Jim Sykora @JimSycurity
I enjoy security, technology, learning, books, & the great outdoors. Trying to be human & kind. Opinions = mine. He/Him/Hän github.com/JimSycurity Minnesota, USA Joined May 2019-
Tweets19K
-
Followers2K
-
Following2K
-
Likes208K
I'm SO hyped to finally make MSSQLHound public! It's a new BloodHound collector that adds 37 new edges and 7 new nodes for MSSQL attack paths using the new OpenGraph feature for 8.0!. Let me know what you find with it! - github.com/SpecterOps/MSS… - specterops.io/blog/2025/07/2…
Entra Connect sync accounts can be exploited to hijack device userCertificate properties, enabling device impersonation and conditional access bypass. @hotnops explores cross-domain compromise tradecraft within the same tenant. Read more ⤵️ ghst.ly/3ISMGN9
BloodHound v8.0 is here! 🎉 This update introduces BloodHound OpenGraph, revolutionizing Identity Attack Path Management by exposing attack paths throughout your entire tech stack, not just AD/Entra ID. Read more from @JustinKohler10: ghst.ly/bloodhoundv8 🧵: 1/7
I publish two blog posts today! 📝🐫 The first dives into how we're improving the way BloodHound models attack paths through AD trusts: specterops.io/blog/2025/06/2… The second covers an attack technique I came across while exploring AD trust abuse: specterops.io/blog/2025/06/2…
BadSuccessor is a new AD attack primitive that abuses dMSAs, allowing an attacker who can modify or create a dMSA to escalate privileges and take over the forest. Check out @JimSycurity's latest blog post to understand how you can mitigate risk. ghst.ly/4kXTLd9
Took @akamai_research's script for BadSuccessor and improved it a bit. - runs from non domain joined systems - works in forests - prints the rights each entity has on a OU - pre-flight check if 2025 DCs are present - code changes here and there github.com/LuemmelSec/Pen…
Any data hoarders out there happen to have an ISO of Exchange 2010 RC from 2009? techcommunity.microsoft.com/blog/exchange/… And this is why I want it: techcommunity.microsoft.com/blog/exchange/…
Think NTLM relay is a solved problem? Think again. Relay attacks are more complicated than many people realize. Check out this deep dive from @elad_shamir on NTLM relay attacks & the new edges we recently added to BloodHound. ghst.ly/4lv3E31
Active Directory isn't going anywhere, but security pros lack key knowledge. 🧠 Join Jim Sykora & @DFIRdeferred at @BSidesCharm for their AD Security 101 training, which aims to give you tools to find & fix misconfigurations attackers exploit. bsidescharm.org
I'm excited that my first PRs to BloodHound/SharpHound are now in main! They remove FPs for Owns/WriteOwner edges when implicit owner rights are blocked and add OwnsLimitedRights and WriteOwnerLimitedRights edges when ACEs grant permissions to the OWNER RIGHTS SID. More to come!
I'm excited that my first PRs to BloodHound/SharpHound are now in main! They remove FPs for Owns/WriteOwner edges when implicit owner rights are blocked and add OwnsLimitedRights and WriteOwnerLimitedRights edges when ACEs grant permissions to the OWNER RIGHTS SID. More to come!
Want to reach an audience of security and technology leaders? Interested in promoting your organization's mission? Looking for a smaller event with outsized industry impact? Sponsor BSidesCharm 2025 (buff.ly/4fGykLj )!
