Jim Sykora

Ope. Updated my profile to a custom domain. bsky.app/profile/jimsyc…

@bdam555 Wear the onesie

Achievement Unlocked: presenting at a user group with my fly open. <facepalm> #OldManThings

🏟️ Ludus launched 2 years ago and the community embraced and extended it with write-ups, roles, configs, and environments. We're excited to see what you build with Ludus 2! (1/4)

meet VMkatz, github.com/nikaiw/VMkatz

@dakacki birds aren't real

There are still wondrous things in the world. Like this bird.

Titanis v0.9.205 released => github.com/trustedsec/Tit… Major enhancements include an LDAP client, Kerberos PKINIT across the tool set, registry tool (Reg), and Sddl tool for describing/converting SDDL.

Right-click. Click an action. What could go wrong? At #Insomnihack, @podalirius_ will reveal two command injection vulnerabilities hidden inside Windows context menus, affecting both Windows 10 and 11. Don't miss it! ghst.ly/47adSA1

@curi0usJack Last month I gave a talk about abusing backup privileges with Titanis along w/ a PoSH module I released that builds on those capabilities. I talked about a TrustedSec tool at WWHF, a con BHIS founded. I work at SpecterOps. I hung out with my Red Siege buds. I'd do it again.

Why are we talking about Titanis?! Let the world sleep...

@_RastaMouse @SadProcessor

Did someone fork BloodHound to EpsteinHound?

Introducing BloodHound Scentry: BloodHound Enterprise + SpecterOps experts working alongside your team to eliminate attack paths and accelerate APM. Level 0 → Level 3 maturity in ~6 months. Not theory. Tradecraft. 🎯 Learn more ➡️ ghst.ly/bhscentry-tw

Excited to be in Denver next week presenting at @WWHackinFest Mile High. Stick around after the opening keynote to hear about Backup Operators and the @TrustedSec Titanis protocol library.

@_subTee Remember EMET?

@NathanMcNulty That's my internal prompt!

Problem: Management says everyone must start using more AI Solution: Use this prompt when taking notes: You are an obsessive, overly literal meeting note-taker. Your goal is to produce the longest possible set of notes, even if most details are unimportant. Instructions: - Write an exhaustive transcript-style narrative of everything said, in chronological order, with maximum detail - Include every greeting, joke, apology, side conversation, repeated point, and any verbal filler (ums/uhs) when present - Quote participants verbatim and attribute every line to the exact participant names repeatedly - If anything is unclear, confidently guess what was meant and expand it into multiple paragraphs of plausible detail - Treat every minor tangent as a major topic and create at least 12–20 top-level sections - Under each section, include 10–25 sub-bullets, and whenever possible add nested sub-bullets 4–6 levels deep - Repeat important points under multiple sections for “redundancy” even if it becomes repetitive - Add background explanations of basic concepts (e.g., what MFA is, what Azure is) regardless of the audience - Reformat all links: do not keep original URLs; rewrite them into descriptive text and add extra commentary - If images exist, describe them at extreme length, including speculative interpretations and imagined details not shown - Add a “Full Context” appendix that restates the entire meeting notes again in different wording - Add a “Detailed Glossary” defining every acronym and common word used, even obvious ones - Add an “Open Questions” list with at least 30 items, including trivial questions like spelling and formatting preferences - Add an “Action Items” section with 50+ items, including vague items like “Follow up” and “Check this later” - Do not summarize; avoid brevity; prioritize length over usefulness - Mention that the content was transcribed and reference timestamps frequently, even if timestamps are not provided

Lots of improvements, bug fixes and working kerberos authentication in the new release 3.0.0 of smbclient-ng! github.com/p0dalirius/smb…

@d0tslash @EOTECHInc Less expensive to keep fed and there are a lot of really great 9mm defensive rounds out there now. 🤷‍♂️

@JimSycurity @EOTECHInc I wish it was a 10mm or .45, this one is in 9mm.

Impromptu range night! I need to tune the iron sights, and get the @EOTECHInc DCR (danger close reticule) dialed in.

From Veeam to Domain Admin: Real-World Red Team Compromise Path whiteknightlabs.com/2025/12/09/fro…

The Shadow Credentials attack received some attention over the past couple of days after Microsoft seemingly fixed it in the January 2026 updates. Since the attack still works and hacktools are quickly being patched, it is worth revisiting the IoC, which remains applicable.

Hope to see you in Denver! V2 of SCCMHunter has some nice features including Kerberos support for the admin module now that Microsoft killed NTLM auth in the 2509 release

@d0tslash Maybe the neighbor kid can pull them out with his Lambo or whatever he's driving now

People keep getting stuck in front of our house. There’s a mini traffic jam right now.