Pinned Repositories
Active-Directory-Exploitation-Cheat-Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
AD-Attack-Defense
Attack and defend active directory using modern post exploitation adversary tradecraft activity
ADAPE-Script
Active Directory Assessment and Privilege Escalation Script
ADCSPwn
A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service.
ADFSDump
ADSecrets
Set of ultra technical notes about AD
AdvancedWebHackingWorkshop
Examples for Advanced Web Hacking Workshop
Antivirus-Artifacts
Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot.
APTSimulator
A toolset to make a system look as if it was the victim of an APT attack
Meditology's Repositories
Meditology/OSINT_Collection
Maintained collection of OSINT related resources. (All Free & Actionable)
Meditology/dark-web-osint-tools
OSINT Tools for the Dark Web
Meditology/PPN
Pentester's Promiscuous Notebook
Meditology/cloud_enum
Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
Meditology/Awesome-Azure-Pentest
A collection of resources, tools and more for penetration testing and securing Microsofts cloud platform Azure.
Meditology/Mandiant-Azure-AD-Investigator
Meditology/SecretFinder
SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files
Meditology/caldera
Scalable Automated Adversary Emulation Platform
Meditology/monkey
Infection Monkey - An automated pentest tool
Meditology/PoC-Exploits
Select proof-of-concept exploits for software vulnerabilities to aid in identifying and testing vulnerable systems.
Meditology/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
Meditology/wpscan
WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites.
Meditology/cloud-security-remediation-guides
Security Remediation Guides
Meditology/Rubeus
Trying to tame the three-headed dog.
Meditology/WeaponizeKali.sh
Automate installation of extra pentest tools on Kali Linux
Meditology/AD-Attack-Defense
Attack and defend active directory using modern post exploitation adversary tradecraft activity
Meditology/SharpCollection
Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.
Meditology/evil-winrm
The ultimate WinRM shell for hacking/pentesting
Meditology/ADFSDump
Meditology/PSPKIAudit
PowerShell toolkit for AD CS auditing based on the PSPKI toolkit.
Meditology/tools
Meditology/o365spray
Username enumeration and password spraying tool aimed at Microsoft O365.
Meditology/Penetration-Testing-Tools
A collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.
Meditology/LaZagne
Credentials recovery project
Meditology/PrivescCheck
Privilege Escalation Enumeration Script for Windows
Meditology/PetitPotam
PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.
Meditology/Pentest-Tools
Meditology/Microsoft365_devicePhish
A proof-of-concept script to conduct a phishing attack abusing Microsoft 365 OAuth Authorization Flow
Meditology/Inveigh
.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
Meditology/BloodHound
Six Degrees of Domain Admin