Rémi GASCOU (Podalirius)
@podalirius.bsky.social
Security Researcher & Speaker | Microsoft Security MVP | Developer of security tools | 🎬 http://youtube.com/c/Podalirius
Reposted by Rémi GASCOU (Podalirius)
gopengraph
A Go library to create BloodHound OpenGraphs easily
github.com/TheManticore... by @podalirius.bsky.social
A Go library to create BloodHound OpenGraphs easily
github.com/TheManticore... by @podalirius.bsky.social
GitHub - TheManticoreProject/gopengraph: A Go library to create BloodHound OpenGraphs easily
A Go library to create BloodHound OpenGraphs easily - TheManticoreProject/gopengraph
github.com
November 6, 2025 at 7:01 AM
gopengraph
A Go library to create BloodHound OpenGraphs easily
github.com/TheManticore... by @podalirius.bsky.social
A Go library to create BloodHound OpenGraphs easily
github.com/TheManticore... by @podalirius.bsky.social
Reposted by Rémi GASCOU (Podalirius)
See your network shares the way attackers do. 👀
Meet ShareHound, an OpenGraph collector for BloodHound CE & Enterprise that reveals share-level attack paths at scale.
@podalirius.bsky.social unpacks all the details in our latest blog post. ghst.ly/4ogiBqt
Meet ShareHound, an OpenGraph collector for BloodHound CE & Enterprise that reveals share-level attack paths at scale.
@podalirius.bsky.social unpacks all the details in our latest blog post. ghst.ly/4ogiBqt
ShareHound: An OpenGraph Collector for Network Shares - SpecterOps
ShareHound is an OpenGraph collector for BloodHound CE and BloodHound Enterprise helping identify attack paths to network shares automatically.
ghst.ly
October 30, 2025 at 5:34 PM
See your network shares the way attackers do. 👀
Meet ShareHound, an OpenGraph collector for BloodHound CE & Enterprise that reveals share-level attack paths at scale.
@podalirius.bsky.social unpacks all the details in our latest blog post. ghst.ly/4ogiBqt
Meet ShareHound, an OpenGraph collector for BloodHound CE & Enterprise that reveals share-level attack paths at scale.
@podalirius.bsky.social unpacks all the details in our latest blog post. ghst.ly/4ogiBqt
Reposted by Rémi GASCOU (Podalirius)
I'm happy to release a script gadgets wiki inspired by the work of @slekies, @kkotowicz, and @sirdarckcat in their Black Hat USA 2017 talk! 🔥
The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇
gmsgadget.com
1/4
The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇
gmsgadget.com
1/4
July 24, 2025 at 3:31 PM
I'm happy to release a script gadgets wiki inspired by the work of @slekies, @kkotowicz, and @sirdarckcat in their Black Hat USA 2017 talk! 🔥
The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇
gmsgadget.com
1/4
The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇
gmsgadget.com
1/4
🔍 New tool in The Manticore Project: LDAPWordlistHarvester
This tool allows you to create precise wordlists for finding passwords of users in an Active Directory domain using its LDAP data.
➡️ github.com/TheManticore...
This tool allows you to create precise wordlists for finding passwords of users in an Active Directory domain using its LDAP data.
➡️ github.com/TheManticore...
GitHub - TheManticoreProject/LDAPWordlistHarvester: A tool that allows you to extract a client-specific wordlist from the LDAP of an Active Directory.
A tool that allows you to extract a client-specific wordlist from the LDAP of an Active Directory. - GitHub - TheManticoreProject/LDAPWordlistHarvester: A tool that allows you to extract a client-...
github.com
July 2, 2025 at 7:09 AM
🔍 New tool in The Manticore Project: LDAPWordlistHarvester
This tool allows you to create precise wordlists for finding passwords of users in an Active Directory domain using its LDAP data.
➡️ github.com/TheManticore...
This tool allows you to create precise wordlists for finding passwords of users in an Active Directory domain using its LDAP data.
➡️ github.com/TheManticore...
🚀 New pentest tool drop: FindGPPPasswords 🚀
A cross-platform tool to find & decrypt Group Policy Preferences passwords from SYSVOL with low-privileged domain accounts!
