/\_/\ ________________________________
____/ o o \ __ / u using that meth thing again? \
/~____ =ΓΈ= / \ _______________________________/
(______)__m_m)
_____________________________ )\._.,--....,'``.
/it's called "METHODO" STEVE! \ __ /, _.. \ _\ (`._ ,.
\_____________________________/ `._.-(,_..'--(,_..'`-.;.'
The purpose of Methodo is to serve as a visual aid and supplement for CTFs, exams and real-world engagements. It can be thought of as a "graphical cheat-sheet".
The graphs were almost entirely curated for the OSCP, however the contents can be used for many scenarios. Since it was primarily created for the OSCP though, it currently does not cover commands for topics such as AV/EDR evasion, Persistence and some others.
The graphs can be used to navigate a variety of recon, enum and exploit techniques easily and quickly! It also offers the option to directly copy commands, which makes it a breeze during... well.., Exams with crazy time constraints!
As stated, this is to be used as a visual aid and supplement. It assumes the user has a base knowledge of the various techniques covered, therefore it does not provide much detail in terms of the theory.
Custom built tools, scripts and text files referenced, can be found on my Github page here: https://github.com/aslam4dm/methodo
You can use the Methodo Github repo, to search for tools, and scripts that you're unfamiliar with. If it does not appear in the Github repo, then it should be a quick google search away.
Generally, boxes outlined in purple contain information that serve as Tips and Reminders - these are particularly useful for the OSCP.
If there are multiple commands listed for a specific task, and one (or more) of the commands is in a box that has a green outline, this is generally considered to be a (personal) preferred approach. That is not to say that the other commands are invalid.
ctfgen is a tool referred to in 1-start (under setup and initiation). This tool enables you to establish your targets as environment variables. The great thing about this is that with most commands listed, you can simply copy/paste out of the box, without having to constantly specify or modify the target IP addresses. Check the tool out here π https://github.com/aslam4dm/Methodo/tree/main/ctfgen
When using Methodo, you will need to use your knowledge, experience and intuition. If you're performing a test on a Production environment, with designs to evade EDR.. well.. then.., you probably wouldn't want to download win.zip. In short - be wise!
If you know anyone who might benefit from the contents of this project, I'd greatly appreciate if you could share it with them π
For any suggestions, updates or collaborations on this project, you can reach out to me on twitter:
π https://x.com/aslam4dm
Thanks for checking out this project out! If you've found this helpful, and would like to support me, or just say thanks - feel free to buy me a coffeeβ β it means a lot and helps keep the maintenance going.
@alsam4dm