A few weeks ago I did a podcast with @TechBrandon and Jake from @TrimarcSecurity. (Link below) Anyway, I am going back on the show next Friday 11/22 to help raise money for @GirlsWhoHack. Watch this for info: Redact dot link slash trimarc: Redact.link/trimarc
My @MSFTBlueHat talk "Deprecating Azure AD Graph API is Easy and Other Lies We Tell Ourselves" is now on Youtube! Link to recording & slide deck at aadinternals.com/talks/
We're gettin' nerdy on tomorrow's Trimarc Happy Hour livestream 🤓 Friday, November 8th, our hosts will be joined by James Spencer, Jeff McJunkin (@jeffmcjunkin), and Mike Soule (@MySnozzberries) to discuss the Monash Enterprise Access Model (MEAM) framework. MEAM is an…
msft has flipped a switch and now every user in *your* org can get a trial license for m365 copilot "without an admin's help", by default this includes building their own custom agents (!) turn this off at admin -> self-service purchase -> Do not allow
You can find my @MSFTBlueHat #BlueHat presentation slides on my GitHub at the below URL. Thanks to the organizers for having me and for those that attended my talk! github.com/h4wkst3r/Confe…
First round of ticket sales is TOMORROW. Your refresher course on ticket sales starts here: shmoocon.org/general-inform…
Justin Elze @HackingLZ
65K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
Nathan McNulty @NathanMcNulty
17K Followers 1K Following Loves Jesus, loves others | Husband, father of 4, security solutions architect, love to learn and teach | Microsoft MVP | @TribeOfHackers | 🦋@nathanmcnulty.com
Florian Roth ⚡️ @cyb3rops
206K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
Matt Zorich @reprise_99
14K Followers 2K Following @Microsoft Security | https://t.co/HWozKuixTi | Tweets are my own
Dr. Nestori Syynimaa @DrAzureAD
20K Followers 2K Following Principal Identity Security Researcher at Microsoft. Ex-Secureworks. (MSc, MEng, PhD, CITP, CCSK). And yes, opinions are my own ;)
Jake Williams @MalwareJake
142K Followers 2K Following Breaker of software | VP R&D @hunterstrategy | CTI/DFIR | @ians_security faculty | Bookings: jake at malwarejake dot com | GSE #150 | He/him
Mick Douglas 🇺🇦... @bettersafetynet
30K Followers 568 Following Consultant for InfoSec Innovations | @SANSInstitute Principal Instructor | @IANS_Security Faculty | I like information security. How about you?
Fabian Bader @fabian_bader
9K Followers 813 Following #Security #Azure #AAD #MDE #M365 #AD #PKI Microsoft MVP Tweets and opinions are my own @[email protected]
Ru Campbell @rucam365
8K Followers 1K Following Microsoft Security MVP • Dad, metal, lifting, wrestling, cars • Author, Mastering Microsoft 365 Defender • @Threatscape • @M365SandCUG • https://t.co/CaVgOm8IvJ
Steve Syfuhs @SteveSyfuhs
16K Followers 2K Following Windows and Authentication at Microsoft. Developer. Mostly dog pictures. Might actually be two dogs in a trench coat. 🇺🇸 / 🇨🇦 @syfuhs.net on blue sky
DebugPrivilege @DebugPrivilege
40K Followers 2K Following Windows Nerd | Ex-MSFT | Microsoft MVP in Windows | Interested in Security, Debugging, and Windows Internals.
Kαι @0xUrbanWolf
17K Followers 276 Following I never brag how real I keep it, cuz it's the best secret — Nas, Take It In Blood
Accidental CISO @AccidentalCISO
57K Followers 2K Following I accidentally became the CISO. I didn't want this job, but the job chose me. I'm scared, and I want to go home.
Joe Stocker @ITguySoCal
8K Followers 1K Following Christian Family Man, CEO of Patriot Consulting (Microsoft Security Partner) Author of "Securing Microsoft 365" Microsoft MVP (Security) (2020-present)
Merill Fernando @merill
19K Followers 4K Following Product Manager @microsoft | Tweets my own Built → https://t.co/ujxKqxXjf2 • https://t.co/QbUp63ffXf • Graph XRay • https://t.co/tSWrIw8Ajh 📰 Newsletter→ https://t.co/tPzAEl0Zuq 🎙️ Podcast→ https://t.co/TBlNKTzn8t
Justin Bollinger @Bandrel
6K Followers 2K Following hacker, finder of EKUwu (CVE-2024-49019) https://t.co/XQuqk8nGG6
💻 Sherrod DeGrippo... @sherrod_im
36K Followers 7K Following Weird security voyeur. Vibe merchant. CISO of your 🩷 Official USPS fan account. 🎉 Host of THE Microsoft Threat Intelligence Podcast. I like crime actors.
Brian in Pittsburgh @arekfurt
7K Followers 777 Following Former attorney, current IT & infosec consultant in the 'Burgh. Happy to talk about password spraying one minute and constitutional law the next. Son of #wvu.
Khalid @NextPoint_Be
36 Followers 335 Following Freelance | Microsoft IAM Security Architect | Cloud Security Architect | #MSIntune #AzureAD #IAM #CloudSecurity #CyberSecurity | 🇵🇸
Troy Barnhart @Bjarniji
319 Followers 6K Following RoadsLessTravelled, SysAdmin/Infosec, Nvr Enuff Books/Guns/Whiskey, NAP, Meditation, Husband, INTP, LoudPipes, RTFM, KE0JPC, Pronouns are Shall/Not/Be/Infringed
vRico @VMSecurity_org
9 Followers 58 Following IT security consultant | AD & VMware hardening expert | Founder @HUME_IT | 25+ yrs in IT | Helping orgs secure infrastructure before it's too late.
