RΓ©mi GASCOU (Podalirius)'s Avatar

RΓ©mi GASCOU (Podalirius)

@podalirius.bsky.social

Security Researcher & Speaker | Microsoft Security MVP | Developer of security tools | 🎬 http://youtube.com/c/Podalirius

274 Followers  |  44 Following  |  8 Posts  |  Joined: 14.09.2023  |  1.6279

Latest posts by podalirius.bsky.social on Bluesky

Preview
GitHub - TheManticoreProject/gopengraph: A Go library to create BloodHound OpenGraphs easily A Go library to create BloodHound OpenGraphs easily - TheManticoreProject/gopengraph

gopengraph
A Go library to create BloodHound OpenGraphs easily
github.com/TheManticore... by @podalirius.bsky.social

06.11.2025 07:01 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
ShareHound: An OpenGraph Collector for Network Shares - SpecterOps ShareHound is an OpenGraph collector for BloodHound CE and BloodHound Enterprise helping identify attack paths to network shares automatically.

See your network shares the way attackers do. πŸ‘€

Meet ShareHound, an OpenGraph collector for BloodHound CE & Enterprise that reveals share-level attack paths at scale.
@podalirius.bsky.social unpacks all the details in our latest blog post. ghst.ly/4ogiBqt

30.10.2025 17:34 β€” πŸ‘ 7    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
Post image

I'm happy to release a script gadgets wiki inspired by the work of @slekies, @kkotowicz, and @sirdarckcat in their Black Hat USA 2017 talk! πŸ”₯

The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs πŸ‘‡

gmsgadget.com

1/4

24.07.2025 15:31 β€” πŸ‘ 22    πŸ” 13    πŸ’¬ 1    πŸ“Œ 0
Preview
GitHub - TheManticoreProject/LDAPWordlistHarvester: A tool that allows you to extract a client-specific wordlist from the LDAP of an Active Directory. A tool that allows you to extract a client-specific wordlist from the LDAP of an Active Directory. - GitHub - TheManticoreProject/LDAPWordlistHarvester: A tool that allows you to extract a client-...

πŸ” New tool in The Manticore Project: LDAPWordlistHarvester

This tool allows you to create precise wordlists for finding passwords of users in an Active Directory domain using its LDAP data.

➑️ github.com/TheManticore...

02.07.2025 07:09 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
GitHub - p0dalirius/FindGPPPasswords: FindGPPPasswords, A cross-platform tool to find and decrypt Group Policy Preferences passwords from the SYSVOL share using low-privileged domain accounts. FindGPPPasswords, A cross-platform tool to find and decrypt Group Policy Preferences passwords from the SYSVOL share using low-privileged domain accounts. - p0dalirius/FindGPPPasswords

πŸš€ New pentest tool drop: FindGPPPasswords πŸš€

A cross-platform tool to find & decrypt Group Policy Preferences passwords from SYSVOL with low-privileged domain accounts!

πŸ”— Check it out on GitHub: github.com/p0dalirius/F...

26.02.2025 11:44 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Sponsor @p0dalirius on GitHub Sponsors Support Podalirius's open source work in cybersecurity. He is regularly publishing opensource security tools to test for vulnerabilities on many environments, as well as wikis and defense techniques.

πŸš€ New Tool Release: DescribeNTSecurityDescriptor πŸš€

Analyzing Windows NT Security Descriptors can be a headache. I built DescribeNTSecurityDescriptor, a cross-platform tool to decode, parse & visualize them easily!

πŸ”— GitHub: github.com/p0dalirius/DescribeNTSecurityDescriptor

10.02.2025 16:06 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
WorstFit: Unveiling Hidden Transformers in Windows ANSI! πŸ“Œ This is a cross-post from DEVCORE. The research was first published at Black Hat Europe 2024. Personally, I would like to thank splitline, the co-author of this research & article, whose help

OMG, Orange Tsai released his latest new research 🀯 πŸ’£

blog.orange.tw/posts/2025-0...

10.01.2025 06:04 β€” πŸ‘ 34    πŸ” 20    πŸ’¬ 3    πŸ“Œ 2
Preview
GitHub - dirkjanm/BloodHound.py: A Python based ingestor for BloodHound A Python based ingestor for BloodHound. Contribute to dirkjanm/BloodHound.py development by creating an account on GitHub.

