinux.org/2023/12/New-payload-to-exploit-Error-based-SQL-injection-Oracle-database.html

myph: AV/EDR bypass payload creation tool
https://github.com/matro7sh/myph

htb-authority: Exploiting authority from @hackthebox_eu involves cracking Ansible vault, messing with PWM, and two really neat twists on the ESC1 ADCS attack, where I'll generate and use a fake computer, and use Pass-The-Cert
https://0xdf.gitlab.io/2023/12/09/htb-authority

Hunting Volt Typhoon TTPs
https://montysecurity.medium.com/hunting-volt-typhoon-ttps-00329f3daae2

Try Hack me — Advent Of Cyber 2023 Day 9 Write Up — She sells C# shells by the C2shore
https://infosecwriteups.com/try-hack-me-advent-of-cyber-2023-day-8-write-up-she-sells-c-shells-by-the-c2shore-080ba26f4011