🔗 Check it out on GitHub: github.com/p0dalirius/F...
A cross-platform tool to find & decrypt Group Policy Preferences passwords from SYSVOL with low-privileged domain accounts!
🔗 Check it out on GitHub: github.com/p0dalirius/F...
GitHub - p0dalirius/FindGPPPasswords: FindGPPPasswords, A cross-platform tool to find and decrypt Group Policy Preferences passwords from the SYSVOL share using low-privileged domain accounts.
FindGPPPasswords, A cross-platform tool to find and decrypt Group Policy Preferences passwords from the SYSVOL share using low-privileged domain accounts. - p0dalirius/FindGPPPasswords
github.com
February 26, 2025 at 11:44 AM
🚀 New pentest tool drop: FindGPPPasswords 🚀
A cross-platform tool to find & decrypt Group Policy Preferences passwords from SYSVOL with low-privileged domain accounts!
🔗 Check it out on GitHub: github.com/p0dalirius/F...
A cross-platform tool to find & decrypt Group Policy Preferences passwords from SYSVOL with low-privileged domain accounts!
🔗 Check it out on GitHub: github.com/p0dalirius/F...
🚀 New Tool Release: DescribeNTSecurityDescriptor 🚀
Analyzing Windows NT Security Descriptors can be a headache. I built DescribeNTSecurityDescriptor, a cross-platform tool to decode, parse & visualize them easily!
🔗 GitHub: github.com/p0dalirius/DescribeNTSecurityDescriptor
Analyzing Windows NT Security Descriptors can be a headache. I built DescribeNTSecurityDescriptor, a cross-platform tool to decode, parse & visualize them easily!
🔗 GitHub: github.com/p0dalirius/DescribeNTSecurityDescriptor
Sponsor @p0dalirius on GitHub Sponsors
Support Podalirius's open source work in cybersecurity. He is regularly publishing opensource security tools to test for vulnerabilities on many environments, as well as wikis and defense techniques.
github.com
February 10, 2025 at 4:06 PM
🚀 New Tool Release: DescribeNTSecurityDescriptor 🚀
Analyzing Windows NT Security Descriptors can be a headache. I built DescribeNTSecurityDescriptor, a cross-platform tool to decode, parse & visualize them easily!
🔗 GitHub: github.com/p0dalirius/DescribeNTSecurityDescriptor
Analyzing Windows NT Security Descriptors can be a headache. I built DescribeNTSecurityDescriptor, a cross-platform tool to decode, parse & visualize them easily!
🔗 GitHub: github.com/p0dalirius/DescribeNTSecurityDescriptor
Reposted by Rémi GASCOU (Podalirius)
Reposted by Rémi GASCOU (Podalirius)
Few BloodHound python updates: LDAP channel binding is now supported with Kerberos auth (native) or with NTLM (custom ldap3 version). Furthermore, the BH CE collector now has its own pypi package and command. You can have both on the same system with pipx. github.com/dirkjanm/Blo...
GitHub - dirkjanm/BloodHound.py: A Python based ingestor for BloodHound
A Python based ingestor for BloodHound. Contribute to dirkjanm/BloodHound.py development by creating an account on GitHub.
github.com
January 2, 2025 at 4:41 PM
Few BloodHound python updates: LDAP channel binding is now supported with Kerberos auth (native) or with NTLM (custom ldap3 version). Furthermore, the BH CE collector now has its own pypi package and command. You can have both on the same system with pipx. github.com/dirkjanm/Blo...
Reposted by Rémi GASCOU (Podalirius)
New module on #NetExec : wam
Dump #Entra access tokens from Windows Token Broker Cache, and make your way to Entra 🚀
Thanks @xpnsec.com for the technique! More info on his blog : blog.xpnsec.com/wam-bam/
Dump #Entra access tokens from Windows Token Broker Cache, and make your way to Entra 🚀
Thanks @xpnsec.com for the technique! More info on his blog : blog.xpnsec.com/wam-bam/
December 18, 2024 at 4:26 PM
New module on #NetExec : wam
Dump #Entra access tokens from Windows Token Broker Cache, and make your way to Entra 🚀
Thanks @xpnsec.com for the technique! More info on his blog : blog.xpnsec.com/wam-bam/
Dump #Entra access tokens from Windows Token Broker Cache, and make your way to Entra 🚀
Thanks @xpnsec.com for the technique! More info on his blog : blog.xpnsec.com/wam-bam/
Reposted by Rémi GASCOU (Podalirius)
I'm glad to release the tool I have been working hard on the last month: #KrbRelayEx
A Kerberos relay & forwarder for MiTM attacks!
