Jim Sykora

Ope. Updated my profile to a custom domain. bsky.app/profile/jimsyc…

shipping: WinSSHound maps SSH access in AD as BloodHound paths. because Windows OpenSSH cheerfully ignores your "Deny Logon" GPOs (pre-2025) and on a default sshd_config every Authenticated User in the domain can walk right in. Why? Because Microsoft. github.com/1r0BIT/WinSSHo…

@d0tslash I keep a couple stacks of beef jerky in my pocket. Never go hungry and dogs love me.

The lady at the taco shop told me today she notices I never wear necklaces or jewelry. I told her “yeah, I stack silver instead”, and pulled my pocket silver out. In the most adorable way she goes “omg it’s so heavy!” 😂 youtube.com/watch?v=8RxpRD…

In his latest research, @_xpn_ tears apart VS Code Dev Tunnels and finds a C2 framework underneath — REST → WebSocket → SSH → MsgPack RPC, remote exec, file ops. Find the Ouroboros tool and protocol breakdown at the link! 👇 ghst.ly/4mZ4arb

How well do you really understand what's happening inside a #Kerberos exchange? In our latest blog, @codewhisperer84 breaks down the full authentication flow and demonstrates how to interact with every stage using the #Titanis toolset. Read it now! hubs.la/Q04dcFgv0

ShareHound: Mapping rights of network shares using bloodhound OpenGraph, by @podalirius_ github.com/p0dalirius/sha…

@Octoberfest73 I remember you once posted a quirk of impacket that could be used as an ioc so I thought you’d like this list of 50+ impacket IOCs😄 github.com/ThatTotallyRea…

This second blogpost concludes @yaumn_'s research on #Windows authentication reflection. He discloses the new Kerberos authentication coercion technique he discovered to remotely compromise Windows systems 💥 A little bonus is even included at the end 👀👇 synacktiv.com/en/publication…

@_subTee I trace that exact moment to the point in time where I thought security was some policies and risk assessments crap to making my network a hostile place for attackers.

Just added krb5 auth over ADWS in my tool SOAPy. I noticed since SOAPy released 2 yrs ago with the first ADWS python code nobody had implemented krb5 auth in python. Check it out here, and stay tuned for an upcoming blog post + big release 👀 github.com/logangoins/SOA…

ICYMI 👀 @_Mayyhem & Javier Azofra Ovejero shipped MSSQLHound in Go. Same lab, 17 min → under 17 sec Cross-platform, SOCKS, Kerberos/NT hash auth, + 37 BloodHound edges with pathfinding. If MSSQL isn't in your attack paths yet, it should be. ghst.ly/4cUKgtJ

New Titanis release => github.com/trustedsec/Tit… The new Dsrep lets you dump secrets from AD, Ldap supports queries for DNS records and timestamp conversions, Dcom supports dotted-property notation, along with other enhancements and fixes.

@IAMERICAbooted @atheosblazezero @SpecterOps It's definitely not that easy. Properly modeling of the attack graph for all pertinent scenarios, accounting for important edge cases without attempting to account for all edge cases, and thoroughly validating the results is challenging and not quick.

@atheosblazezero @SpecterOps I dont think its that easy. The goal would be how you get from prompt to access to other systems and ultimately co trol the entperise via prompt when that was never intended.

Hey @SpecterOps , we need BloodHound for agentic systems :p

@bdam555 Wear the onesie

Achievement Unlocked: presenting at a user group with my fly open. <facepalm> #OldManThings

🏟️ Ludus launched 2 years ago and the community embraced and extended it with write-ups, roles, configs, and environments. We're excited to see what you build with Ludus 2! (1/4)

meet VMkatz, github.com/nikaiw/VMkatz

@dakacki birds aren't real

Titanis v0.9.205 released => github.com/trustedsec/Tit… Major enhancements include an LDAP client, Kerberos PKINIT across the tool set, registry tool (Reg), and Sddl tool for describing/converting SDDL.

Right-click. Click an action. What could go wrong? At #Insomnihack, @podalirius_ will reveal two command injection vulnerabilities hidden inside Windows context menus, affecting both Windows 10 and 11. Don't miss it! ghst.ly/47adSA1

@curi0usJack Last month I gave a talk about abusing backup privileges with Titanis along w/ a PoSH module I released that builds on those capabilities. I talked about a TrustedSec tool at WWHF, a con BHIS founded. I work at SpecterOps. I hung out with my Red Siege buds. I'd do it again.

Why are we talking about Titanis?! Let the world sleep...

@_RastaMouse @SadProcessor

Did someone fork BloodHound to EpsteinHound?