Jim Sykora @ TROOPERS

19K posts

Jim Sykora @ TROOPERS banner
Jim Sykora @ TROOPERS

Jim Sykora @ TROOPERS

@JimSycurity

I enjoy security, technology, learning, books, & the great outdoors. Trying to be human & kind. Opinions = mine. He/Him/Hän

Minnesota, USA Katılım Mayıs 2019
2K Takip Edilen2.6K Takipçiler
Jim Sykora @ TROOPERS
Jim Sykora @ TROOPERS@JimSycurity·
@_xpn_ It's your brain trying to procrastinate the thing you actually need to do by inventing new side quests to chase. The trick is to have a task you must do that's even more procrastination-worthy, like a plumbing issue.
English
0
0
1
87
Adam Chester 🏴‍☠️
Why do all the interesting ideas pop into your brain when you have something else to focus on??!!!
GIF
English
8
0
43
3K
Karl
Karl@kfosaaen·
I had several people asking about our presentation setup for the talk this week, so I figured I’d share it here. For the last few years, I’ve been using an iPad mini with a USB-C dock. I typically plug a USB presentation clicker into the dock, along with HDMI out.
Karl tweet mediaKarl tweet media
English
3
2
39
7.1K
Jim Sykora @ TROOPERS retweetledi
LeoDaVinciWave
LeoDaVinciWave@LeoDaVinciWave·
The famous Cookie Monster Agate Geode was discovered by gemologist Lucas Fassari in Brazil in 2020.
LeoDaVinciWave tweet media
English
13
201
2.2K
32.4K
Jim Sykora @ TROOPERS
Jim Sykora @ TROOPERS@JimSycurity·
@_xpn_ 40C in Germany this week too :( I mean, we get that in Minnesota too. In August...
English
0
0
0
280
Jim Sykora @ TROOPERS retweetledi
📔 Michael Grafnetter
📔 Michael Grafnetter@MGrafnetter·
Putting the final touches on my @WEareTROOPERS slide deck for next week. For the first time, I’ll be demoing the decryption of BitLocker drives, DNSSEC keys, and ASP.NET Core secrets using KDS root keys, plus hybrid Golden [gd]MSA attacks. troopers.de/troopers26/tal…
📔 Michael Grafnetter tweet media
English
3
10
26
4.4K
Jim Sykora @ TROOPERS retweetledi
ar0x
ar0x@_ar0x4·
Releasing Tunnel Vision Toolkit, part of my @x33fcon talk on Microsoft Global Secure Access. Includes BOFs to assist in engagements where you face GSA, plus a rogue client that lets you connect to internal resources from unmanaged devices. github.com/ar0x4/tunnel-v…
English
2
41
97
12.9K
Jim Sykora @ TROOPERS retweetledi
SpecterOps
SpecterOps@SpecterOps·
ICYMI: @0xr0BIT joined #KnowYourAdversary for a discussion on how scheduled tasks store creds, why they frequently appear during security assessments, & how TaskHound helps operators & defenders visualize these relationships directly within BloodHound. 👀 ghst.ly/4x4qGmU
English
0
3
9
2.1K
Jim Sykora @ TROOPERS retweetledi
Adam Chester 🏴‍☠️
This post was published as part of the @SpecterOps "GhostWorks" initiative.. exciting times, can't wait to show what we've been doing \o/ #h-a-tradecraft-approach-to-ai-nbsp" target="_blank" rel="nofollow noopener">specterops.io/blog/2026/06/0…
Adam Chester 🏴‍☠️@_xpn_

New blog post is up looking at what GEPA is, and how it can be used for refining prompts for security agents. specterops.io/blog/2026/06/0…

English
0
9
32
5.3K
Jim Sykora @ TROOPERS retweetledi
SpecterOps
SpecterOps@SpecterOps·
U2U powers UnPAC-the-Hash and chains into Shadow Credentials and ADCS ESC attacks, but most resources skip the “how.” @GrayHatKiller breaks down Kerberos U2U auth from the RFC to Windows’ divergences—and why modern attacks rely on it. ghst.ly/4egy4TT
English
0
21
39
2.6K
Jim Sykora @ TROOPERS retweetledi
Robin Granberg
Robin Granberg@ipcdollar1·
Regarding Active Directory permissions, most people assume that a Deny ACE always wins. It doesn't! Windows stops the access check the moment enough rights are granted — any ACE after that point is never evaluated. New post: managedpriv.com/blog/acl-canon…
English
1
7
19
1.6K
Jason Lang
Jason Lang@curi0usJack·
Have spent all day working on SPEC.md (spec driven development). This has been a rather slow and tedious exercise, but admittedly I'm a fan of being forced to truly think through everything before entering the dev -> prompt change cycle. It really helped to have Claude look at my spec and fill in missing gaps for review/changes.
English
2
1
11
1.5K
Jim Sykora @ TROOPERS retweetledi
Robin Granberg
Robin Granberg@ipcdollar1·
The .NET ActiveDirectorySecurity API was built for helpdesk scripts, not ACL fidelity. If you're using it for backup, migration, or exact cloning — you're going to have a bad time. New post: the 9 design problems you need to know. bit.ly/3Rl635L
English
1
3
18
1.3K
Jim Sykora @ TROOPERS retweetledi
SpecterOps
SpecterOps@SpecterOps·
Found a Tailscale API key on an assessment? In their latest research, @KingOfTheNOPs & @Sw4mp_f0x created TailscaleHound to turn your Tailnet into a BloodHound graph to visualize access paths between Azure & Tailscale. Check it out ⤵️ ghst.ly/4nJkgFF
English
0
20
55
3.3K
Jim Sykora @ TROOPERS retweetledi
r0BIT
r0BIT@0xr0BIT·
shipping: WinSSHound maps SSH access in AD as BloodHound paths. because Windows OpenSSH cheerfully ignores your "Deny Logon" GPOs (pre-2025) and on a default sshd_config every Authenticated User in the domain can walk right in. Why? Because Microsoft. github.com/1r0BIT/WinSSHo…
English
0
68
209
12.5K