>Relays Kerberos AP-REQ tickets
>Manages multiple SMB consoles
>Works on Win& Linux with .NET 8.0
>...
GitHub: github.com/decoder-it/K...
A Kerberos relay & forwarder for MiTM attacks!
>Relays Kerberos AP-REQ tickets
>Manages multiple SMB consoles
>Works on Win& Linux with .NET 8.0
>...
GitHub: github.com/decoder-it/K...
November 25, 2024 at 5:31 PM
I'm glad to release the tool I have been working hard on the last month: #KrbRelayEx
A Kerberos relay & forwarder for MiTM attacks!
>Relays Kerberos AP-REQ tickets
>Manages multiple SMB consoles
>Works on Win& Linux with .NET 8.0
>...
GitHub: github.com/decoder-it/K...
A Kerberos relay & forwarder for MiTM attacks!
>Relays Kerberos AP-REQ tickets
>Manages multiple SMB consoles
>Works on Win& Linux with .NET 8.0
>...
GitHub: github.com/decoder-it/K...
Reposted by Rémi GASCOU (Podalirius)
How does the new iOS inactivity reboot work? What does it protect from?
I reverse engineered the kernel extension and the secure enclave processor, where this feature is implemented.
naehrdine.blogspot.com/2024/11/reve...
I reverse engineered the kernel extension and the secure enclave processor, where this feature is implemented.
naehrdine.blogspot.com/2024/11/reve...
Reverse Engineering iOS 18 Inactivity Reboot
Wireless and firmware hacking, PhD life, Technology
naehrdine.blogspot.com
November 17, 2024 at 9:42 PM
How does the new iOS inactivity reboot work? What does it protect from?
I reverse engineered the kernel extension and the secure enclave processor, where this feature is implemented.
naehrdine.blogspot.com/2024/11/reve...
I reverse engineered the kernel extension and the secure enclave processor, where this feature is implemented.
naehrdine.blogspot.com/2024/11/reve...
Reposted by Rémi GASCOU (Podalirius)
My current offline Web reading setup works quite well 😎
And I'll explain below how it works 🛠️🧵⬇️
And I'll explain below how it works 🛠️🧵⬇️
October 30, 2024 at 6:15 PM
My current offline Web reading setup works quite well 😎
And I'll explain below how it works 🛠️🧵⬇️
And I'll explain below how it works 🛠️🧵⬇️
Reposted by Rémi GASCOU (Podalirius)
LDAPmonitor by @podalirius.bsky.social - Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
github.com/p0dalirius/L...
#infosec #pentest #redteam
github.com/p0dalirius/L...
#infosec #pentest #redteam
May 14, 2024 at 6:36 PM
LDAPmonitor by @podalirius.bsky.social - Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
github.com/p0dalirius/L...
#infosec #pentest #redteam
github.com/p0dalirius/L...
#infosec #pentest #redteam
Reposted by Rémi GASCOU (Podalirius)
Crashing Windows CHM Parser in Seconds Using WinAFL!
Article Highlight #1 - check it out in Paged Out #3 page 53
pagedout.institute/download/Pag...
Article Highlight #1 - check it out in Paged Out #3 page 53
pagedout.institute/download/Pag...
April 15, 2024 at 9:59 AM
Crashing Windows CHM Parser in Seconds Using WinAFL!
Article Highlight #1 - check it out in Paged Out #3 page 53
pagedout.institute/download/Pag...
Article Highlight #1 - check it out in Paged Out #3 page 53
pagedout.institute/download/Pag...
