Jacob Paullus

@sekurlsa_pw @n00py1 @HackingLZ This should be fixed now

@n00py1 @HackingLZ Ah, I just saw your bug report with the link to KNOWN_ISSUES.md github.com/mandiant/gopac…

Tried secretsdump in GoPacket (impacket in Go). It dumps the SAM and LSA secrets, but not the NTDS.DIT AD hashes. Impacket-secretsdump does succeed on dumping those hashes with the GOAD test DC. Btw, to only build the binaries use: $ ./install.sh --build-only

@0xSterny @sekurlsa_pw This _should_ be accounted for already, I don't have a 2025 DC to test with atm

@psycep_ @sekurlsa_pw Make sure you are checking the dump on both a windows server 2022 and 2025 as they have different page sizing in ESE parsers

@sekurlsa_pw Fixed and pushed to main, should dump all NTDS hashes now, let me know if you run into any more issues with it

Windows is now supported + an internal -proxy flag

@_atsika I am almost done adding Windows support and a native proxy flag, the people have spoken

@psycep_ Dope project 💯 I was just wondering why you chose to implement proxychains support instead of adding a --proxy flag? I find it sad to drop support for Windows.

gopacket is live! Check it out, it is intended to be a full reimplementation of Impacket in Go (it is in beta please send me bug reports) github.com/mandiant/gopac…

hey… stop that

@HolyMoly84103 Please let me know if you run into any issues with this in actual use and I can revisit if needed

@HolyMoly84103 gopacket's WMI only implements GetObject and ExecMethod, the PutInstance marshalling path from that Impacket issue isn't there. wmipersist calls PutInstance via go-msrpc, and after review, it correctly emits the CIM_FLAG_ARRAY count + heap refs that Impacket missed

@avtvfh1125 It still needs extensive testing in real environments, but the design intentions were behavior parity with Impacket. This is because I was aiming to recreate the networking library first and used the example tools as building blocks. As the project grows I intend to improve tools

残すインジケータもimpacketと同じなんだろうか？ 要検証だろうなあ(機器での検知含め…

@HolyMoly84103 I tried to address underlying Impacket bugs during the process, so maybe… can you send me the specific error you are referring to?

@psycep_ I have a question that this project have error when working with RPC array type like Impacket ?

🔥🤖Excited to share a new blog I co-authored with @h4wkst3r and @kulinacs - Automating the Operator: Integrating LLMs into Offensive Security armadin.com/blog-posts/aut… We show how LLMs make offensive work more operationally useful, introduce 2 new MCP servers, and an NTLM relaying Gemini extension POC

RemoteMonologue - A Windows credential harvesting attack that leverages the Interactive User RunAs key and coerces NTLM authentications via DCOM. Remotely compromise users without moving laterally or touching LSASS. Hope you enjoy the blog & tool drop 🤟 #1" target="_blank" rel="nofollow noopener">ibm.com/think/x-force/…

@psycep_ Write it or you're uninvited to my bday party 😐

The tool is release ready, someone give me motivation to write a blog

Publishing a new blog and tool tomorrow 👀

Planning a new blog+tool release, stay tuned 👀

ANOTHA ONE ☝️ check out our latest @Mandiant blog, showcasing the terrifying Browser-in-the-Middle techniques of the modern social engineer cloud.google.com/blog/topics/th…

Thanks @psycep_!🤠 cloud.google.com/blog/topics/th…