DCTV logo

#DCTV is online! Jump on dctv.defcon.org for links to the #defcon33 live streams on #youtube and #twitch.

Get that #defcon however works best for you.

Yo! Practice Pentesting, Red Teaming, and MalDev in Ludus!🥰😎👻

It's DEFCON time! Time to break out the tshirts.

Black Hat is done, now it's time for the final con of the week, and probably the best.

Come play in one of the two Kubernetes Capture the Flag events we're facilitating at #DEFCON 33!

Fri – Sun : Learning CTF w/ Walkthrough

Saturday: Competitive CTF

First Place Prize (for a team on-site at DEF CON) is a Bambu Labs A1 Mini 3D printer!

containersecurityctf.com

@defcon.bsky.social

In Vegas for hacker summer camp and trying to get food without breaking the bank? I vibed a simple map site: defconfood.badsectorlabs.com

Come see Ludus at the embedded Systems Village - hack an IP camera, see the new UI, and get a sticker!

Last Week in Security (LWiS) - 2025-07-28 VMware Tools LPE (@justbronzebee), Adaptix C2 0.7 (@hacker_ralf), Ludus MCP (@__Mastadon), SOAP(y) (@_logangoins), and more!

VMware Tools LPE (@justbronzebee), Adaptix C2 0.7 (@hacker_ralf), Ludus MCP (@__Mastadon), SOAP(y) (@_logangoins), and more!

blog.badsectorlabs.com/last-week-in...

ATT&CKcon 6.0 MITRE ATT&CKcon | October 14 - 15, 2025

In-person ATT&CKcon 6.0 ticket sales are open! Come join us October 14-15 at ATT&CK HQ in McLean, VA. na.eventscloud.com/attackcon6/

We're almost set to announce this year's exciting speaker lineup and will open virtual registration Sep 3rd, so stay tuned!

What’s Your Secret?: Secret Scanning by DeepPass2  - SpecterOps Discover DeepPass2 - a secret scanning tool combining BERT-based model and LLMs to detect free-form passwords, and other structured tokens and secrets with high accuracy.

Red teamers know the drill: endless file churning, hunting for passwords & tokens. 🔍

Meet DeepPass2, our new secret scanning tool that goes beyond structured tokens to catch those tricky free-form passwords too. Read Neeraj Gupta's blog post for more. ghst.ly/40HLNNA

Vaporwave flavored picture of the main pool at the Sahara Hotel and Casino in Las Vegas .

Greetings, luminous humans of #defcon! Welcome to the last weekend before #DEFCON33!

Join us Thursday from 7:30 to 10:30 at the Sahara for the KEVOPS Sellout Pool Party! Refreshing pool, delicious tacos, and DEF CON DJ’s on the ones and twos. DEF CON badge required for entry.

See you there.

The ATT&CK team is out at #hackersummercamp and happy to chat, meet up, or just share some stickers. Drop a DM or stop by an appearance if you’re interested in saying hi!

BloodHound 8.0 debuts with major upgrades in attack path management - Help Net Security BloodHound 8.0, the open-source Attack Path Management platform, features major enhancements and expanded capabilities.

BloodHound 8.0 debuts with major upgrades in attack path management

📖 Read more: www.helpnetsecurity.com/2025/08/05/b...

#cybersecurity #cybersecuritynews #opensource @specterops.io

Last Week in Security (LWiS) - 2025-08-04 AEM RCE (@infosec_au), Intune cert abuse (@_dirkjan), Entra tradecraft (@hotnops), LLMs for R&D (@kyleavery_), File System API research (@Print3M_), and more!

Last LWIS before DEF CON. Come see us in the Embedded Systems Village where we have a mini-workshop hosting an emulated camera on Ludus for you to hack!

blog.badsectorlabs.com/last-week-in...

GitHub - olafhartong/BamboozlEDR: A comprehensive ETW (Event Tracing for Windows) event generation tool designed for testing and research purposes. A comprehensive ETW (Event Tracing for Windows) event generation tool designed for testing and research purposes. - olafhartong/BamboozlEDR

During my #BHUSA talk I've released many ETW research tools, of which the most notable is BamboozlEDR. This tool allows you to inject events into ETW, allowing you to generate fake alerts and blind EDRs.

github.com/olafhartong/...

Slides available here:
github.com/olafhartong/...

So, here's a little thread on my new open source project:

The Tradecraft Garden.

tradecraftgarden.org

It's Crystal Palace, an open-source linker and linker script specialized to writing PIC DLL loaders.

And, a corpora of DLL loaders demonstrating design patterns building tradecraft with it.

Getting started w/ Mythic? We've got you covered.

@its-a-feature.bsky.social walks through the web UI basics, login process, & how to configure your default username/password. Check it out! ▶️ ghst.ly/user-interface

Watch the full series: ghst.ly/mythic-op

It's #BloodHoundBasics day!

Let's talk Tier 0 inheritance. If you're trying to unravel why some of the objects in your environment show up as Tier 0, this query will demonstrate the nuances of inheritance in 2 ways: inheritance up w/ OUs, & inheritance down w/ Groups.

🧵 1/3

This has been a LONG time coming! This is just the beginning though :) I'll be recording more videos for updates, new features, workflow enhancements, and yes - a developer series too! Be sure to let me know what you do/don't like about this format and what kinds of things you'd like to see!

Congratulations 🥳 to the top 3 teams at #PRCCDC!
1st Oregon State University
2nd George Fox University
3rd The Evergreen State College
---------------------------
Oregon State University
George Fox University
The Evergreen State College

Thank you National Collegiate Cyber Defense Competition!

ludus 1.9.2 · Bad Sector Labs / Ludus · GitLab Changelog All notable changes to this project will be documented in this file. [1.9.2]...

📢 🏟️ Ludus 1.9.2 is now available! New features include:
✅ Install Linux packages easily from range config
✅ Control Wireguard subnet traffic with custom network rules
✅ Fixed domain joining for non-English Windows and more!

Full changelog: gitlab.com/badsectorlab...

GOAD - part 14 - ADCS 5/7/9/10/11/13/14/15 In the previous blog post on ADCS (Goad Pwning Part 6), ESC1, ESC2, ESC3, ESC4, ESC6, and ESC8 were exploited.

mayfly277.github.io/posts/ADCS-p...

Regular Pricing is $560 ($540 + $20 proc.) and is available until July 18.

Late Pricing is $580 ($560 +$20 proc.) from July 19 to the close of Online Reg.

Online registration is not required. Cash-at-the-door price is$500, and you get the bonus of our world-famous LineCon.

(more)

Looking forward to running some of the new Ludus Ansible roles 💜

Our team just dropped BloodHound v7.0! 😎

Check out our latest blog post from Dev Bhatt to learn about the enhancements in this update, aimed at helping security teams visualize #AttackPaths, prioritize risks, & track remediation. ghst.ly/3CPDQwT

🧵: 1/4

We would like to congratulate the 8 teams who will be proceeding to WRCCDC Regionals 2025! We also want to recognize all the 27 teams who participated at qualifiers!

The schools who will be going to regionals are UCI, Stanford SDSU, UNR, UCSC, CSUSB, CSUN, UCD!

Congratulations to all the teams who participated in WRCCDC's 2025 Invitational 3! Hope everyone had a ton of fun!