Pinned Repositories
Active-Directory-Exploitation-Cheat-Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
AD-Attack-Defense
Attack and defend active directory using modern post exploitation adversary tradecraft activity
ADAPE-Script
Active Directory Assessment and Privilege Escalation Script
ADCSPwn
A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service.
ADFSDump
ADSecrets
Set of ultra technical notes about AD
AdvancedWebHackingWorkshop
Examples for Advanced Web Hacking Workshop
Antivirus-Artifacts
Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot.
APTSimulator
A toolset to make a system look as if it was the victim of an APT attack
Meditology's Repositories
Meditology/TREVORspray
A featureful round-robin SOCKS proxy and Python O365 sprayer based on MSOLSpray which uses the Microsoft Graph API
Meditology/Go365
An Office365 User Attack Tool
Meditology/dirsearch
Web path scanner
Meditology/msf-autoshell
Feed the tool a .nessus file and it will automatically get you MSF shell
Meditology/BetterSafetyKatz
Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime patches signatures and uses SharpSploit DInvoke to PE-Load into memory.
Meditology/PowerMeta
PowerMeta searches for publicly available files hosted on various websites for a particular domain by using specially crafted Google, and Bing searches. It then allows for the download of those files from the target domain. After retrieving the files, the metadata associated with them can be analyzed by PowerMeta. Some interesting things commonly found in metadata are usernames, domains, software titles, and computer names.
Meditology/tomcatWarDeployer
Apache Tomcat auto WAR deployment & pwning penetration testing tool.
Meditology/Omnispray
Modular Enumeration and Password Spraying Framework
Meditology/RedRabbit
Red Team PowerShell Script
Meditology/DPAT
Domain Password Audit Tool for Pentesters
Meditology/unicorn
Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.
Meditology/MailSniper
MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an administrator to search the mailboxes of every user in a domain.
Meditology/BadOutlook
(kinda) Malicious Outlook Reader
Meditology/OffensiveCSharp
Collection of Offensive C# Tooling
Meditology/egressbuster
Egressbuster is a method to check egress filtering and identify if ports are allowed. If they are, you can automatically spawn a shell.
Meditology/WPForce
Wordpress Attack Suite
Meditology/SharpLAPS
Retrieve LAPS password from the LDAP
Meditology/GreatSCT
The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.
Meditology/SharpSMBSpray
Spray a hash via smb to check for local administrator access
Meditology/PANhunt
PANhunt searches for credit card numbers (PANs) in directories.
Meditology/DefaultCreds-cheat-sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Meditology/TokenPlayer
Manipulating and Abusing Windows Access Tokens.
Meditology/Antivirus-Artifacts
Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot.
Meditology/Infosec_Reference
An Information Security Reference That Doesn't Suck
Meditology/LAPSDumper
https://www.n00py.io/2020/12/dumping-laps-passwords-from-linux/
Meditology/pyoneer
Data discovery tool written in python.
Meditology/SharpMapExec
Meditology/Bloodhound-Custom-Queries
Custom Query list for the Bloodhound GUI based off my cheatsheet
Meditology/herpaderping
Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.
Meditology/CVE-2020-1472
Test tool for CVE-2020-1472