Joined May 2019
- Tweets 18,983
- Following 2,040
- Followers 2,572
- Likes 203,434
1,583 Photos and videos
Pinned Tweet
26 Nov 2024
Ope. Updated my profile to a custom domain.
bsky.app/profile/jimsycurity…
842
Releasing Tunnel Vision Toolkit, part of my @x33fcon talk on Microsoft Global Secure Access.
Includes BOFs to assist in engagements where you face GSA, plus a rogue client that lets you connect to internal resources from unmanaged devices.
github.com/ar0x4/tunnel-visi…
2
40
90
11,254
Jim Sykora retweeted
Jun 12
ICYMI: @0xr0BIT joined #KnowYourAdversary for a discussion on how scheduled tasks store creds, why they frequently appear during security assessments, & how TaskHound helps operators & defenders visualize these relationships directly within BloodHound.
👀 ghst.ly/4x4qGmU
3
8
1,877
Jim Sykora retweeted
Jun 10
This post was published as part of the @SpecterOps "GhostWorks" initiative.. exciting times, can't wait to show what we've been doing \o/ specterops.io/blog/2026/06/0…
Jun 10
New blog post is up looking at what GEPA is, and how it can be used for refining prompts for security agents. specterops.io/blog/2026/06/0…
9
32
5,166
Jim Sykora retweeted
Jun 9
U2U powers UnPAC-the-Hash and chains into Shadow Credentials and ADCS ESC attacks, but most resources skip the “how.”
@GrayHatKiller breaks down Kerberos U2U auth from the RFC to Windows’ divergences—and why modern attacks rely on it.
ghst.ly/4egy4TT
21
38
2,497
Jim Sykora retweeted
Regarding Active Directory permissions, most people assume that a Deny ACE always wins. It doesn't!
Windows stops the access check the moment enough rights are granted — any ACE after that point is never evaluated.
New post: managedpriv.com/blog/acl-can…
1
7
18
1,552
Jim Sykora retweeted
May 22
The .NET ActiveDirectorySecurity API was built for helpdesk scripts, not ACL fidelity.
If you're using it for backup, migration, or exact cloning — you're going to have a bad time. New post: the 9 design problems you need to know. bit.ly/3Rl635L
1
3
18
1,311
Jim Sykora retweeted
May 21
Found a Tailscale API key on an assessment?
In their latest research, @KingOfTheNOPs & @Sw4mp_f0x created TailscaleHound to turn your Tailnet into a BloodHound graph to visualize access paths between Azure & Tailscale.
Check it out ⤵️ ghst.ly/4nJkgFF
20
55
3,161
shipping: WinSSHound
maps SSH access in AD as BloodHound paths. because Windows OpenSSH cheerfully ignores your "Deny Logon" GPOs (pre-2025) and on a default sshd_config every Authenticated User in the domain can walk right in. Why? Because Microsoft.
github.com/1r0BIT/WinSSHound
68
208
12,339
Jim Sykora retweeted
May 6
In his latest research, @_xpn_ tears apart VS Code Dev Tunnels and finds a C2 framework underneath — REST → WebSocket → SSH → MsgPack RPC, remote exec, file ops.
Find the Ouroboros tool and protocol breakdown at the link! 👇 ghst.ly/4mZ4arb
56
161
9,036
Jim Sykora retweeted
Apr 23
How well do you really understand what's happening inside a #Kerberos exchange? In our latest blog, @codewhisperer84 breaks down the full authentication flow and demonstrates how to interact with every stage using the #Titanis toolset. Read it now! hubs.la/Q04dcFgv0
3
73
182
12,167
Jim Sykora retweeted
ShareHound: Mapping rights of network shares using bloodhound OpenGraph, by @podalirius_
github.com/p0dalirius/shareh…
11
42
2,968
Jim Sykora retweeted
May 1
@Octoberfest73 I remember you once posted a quirk of impacket that could be used as an ioc so I thought you’d like this list of 50 impacket IOCs😄 github.com/ThatTotallyRealMy…
3
55
229
24,667
Jim Sykora retweeted
Apr 30
This second blogpost concludes @yaumn_'s research on #Windows authentication reflection.
He discloses the new Kerberos authentication coercion technique he discovered to remotely compromise Windows systems 💥
A little bonus is even included at the end 👀👇
synacktiv.com/en/publication…
2
56
125
11,756
Jim Sykora retweeted
Apr 27
Just added krb5 auth over ADWS in my tool SOAPy. I noticed since SOAPy released 2 yrs ago with the first ADWS python code nobody had implemented krb5 auth in python.
Check it out here, and stay tuned for an upcoming blog post big release 👀
github.com/logangoins/SOAPy/
1
39
124
9,478
Jim Sykora retweeted
Apr 27
ICYMI 👀
@_Mayyhem & Javier Azofra Ovejero shipped MSSQLHound in Go. Same lab, 17 min → under 17 sec
Cross-platform, SOCKS, Kerberos/NT hash auth, 37 BloodHound edges with pathfinding. If MSSQL isn't in your attack paths yet, it should be. ghst.ly/4cUKgtJ
5
22
1,777
Jim Sykora retweeted
New Titanis release => github.com/trustedsec/Titani…
The new Dsrep lets you dump secrets from AD, Ldap supports queries for DNS records and timestamp conversions, Dcom supports dotted-property notation, along with other enhancements and fixes.
2
30
86
5,863
Jim Sykora retweeted
🏟️ Ludus launched 2 years ago and the community embraced and extended it with write-ups, roles, configs, and environments. We're excited to see what you build with Ludus 2! (1/4)
3
21
82
8,684
meet VMkatz, github.com/nikaiw/VMkatz
12
244
937
68,953
Jim Sykora retweeted
Titanis v0.9.205 released => github.com/trustedsec/Titani…
Major enhancements include an LDAP client, Kerberos PKINIT across the tool set, registry tool (Reg), and Sddl tool for describing/converting SDDL.
1
19
90
5,921
Jim Sykora retweeted
Mar 2
Right-click. Click an action. What could go wrong?
At #Insomnihack, @podalirius_ will reveal two command injection vulnerabilities hidden inside Windows context menus, affecting both Windows 10 and 11.
Don't miss it! ghst.ly/47adSA1
14
46
3,565