Gunnar Beatty @GunnarB75920
88 Followers 4K Following
Ropi @Ropi039099
48 Followers 2K Following
Greg Bailey @GRBail
742 Followers 2K Following Analyst @HuntressLabs | Instructor @SANSInstitute | neo-hippie | grateful dad | all around nice guy
yad90r3Z @yad90r3Z
104 Followers 787 Following https://t.co/FPjQrmeccV https://t.co/BgbLKTNAgJ https://t.co/zmpgiifwOK
Olaf Hartong @olafhartong
17K Followers 965 Following @FalconForceTeam | researcher with a camera | Microsoft MVP | Snow man role model
aabbc123asd @lzzbb111
3 Followers 793 Following
Rick Prince @rickos__
0 Followers 4 Following
Xieigar @Xieigar430425
22 Followers 1K Following
Nigeec @Nigeec805
16 Followers 544 Following
YASSINE ikopaama @yassineikopa
178 Followers 736 Following
jpg0mez @jpgp__
70 Followers 470 Following
Anshuman Srivastava @TweetAnshumaan
375 Followers 6K Following Networking + Cyber Security - Firewalls + Ethical Hacking & Penetration Testing Enthusiast
Clément Notin @cnotin
6K Followers 975 Following 😈 Security research (#ActiveDirectory #EntraID) & pentest 🎉 #CTF @tipi_hack 👨💼 Works @TenableSecurity, opinions my own 🪂 https://t.co/4HRwJQ6PUm
Swissky @pentest_swissky
20K Followers 2K Following RedTeam | Pentest Author of PayloadsAllTheThings & SSRFmap https://t.co/w1ZLRqoafG
Steven @0xthirteen
3K Followers 900 Following Working to become smarter everyday. Adversary Simulation Service Architect @SpecterOps.
catdogcat @sojudeficiency
14 Followers 468 Following
ShaulR @Shaul166
19 Followers 296 Following
maeru @m8r1us
256 Followers 638 Following Offensive & Defensive Security Consultant | @scipag #RedTeam | @m8r1us on most other platforms
Nutthkr @nutthkr_ifp
26 Followers 2K Following
Umarex @UmaRex01
84 Followers 681 Following Red Team Operator | Windows Security Researcher | Reverse Engineer | Keyboard Punching Expert
ólà🇳🇬 @dejji_ola
796 Followers 2K Following •cybersecurity student• •Love,peace and prosperity•🕊️. @chelseafc and @ATLhawks fan
whitecyberduck @whitecyberduck
4K Followers 649 Following Ayub Jabril Yusuf | 🇸🇴🇺🇸 (he/him) | Hacker @SpecterOps | GSE • OSCP
TheCyberCPA @InfoSecCPA
101 Followers 991 Following All things #cyber. Follow me to see how cyber risk impacts financial statements. I have too many certs. Opinions not advice.
Darren Webb ☠🕷 @spyd3r
1K Followers 7K Following Computational demonologist. The following tweets are classified SECRET GOLD JULY BOOJUM. 101 824 5150
Cognitron, PhD @guerillahax
183 Followers 3K Following
FranchFrais @FranchFrais
0 Followers 270 Following
nemo @JosephKanko4
215 Followers 3K Following Passionate about Ethical Hacking | CTF Player | I explore the vulnerabilities
Kijal @Kijal9801
37 Followers 1K Following
Jan Geisbauer @JanGeisbauer
2K Followers 650 Following Trying to find a path in the fog. Head of Security @glueckanja & Microsoft Security MVP.
Thestta @Thesttaj7elf
49 Followers 2K Following
Flawtou @Flawtou5n6
41 Followers 1K Following
Hussein Sherafat @Hussein_Sherafa
233 Followers 6K Following
Iebeesaw @Iebeesaw325118
23 Followers 1K Following
Justin Elze @HackingLZ
65K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
Dave Kennedy @HackingDave
223K Followers 6K Following Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Pod. God + Family/Hacker/CSO/USMC/Intel/Fitness. Make the world a better place.
