Olivia
Online
Jacob Paullus
@psycep_
Senior Red Team Consultant @Mandiant
Joined November 2021
48 Following
225 Followers
36 Posts
@0xSterny @sekurlsa_pw This _should_ be accounted for already, I don't have a 2025 DC to test with atm
@sekurlsa_pw Fixed and pushed to main, should dump all NTDS hashes now, let me know if you run into any more issues with it
Windows is now supported + an internal -proxy flag
gopacket is live! Check it out, it is intended to be a full reimplementation of Impacket in Go (it is in beta please send me bug reports) https://t.co/9XjTickbyA
@_atsika I am almost done adding Windows support and a native proxy flag, the people have spoken
gopacket is live! Check it out, it is intended to be a full reimplementation of Impacket in Go (it is in beta please send me bug reports) https://t.co/9XjTickbyA
hey… stop that
Nice work by the Mandiant team
We took a quick look at the compiled binaries and THOR already detected 9 of the tools via generic rules. We then added coverage for the rest.
@HolyMoly84103 Please let me know if you run into any issues with this in actual use and I can revisit if needed
@HolyMoly84103 gopacket's WMI only implements GetObject and ExecMethod, the PutInstance marshalling path from that Impacket issue isn't there. wmipersist calls PutInstance via go-msrpc, and after review, it correctly emits the CIM_FLAG_ARRAY count + heap refs that Impacket missed
@avtvfh1125 It still needs extensive testing in real environments, but the design intentions were behavior parity with Impacket. This is because I was aiming to recreate the networking library first and used the example tools as building blocks. As the project grows I intend to improve tools
@HolyMoly84103 I tried to address underlying Impacket bugs during the process, so maybe… can you send me the specific error you are referring to?
RemoteMonologue - A Windows credential harvesting attack that leverages the Interactive User RunAs key and coerces NTLM authentications via DCOM. Remotely compromise users without moving laterally or touching LSASS.
Hope you enjoy the blog & tool drop 🤟
https://t.co/ch9WuSP6bm
The tool is release ready, someone give me motivation to write a blog
Publishing a new blog and tool tomorrow 👀
Planning a new blog+tool release, stay tuned 👀
ANOTHA ONE ☝️ check out our latest @Mandiant blog, showcasing the terrifying Browser-in-the-Middle techniques of the modern social engineer https://t.co/X1IPjMBi2d
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers