CravateRouge.infosec.exchange (@cravaterouge)

A bit late to the party (didn’t realize Mirage was already retired), but here’s my approach to exploite NTLM cross-session relay and ADCS ESC10 in my HTB Mirage writeup:
medium.com/@cravateroug...

08.12.2025 09:02 👍 0 🔁 0 💬 0 📌 0

Just pushed a new feature in bloodyAD v2.5.0 for 'get writable': you can now dump the results straight into a minimal BloodHound zip using --bh

Give it a spin and let me know what breaks 😄

29.10.2025 08:02 👍 0 🔁 0 💬 0 📌 0

For all the CTF fans who don't want to manually exploit long and easy AD privesc paths, autobloody has been finally updated to its 1.0.0 version

22.10.2025 05:29 👍 0 🔁 0 💬 0 📌 0

User Guide BloodyAD is an Active Directory Privilege Escalation Framework - CravateRouge/bloodyAD

Explore the AD DS even more using MSLDAP operations with bloodyAD 2.3.1:
"bloodyad [<auth_info>] msldap <msldap_command>"

MSLDAP commands list:
github.com/CravateRouge...

14.10.2025 07:12 👍 0 🔁 0 💬 0 📌 0

Sign Up | LinkedIn 500 million+ members | Manage your professional identity. Build and engage with your professional network. Access knowledge, insights and opportunities.

Struggling with cross-domain Kerberos? Not anymore, no matter the number of hops with kerbad v0.5.5 + bloodyAD v2.1.27:
www.linkedin.com/feed/update/...

30.09.2025 14:00 👍 0 🔁 0 💬 0 📌 0

Finally a bloodhound collector inter-domain in bloodyAD v2.1.25!

Thanks to the amazing work of @Skelsec (don't hesitate to support his project octopwn) and some custom code of mine named the reacher to reach every DC alive 😈

24.09.2025 18:25 👍 0 🔁 0 💬 0 📌 0

I know some of you wanted it and JSON output is now available in bloodyAD v2.1.25 thanks to mHiluxS

23.09.2025 05:54 👍 0 🔁 0 💬 0 📌 0

GitHub - SySS-Research/Single-User-BloodHound: Run BloodHound CE in a single-user setup with podman Run BloodHound CE in a single-user setup with podman - GitHub - SySS-Research/Single-User-BloodHound: Run BloodHound CE in a single-user setup with podman

github.com/SySS-Researc... is really a bless for those who want to deploy BloodHound in one step

21.09.2025 06:08 👍 0 🔁 0 💬 0 📌 0

Tired to deal with the clock skew for Kerberos so github.com/CravateRouge... will attempt to synchronize its clock to the server now

03.09.2025 14:49 👍 0 🔁 0 💬 0 📌 0

♻️Have You Looked in the Trash?♻️ | CravateRouge Ltd ♻️Have You Looked in the Trash?♻️ Our latest article uncovers how the Active Directory Recycle Bin can be a hidden attack surface. From SID History abuse to orphaned delegation paths, deleted objects...

New article for those curious about what they can find in the AD Recycle Bin (Bonus: I updated bloodyAD so you can play on this😉)
www.linkedin.com/feed/update/...

25.06.2025 16:05 👍 0 🔁 0 💬 0 📌 0

Exploiting BadSuccessor from A to Z with NT hash of impersonated accounts using bloodyAD v2.1.16
github.com/CravateRouge...

27.05.2025 09:54 👍 1 🔁 1 💬 0 📌 0

GitHub - CravateRouge/bloodyAD: BloodyAD is an Active Directory Privilege… | CravateRouge Ltd BloodyAD Now Supports BadSuccessor Exploit in Full Python! 🐍💥 We're excited to share that BloodyAD has just been updated to support the BadSuccessor exploit, implemented entirely in Python — no e...

BadSuccessor in Python with bloodyAD

Have fun :D

www.linkedin.com/feed/update/...

23.05.2025 15:12 👍 1 🔁 0 💬 0 📌 0

Release v2.1.13 · CravateRouge/bloodyAD | CravateRouge Ltd 🎉 Happy Victory Day! 🎉 The latest update to bloodyAD makes the shadowcredentials attack even smarter! Now, it ensures the targeted Domain Controller (DC) has the prerequisites for a successful attack...

🎉 Happy Victory Day! 🎉

The latest update to bloodyAD makes the shadowcredentials attack even smarter:
www.linkedin.com/feed/update/...

08.05.2025 12:38 👍 0 🔁 0 💬 0 📌 0

Release v2.1.8 · CravateRouge/bloodyAD

bloodyAD v2.1.8 is out with a new feature to resolve foreign SID when displaying security descriptors with "get object" or "get search" and a lifetime option on "add user" offered by
github.com/martanne
to make them vanish magically once expired

github.com/CravateRouge...

28.02.2025 17:55 👍 0 🔁 0 💬 0 📌 0

BloodyAD: Open-source Active Directory privilege escalation framework - Help Net Security BloodyAD is an open-source Active Directory privilege escalation framework, often called the Swiss Army knife for AD privilege escalation.

BloodyAD offers flexible authentication options, including cleartext passwords, pass-the-hash, pass-the-ticket, and certificate-based authentication.

Read more: www.helpnetsecurity.com/2025/01/28/b...

#cybersecurity #cybersecuritynews #opensource
@cravaterouge.bsky.social

28.01.2025 14:35 👍 1 🔁 1 💬 0 📌 0

Performing AD LDAP Queries Like a Ninja | CravateRouge Ltd Strategies to minimize logging generation, and methods to enhance logging efficiency

Little gift just before Christmas 🎁
Learn how AD LDAP logging works, how to improve it or how to bypass it

24.12.2024 06:37 👍 2 🔁 2 💬 0 📌 0

Would be a perfect gift for Christmas 😍

22.12.2024 05:45 👍 0 🔁 0 💬 0 📌 0

Payloads All The Things

🚀 Big Announcement! 🚀

After 8+ years of working on PayloadsAllTheThings, I’m excited to release it as an ebook on Leanpub! 📖✨

To celebrate, I’m gifting 2 free copies to random reposters! 🔥

👉 Repost for a chance to win

Thank you all for your incredible support! 🙌

#CyberSecurity #Infosec

01.12.2024 16:16 👍 14 🔁 10 💬 2 📌 1

Release v2.1.5 · CravateRouge/bloodyAD

Working on making bloodyAD more cross-domain friendly.

You can now retrieve DNS records on all AD domains trusting yours using 'get dnsDump --transitive'
Cross-domain transitivity works even with kerberos credentials from your initial domain.
github.com/CravateRouge...

20.12.2024 13:14 👍 2 🔁 0 💬 0 📌 0

CravateRouge.infosec.exchange

Latest posts by CravateRouge.infosec.exchange @cravaterouge