Nathan McNulty @NathanMcNulty
17K Followers 1K Following Loves Jesus, loves others | Husband, father of 4, security solutions architect, love to learn and teach | Microsoft MVP | @TribeOfHackers | 🦋@nathanmcnulty.com
Florian Roth ⚡️ @cyb3rops
206K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
Matt Zorich @reprise_99
14K Followers 2K Following @Microsoft Security | https://t.co/HWozKuixTi | Tweets are my own
Dr. Nestori Syynimaa @DrAzureAD
20K Followers 2K Following Principal Identity Security Researcher at Microsoft. Ex-Secureworks. (MSc, MEng, PhD, CITP, CCSK). And yes, opinions are my own ;)
Jake Williams @MalwareJake
142K Followers 2K Following Breaker of software | VP R&D @hunterstrategy | CTI/DFIR | @ians_security faculty | Bookings: jake at malwarejake dot com | GSE #150 | He/him
Mick Douglas 🇺🇦... @bettersafetynet
30K Followers 568 Following Consultant for InfoSec Innovations | @SANSInstitute Principal Instructor | @IANS_Security Faculty | I like information security. How about you?
Jen Gentleman 🌺 @JenMsft
94K Followers 231 Following I work on the Windows engineering team at Microsoft and help with feedback for Start menu, Settings, taskbar, input + more
Fabian Bader @fabian_bader
9K Followers 813 Following #Security #Azure #AAD #MDE #M365 #AD #PKI Microsoft MVP Tweets and opinions are my own @[email protected]
Ru Campbell @rucam365
8K Followers 1K Following Microsoft Security MVP • Dad, metal, lifting, wrestling, cars • Author, Mastering Microsoft 365 Defender • @Threatscape • @M365SandCUG • https://t.co/CaVgOm8IvJ
Steve Syfuhs @SteveSyfuhs
16K Followers 2K Following Windows and Authentication at Microsoft. Developer. Mostly dog pictures. Might actually be two dogs in a trench coat. 🇺🇸 / 🇨🇦 @syfuhs.net on blue sky
rootsecdev @rootsecdev
26K Followers 1K Following Senior Security Consultant @TrustedSec | Military grade meme poster, researcher, cloud penetration tester, voider of warranties. My thoughts are my own.
DebugPrivilege @DebugPrivilege
40K Followers 2K Following Windows Nerd | Ex-MSFT | Microsoft MVP in Windows | Interested in Security, Debugging, and Windows Internals.
chompie @chompie1337
83K Followers 1K Following hacker, weird machine mechanic, X-Force Offensive Research (XOR)
Kαι @0xUrbanWolf
17K Followers 276 Following I never brag how real I keep it, cuz it's the best secret — Nas, Take It In Blood
Accidental CISO @AccidentalCISO
57K Followers 2K Following I accidentally became the CISO. I didn't want this job, but the job chose me. I'm scared, and I want to go home.
Joe Stocker @ITguySoCal
8K Followers 1K Following Christian Family Man, CEO of Patriot Consulting (Microsoft Security Partner) Author of "Securing Microsoft 365" Microsoft MVP (Security) (2020-present)
vRico @VMSecurity_org
9 Followers 58 Following IT security consultant | AD & VMware hardening expert | Founder @HUME_IT | 25+ yrs in IT | Helping orgs secure infrastructure before it's too late.
Rob Winchester @robwinchester3
1K Followers 229 Following Vice President @SpecterOps | Former USAF | Problem Solver
Andrew Chiles @AndrewChiles
2K Followers 687 Following Works @ SpecterOps, Red Teamer, Amateur Photographer, Health Nut, Husband, Father, #wreckingball
Dave W Plummer @davepl1968
88K Followers 74 Following Hi! I'm Dave Plummer. You might remember me from such Windows components as Task Manager, Windows Pinball, Calc, ZIPFolders, Product Activation, etc. Cheers!
whitecyberduck @whitecyberduck
4K Followers 649 Following Ayub Jabril Yusuf | 🇸🇴🇺🇸 (he/him) | Hacker @SpecterOps | GSE • OSCP
Cerbersec @cerbersec
4K Followers 203 Following I make things to break things | non-Blue Team @NVISOSecurity | Opinions are my own
Pavel Formanek @pavelfor
20 Followers 84 Following
Active Directory Thin... @ADAllTheTime
3K Followers 718 Following Microsoft Certified Master (MCM): Active Directory. Previously AD field engineer at Microsoft. Notes from the field & the lab (@duff22b)
Not Sean Metcalf @MetcalfNot
4 Followers 10 Following Founder of TRIMAC Security, not a Microsoft MVP, not a Microsoft Certified Master. Master of R de-duplication and compression and hobby mimikatz breeder.
rand0h @dakacki
23K Followers 1K Following Dogfather / Goon / @WSIIAOfficial / Existing in bluer skies @ https://t.co/ROEAl8ngeA / https://t.co/m3LR3M8mBX
Cam @SecretlyHidden1
2K Followers 229 Following Former full time bug bounty hunter - now doing security stuff at places :)
Nitesh Surana @_niteshsurana
689 Followers 1K Following Cloud Research w/ Trend Micro | Opinions/retweets are personal reflections | Metalhead | If you can, be kind.