Few BloodHound python updates: LDAP channel binding is now supported with Kerberos auth (native) or with NTLM (custom ldap3 version). Furthermore, the BH CE collector now has its own pypi package and command. You can have both on the same system with pipx. github.com/dirkjanm/Blo...

02.01.2025 16:41 β€” πŸ‘ 29    πŸ” 14    πŸ’¬ 2    πŸ“Œ 0
Post image

New module on #NetExec : wam
Dump #Entra access tokens from Windows Token Broker Cache, and make your way to Entra πŸš€

Thanks @xpnsec.com for the technique! More info on his blog : blog.xpnsec.com/wam-bam/

18.12.2024 16:26 β€” πŸ‘ 21    πŸ” 12    πŸ’¬ 0    πŸ“Œ 0
Post image

I'm glad to release the tool I have been working hard on the last month: #KrbRelayEx
A Kerberos relay & forwarder for MiTM attacks!
>Relays Kerberos AP-REQ tickets
>Manages multiple SMB consoles
>Works on Win& Linux with .NET 8.0
>...
GitHub: github.com/decoder-it/K...

25.11.2024 17:31 β€” πŸ‘ 63    πŸ” 43    πŸ’¬ 3    πŸ“Œ 0
Preview
Reverse Engineering iOS 18 Inactivity Reboot Wireless and firmware hacking, PhD life, Technology

How does the new iOS inactivity reboot work? What does it protect from?

I reverse engineered the kernel extension and the secure enclave processor, where this feature is implemented.

naehrdine.blogspot.com/2024/11/reve...

17.11.2024 21:42 β€” πŸ‘ 280    πŸ” 107    πŸ’¬ 12    πŸ“Œ 11

My current offline Web reading setup works quite well 😎
And I'll explain below how it works πŸ› οΈπŸ§΅β¬‡οΈ

30.10.2024 18:15 β€” πŸ‘ 3    πŸ” 3    πŸ’¬ 1    πŸ“Œ 0
Post image

LDAPmonitor by @podalirius.bsky.social - Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!

github.com/p0dalirius/L...

#infosec #pentest #redteam

14.05.2024 18:36 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Check out this free of charge recipe of how to loot bugs in Windows CHM parser. Not for the buck, but for the fun. Because fuzzing is fun. Never did fuzzing before? Just follow the article.

Check out this free of charge recipe of how to loot bugs in Windows CHM parser. Not for the buck, but for the fun. Because fuzzing is fun. Never did fuzzing before? Just follow the article.

Crashing Windows CHM Parser in Seconds Using WinAFL!
Article Highlight #1 - check it out in Paged Out #3 page 53
pagedout.institute/download/Pag...

15.04.2024 09:59 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Post image

Issue #3 is here after a long wait, new and shiny. You can download it here pagedout.institute?page=issues..... Tell us what you think.

18.12.2023 09:18 β€” πŸ‘ 2    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
Parsing the msDS-KeyCredentialLink value for ShadowCredentials attack In-depth explanation of the msDS-KeyCredentialLink attribute used in a shadow credentials attack, and how to parse it.

In my latest article, discover the depth of the msDS-KeyCredentialLink attribute used in ShadowCredentials attacks and how to parse it. Plus, discover a Python library, pydsinternals, that simplifies the parsing process.

Check it out ‡️

podalirius.net/en/articles/...

08.11.2023 09:47 β€” πŸ‘ 2    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0

You are doing your pentest engagements from a Windows machine? #LDAPWordlistHarvester is now available in powershell!

➑️ github.com/p0dalirius/L...

Happy password cracking!

27.09.2023 13:37 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

Today I'm releasing #LDAPWordlistHarvester, a new tool for generate a wordlist based on the LDAP, in order to crack passwords of domain accounts. πŸ₯³

➑️ github.com/p0dalirius/L...

The generated wordlist cracked way more passwords than rockyou2021 on my latest client.

26.09.2023 15:30 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Post image

Today I'm releasing the powershell version of #ExtractBitlockerKeys, aimed at system administrators.

You can backup your BitLocker recovery keys in CSV or JSON.

➑️ github.com/p0dalirius/E...

21.09.2023 15:04 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

I wrote a new tool to extract all the Bitlocker recovery keys of computers enrolled in a Windows domain!

This is really useful in post-exploitation or system administration (to backup keys for example). Export in XLSX, SQLITE, JSON

github.com/p0dalirius/E...

Here is an example:

21.09.2023 13:39 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

@podalirius is following 20 prominent accounts