📋 Biography
Jim Sykora has been doing systems administration and testing security boundaries since before Microsoft Windows was launched. Jim has worked in education, manufacturing, ISPs, logistics, MSPs, financial institutions, and security consulting. He enjoys improving environments to create lonely places for adversaries, in-depth research, allowing curiosity to dig deep into security rabbit holes, and the great outdoors. Jim is currently a Security Researcher at SpecterOps with a focus on identity, specifically Active Directory and hybrid identity, with a goal of expanding the attack graph and helping organizations with attack path management.
✨ High-Impact Contributions 1
A comprehensive study on the AdminSDHolder privileged principal protection mechanism in Active Directory. This 159-page eBook covers the fundamentals of the Microsoft Windows access control model and explains the history of why the AdminSDHolder object and process are necessary for AD security. The book then breaks down dozens of common misconceptions, misconfigurations, and documentation inaccuracies around AdminSDHolder. For example, SDProp has nothing to do with AdminSDHolder. It is the ProtectAdminGroups background task which runs on the PDCe FSMO role holder to apply AdminSDHolder protections to privileged objects. If you want to learn about AdminSDHolder, this is the only resource you'll ever need.