Microsoft MVP Communi... @MVPAward
48K Followers 2K Following The official Twitter account of the Microsoft Most Valued Professional (MVP) and Regional Director (RD) Programs. Follow for news, updates, and much more.
Kathleen is grateful @YesItsKathleen
5K Followers 5K Following Connecting people & communities @BSidesLV @BSidesCharm @clearedjobsnet Podcast Host https://t.co/rcOHo65cTd
Artur Marzano @MacmodSec
516 Followers 573 Following CyberSecurity Analyst, Computer Scientist & Programmer
Andrew Krug @andrewkrug
1K Followers 544 Following Southern Oregon Based Security/InfoSec and Saxophone Maven. Cloud Security Instructor for @Antisy_Training. #datadog https://t.co/9lsBAYALTp
OtterHacker @OtterHacker
7K Followers 77 Following Professional redteamer and malware development enthusiast ! I will share some tips and experiences. Look at my work here : https://t.co/cxLBvW7pcI
Videoman moved to Blu... @_videoman_
2K Followers 1K Following I moved to BlueSky https://t.co/Y8WofXlBGg
Fond du Lac Band of L... @FondduLacBand
142 Followers 81 Following Fond du Lac Reservation is 1 of the 6 Bands of the Minnesota Chippewa Tribe. We have always been, and continue to be, a proud sovereign Ojibwe Nation. Miigwech
IAM Ryan | Cybersecur... @TheImmaturedad
4K Followers 940 Following #IAMEngineer | #Gamer | #Tech | #AI #AnimeAddict | #CoffeeConnoisseur| my post do not represent my employer
PostgreSQL @PostgreSQL
54K Followers 1 Following PostgreSQL - The world's most advanced Open Source Database
Christopher Brumm @cbrhh
540 Followers 386 Following ITSec Pro focussed on MS Cloud Stuff 🔸 https://t.co/9s9ch0QL2D
Katie Knowles @_sigil
2K Followers 303 Following Senior Security Researcher @ Datadog. 🐕 Head in the (Azure) clouds. Sometimes blogging, always curious. Aim to be, rather than to seem.
Malcrove - Next Gener... @malcrove
90 Followers 7 Following Malcrove is a cyber security firm dedicated to protecting government and private enterprise throughout MENA against the latest cyber threats.
kristinahotz @kristinahotz
166 Followers 26 Following Principal PM Manager at Microsoft, working on Microsoft Entra.
Doug @dougsbaker
636 Followers 333 Following Microsoft Security & Compliance enthusiast 💻 Helping people navigate M365💡 Youtuber 🎥 Tweeting tips and tricks 💬 Making the digital world a safer place
Christian Bortone @xybytes
168 Followers 112 Following
Sabi @sabi_elezi
184 Followers 1K Following
Nic Losby @Blurbdust
657 Followers 963 Following Red Teamer | He/Him | Obligatory opinions don't reflect employer | Occasional terrible developer of tools | PGP: 826087AF5C6653F0BAACA1C5E4CE747DEA558A13
Rogier Dijkman | Micr... @DijkmanRogier
796 Followers 655 Following Cloud Security Researcher | Developer | Author | SecureHats | Marathoner | #PowerShell, #ARM, #GitHub #DevOps #CLI #Security, #KQL Enthusiast
Mux @muxluxx
610 Followers 233 Following Resident Goof ball, resin pourer, Technology nerd and professional, co-running @DC602 and student of @admiral_potato
Balthasar @BalthasarMartin
218 Followers 241 Following Red team lead @ https://t.co/fkrENrHmF5 @[email protected] (he/him)
david+ @2BuckDave
710 Followers 129 Following Director of Security Strategy @ Microsoft. Passionate about family, cars, cooking, identity, travel, and weighted blankets. 😉
Daniel Bradley @DanielatOCN
1K Followers 257 Following Microsoft MVP, blogger and I write a little PowerShell
Zach Stein @synzack21
671 Followers 403 Following Red Teamer | Penetration Tester | AD Nerd | Adversary Simulation @SpecterOps
Rack Robotics @RackRobotics
5K Followers 46 Following Building 🇺🇸 America’s next-generation robotic tools | wire EDM ⚡️Trends for United States
You might like
