rp-bf: A library to bruteforce ROP gadgets by emulating a Windows user-mode crash-dump
https://github.com/0vercl0k/rp-bf.rs

havoc-bloodhound: A GUI wrapper inside of Havoc to interact with bloodhound CE
https://github.com/p4p1/havoc-bloodhound

Stinger: CIA UAC bypass implementation of Stinger that obtains the token from an auto-elevated process, modifies it, and reuses it to execute as Administrator
https://github.com/hackerhouse-opensource/Stinger

Collection of Bash scripts designed for comprehensive security audits and network mapping of Active Directory (AD) environments. The scripts automate various tasks including LDAP querying, Kerberos ticket analysis, SMB enumeration, and exploitation of known vulnerabilities like Zerologon and PetitPotam
https://github.com/emrekybs/AD-AssessmentKit

pendulum: Sleep obfuscation for Linux
https://github.com/kyleavery/pendulum

SharpGhostTask: A C# port from Invoke-GhostTask
https://github.com/dmcxblue/SharpGhostTask

Checkmate: payload Execution by Fake Windows SmartScreen with requires Administrator privileges & Turn off real SmartScreen Filter
https://github.com/S3N4T0R-0X0/Checkmate

SSH-Snake: is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery
https://github.com/MegaManSec/SSH-Snake

SSHniffer: A post-compromise agent to be deployed on rooted linux machines designed to quietly listen for SSH connections. When a domain user/service connects to the linux device with a password, the agent will log the sshd process data by using strace
https://github.com/JitBox/SSHniffer

MobSF Remote code execution (via CVE-2024-21633)
https://github.com/0x33c0unt/CVE-2024-21633

Exploiting n-day in Home Security Camera
https://0xbigshaq.github.io/2024/01/05/tp-link-tapo-c100

(Im)perfectProject(or) - Hacking a small WiFi connected projector for fun and to learn hard lessons
https://axelp.io/ImperfectProjector

How I Prevented a Mass Data Breach - $15,000 bounty
https://bxmbn.medium.com/how-i-prevented-a-mass-data-breach-15-000-bounty-bxmbn-1096e6400e3d

Ghost in the Web Shell: Introducing ShellSweep
https://www.splunk.com/en_us/blog/security/ghost-in-the-web-shell-introducing-shellsweep

APT28: From Initial Damage to Domain Controller Threats in an Hour (CERT-UA#8399)
https://medium.com/cyberscribers-exploring-cybersecurity/apt28-from-initial-damage-to-domain-controller-threats-in-an-hour-cert-ua-8399-1944dd6edcdf

A collection of malware families and malware samples which use the Rust programming language
https://github.com/cxiao/rust-malware-gallery

Payload-Generator: An aggressor script that can help automate payload building in Cobalt Strike
https://github.com/Workingdaturah/Payload-Generator

Moriarty combines the capabilities of Watson and Sherlock, adding enhanced scanning for newer vulnerabilities and integrating additional checks
https://github.com/BC-SECURITY/Moriarty

Hide Your CobaltStrike with CloudFlared Tunnel and Microsoft 100 Traffic%
https://github.com/EvilGreys/Hide-CobaltStrike

Exploit tool implemented using ebpf
https://github.com/bfengj/eBPFeXPLOIT

Roles allowing to abuse Entra ID federation for persistence and privilege escalation
https://medium.com/tenable-techblog/roles-allowing-to-abuse-entra-id-federation-for-persistence-and-privilege-escalation-df9ca6e58360