Reposted by Rémi GASCOU (Podalirius)
Issue #3 is here after a long wait, new and shiny. You can download it here pagedout.institute?page=issues..... Tell us what you think.
December 18, 2023 at 9:18 AM
Issue #3 is here after a long wait, new and shiny. You can download it here pagedout.institute?page=issues..... Tell us what you think.
In my latest article, discover the depth of the msDS-KeyCredentialLink attribute used in ShadowCredentials attacks and how to parse it. Plus, discover a Python library, pydsinternals, that simplifies the parsing process.
Check it out ⤵️
podalirius.net/en/articles/...
Check it out ⤵️
podalirius.net/en/articles/...
Parsing the msDS-KeyCredentialLink value for ShadowCredentials attack
In-depth explanation of the msDS-KeyCredentialLink attribute used in a shadow credentials attack, and how to parse it.
podalirius.net
November 8, 2023 at 9:47 AM
In my latest article, discover the depth of the msDS-KeyCredentialLink attribute used in ShadowCredentials attacks and how to parse it. Plus, discover a Python library, pydsinternals, that simplifies the parsing process.
Check it out ⤵️
podalirius.net/en/articles/...
Check it out ⤵️
podalirius.net/en/articles/...
You are doing your pentest engagements from a Windows machine? #LDAPWordlistHarvester is now available in powershell!
➡️ github.com/p0dalirius/L...
Happy password cracking!
➡️ github.com/p0dalirius/L...
Happy password cracking!
September 27, 2023 at 1:37 PM
You are doing your pentest engagements from a Windows machine? #LDAPWordlistHarvester is now available in powershell!
➡️ github.com/p0dalirius/L...
Happy password cracking!
➡️ github.com/p0dalirius/L...
Happy password cracking!
Today I'm releasing #LDAPWordlistHarvester, a new tool for generate a wordlist based on the LDAP, in order to crack passwords of domain accounts. 🥳
➡️ github.com/p0dalirius/L...
The generated wordlist cracked way more passwords than rockyou2021 on my latest client.
➡️ github.com/p0dalirius/L...
The generated wordlist cracked way more passwords than rockyou2021 on my latest client.
September 26, 2023 at 3:30 PM
Today I'm releasing #LDAPWordlistHarvester, a new tool for generate a wordlist based on the LDAP, in order to crack passwords of domain accounts. 🥳
➡️ github.com/p0dalirius/L...
The generated wordlist cracked way more passwords than rockyou2021 on my latest client.
➡️ github.com/p0dalirius/L...
The generated wordlist cracked way more passwords than rockyou2021 on my latest client.
Today I'm releasing the powershell version of #ExtractBitlockerKeys, aimed at system administrators.
You can backup your BitLocker recovery keys in CSV or JSON.
➡️ github.com/p0dalirius/E...
You can backup your BitLocker recovery keys in CSV or JSON.
➡️ github.com/p0dalirius/E...
September 21, 2023 at 3:04 PM
Today I'm releasing the powershell version of #ExtractBitlockerKeys, aimed at system administrators.
You can backup your BitLocker recovery keys in CSV or JSON.
➡️ github.com/p0dalirius/E...
You can backup your BitLocker recovery keys in CSV or JSON.
➡️ github.com/p0dalirius/E...
I wrote a new tool to extract all the Bitlocker recovery keys of computers enrolled in a Windows domain!
This is really useful in post-exploitation or system administration (to backup keys for example). Export in XLSX, SQLITE, JSON
github.com/p0dalirius/E...
Here is an example:
This is really useful in post-exploitation or system administration (to backup keys for example). Export in XLSX, SQLITE, JSON
github.com/p0dalirius/E...
Here is an example:
September 21, 2023 at 1:39 PM
I wrote a new tool to extract all the Bitlocker recovery keys of computers enrolled in a Windows domain!
This is really useful in post-exploitation or system administration (to backup keys for example). Export in XLSX, SQLITE, JSON
github.com/p0dalirius/E...
Here is an example:
This is really useful in post-exploitation or system administration (to backup keys for example). Export in XLSX, SQLITE, JSON
github.com/p0dalirius/E...
Here is an example: