Bad Sector Labs's Avatar

Bad Sector Labs

@badsectorlabs.com.bsky.social

Cybersecurity news, techniques, exploits, and tools every week at http://blog.badsectorlabs.com 🐘@badsectorlabs@infosec.exchange

474 Followers  |  53 Following  |  52 Posts  |  Joined: 01.11.2024  |  1.8434

Latest posts by badsectorlabs.com on Bluesky

DEF CON Las Vegas Food Map

In Vegas for hacker summer camp and trying to get food without breaking the bank? I vibed a simple map site: defconfood.badsectorlabs.com

Come see Ludus at the embedded Systems Village - hack an IP camera, see the new UI, and get a sticker!

07.08.2025 20:50 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Last Week in Security (LWiS) - 2025-08-04 AEM RCE (@infosec_au), Intune cert abuse (@_dirkjan), Entra tradecraft (@hotnops), LLMs for R&D (@kyleavery_), File System API research (@Print3M_), and more!

Last LWIS before DEF CON. Come see us in the Embedded Systems Village where we have a mini-workshop hosting an emulated camera on Ludus for you to hack!

blog.badsectorlabs.com/last-week-in...

05.08.2025 15:46 β€” πŸ‘ 1    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
Last Week in Security (LWiS) - 2025-07-28 VMware Tools LPE (@justbronzebee), Adaptix C2 0.7 (@hacker_ralf), Ludus MCP (@__Mastadon), SOAP(y) (@_logangoins), and more!

VMware Tools LPE (@justbronzebee), Adaptix C2 0.7 (@hacker_ralf), Ludus MCP (@__Mastadon), SOAP(y) (@_logangoins), and more!

blog.badsectorlabs.com/last-week-in...

29.07.2025 15:58 β€” πŸ‘ 2    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
Last Week in Security (LWiS) - 2025-07-21 PIC agents (@_RastaMouse), ToolShell, Async BOFs (@Cneelis), SCCM MP relays (@unsigned_sh0rt), RAITrigger (@ShitSecure), and more!

PIC agents (@_RastaMouse), ToolShell, Async BOFs (@Cneelis), SCCM MP relays (@unsigned_sh0rt), RAITrigger (@ShitSecure), and more!

blog.badsectorlabs.com/last-week-in...

22.07.2025 21:38 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Last Week in Security (LWiS) - 2025-07-14 LudusHound (@bagelByt3s), SpeechRuntimeMove (@ShitSecure), Havoc Pro (@C5pider), FortiWeb RCE (@SinSinology), SailPoint IQService RCE (@NetSPI), Altiris RCE (@lefterispan), WAF bypass (@nyxgeek ), and...

LudusHound (@bagelByt3s), SpeechRuntimeMove (@ShitSecure), Havoc Pro (@C5pider), FortiWeb RCE (@SinSinology), SailPoint IQService RCE (@NetSPI), Altiris RCE (@lefterispan), WAF bypass (@nyxgeek), and more!

blog.badsectorlabs.com/last-week-in...

15.07.2025 14:38 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
LudusHound: Raising BloodHound Attack Paths to Life - SpecterOps LudusHound is a tool for red and blue teams that transforms BloodHound data into a fully functional, Active Directory replica environment via the Ludus framework for controlled testing.

Ludushound shows the power of community driven innovation in cybersecurity. @bagelByt3s created an awesome tool to convert bloodhound data into a working lab in 🏟️ Ludus. Replicate complex live environments with automation - and get back to the fun stuff!

specterops.io/blog/2025/07...

14.07.2025 19:12 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Ludus The easiest way to deploy testing infrastructure

Lots of good write ups (like Citrix Bleed 2) but my favorite was seeing how 🏟️ Ludus.cloud helped Cameron Stish of Guidepoint Security find "LoopyTicket" (CVE-2025-33073).

blog.badsectorlabs.com/last-week-in...

08.07.2025 13:40 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Last Week in Security (LWiS) - 2025-06-30 Linux sleep obfs (@k0zmer), sudo vuln (@0xm1rch), self-xss trick (@slonser_), primitive injection (@trickster012), Sitecore RCE (@chudyPB ), and more!

Tons of great content released over the past few weeks. Get caught up with Last Week in Security!

blog.badsectorlabs.com/last-week-in...

01.07.2025 16:48 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Last Week in Security (LWiS) - 2025-06-09 Windows self-delete on 24H2 (@TKYNSEC), DNS rebinding (@yarlob), VSCode backdoor (@d1rkmtr), leak Google users' πŸ“ž# (@brutecat), Entra sync dumping (@hotnops), Delegations (@podalirius_), Chrome abuse ...

This week's edition is packed full of great techniques and tools! One of the longest posts we've done; there's so much cool stuff being released.

blog.badsectorlabs.com/last-week-in...

10.06.2025 15:12 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

@raphaelmudge.bsky.social summed up why we built and released Ludus open source: "Develop technologies that give individual operators and researchers LEVERAGE acting on hypothesis and make it fast to try things, adapt, and modify."

When spinning up ADCS or SCCM is 3 commands, it gives you leverage.

09.06.2025 17:07 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Want to learn pivoting this weekend? The 🏟️Ludus community created a Pivot Lab with 11 different pivoting tools! Check it out: docs.ludus.cloud/docs/environ...

06.06.2025 20:32 β€” πŸ‘ 4    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
Last Week in Security (LWiS) - 2025-06-02 Stealth syscalls (@darkrelaylabs), VM introspection (@memn0ps), Marebackup LPE (@itm4n), Azure Arc C2 (@ZephrFish), Obfusk8 (@x86byte), and more!

Stealth syscalls (@darkrelaylabs), VM introspection (@memn0ps), Marebackup LPE (@itm4n.bsky.social), Azure Arc C2 (@zephrfish.yxz.red), Obfusk8 (@x86byte), and more!

blog.badsectorlabs.com/last-week-in...

02.06.2025 22:23 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
Last Week in Security (LWiS) - 2025-05-27 BadSuccessor (@YuG0rd), o3 finds SMB 0day (@seanhn), crashing defender (@InfoGuard_Labs), MDT looting (@Oddvarmoe), and more!

BadSuccessor (@YuG0rd), o3 finds SMB 0day (@seanhn), crashing defender (@InfoGuard_Labs), MDT looting (@Oddvarmoe), and more!

blog.badsectorlabs.com/last-week-in...

27.05.2025 23:27 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

MATCH (c1:Computer)-[:MemberOf*1..]->(g:Group) WHERE g.objectsid ENDS WITH '-516' WITH COLLECT(c1[.]name) AS dcs MATCH (c2:Computer) WHERE c2.enabled = true AND (c2.operatingsystem contains '2025') AND (c2[.]name IN dcs) RETURN c2[.]name

If this query hits, you're DA: www.akamai.com/blog/securit...

21.05.2025 18:13 β€” πŸ‘ 4    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
Last Week in Security (LWiS) - 2025-05-19 Certipy 5 (@ly4k_), MobileIron pwnage (@chudyPB), new CRTO pricing (@_ZeroPointSec), Volatility 3 parity (@volatility), and more!

Certipy 5 (@ly4k_), MobileIron pwnage (@chudyPB), new CRTO pricing (@_ZeroPointSec), Volatility 3 parity (@volatility), and more!

blog.badsectorlabs.com/last-week-in...

19.05.2025 21:53 β€” πŸ‘ 5    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Cobalt Strike for free!? Adaptix C2 (@hacker_ralf) is the best open source C2 I've used since Havoc (@C5pider). Adaptix has SOCKS5, remote and local port forwards, and BOF support! Now it's easy to install the server and client, especially on 🏟️Ludus with our new role:

github.com/badsectorlab...

15.05.2025 21:26 β€” πŸ‘ 6    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Last Week in Security (LWiS) - 2025-05-12 SysAid RCE (@SinSinology + @watchtowrcyber), defendnot (@es3n1n), iOS widget hacks (@brycebostwick1), Sword of Secrets (@GiliYankovitch), and more!

SysAid RCE (@SinSinology + @watchtowrcyber), defendnot (@es3n1n), iOS widget hacks (@brycebostwick.bsky.social), Sword of Secrets (@GiliYankovitch), and more!

blog.badsectorlabs.com/last-week-in...

12.05.2025 23:31 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

The Ludus range config can get complex - lots of features == lots of options, but VSCode (and Cursor/Windsurf) can help if you add:

# yaml-language-server: $schema=https://docs.ludus.cloud/schemas/range-config.json

to the top of a yaml, the editor will highlight and explain errors! 🀯

08.05.2025 17:39 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Last Week in Security (LWiS) - 2025-05-05 ProxyBlobing (@_atsika), SonicWall n-days (@SinSinology), Drag and Pwnd (@d4d89704243), Loki C2 2.0 (@0xBoku), GraphSpy 1.5.0 (@RedByte1337), and more!

ProxyBlobing (@_atsika), SonicWall n-days (@SinSinology), Drag and Pwnd (@d4d89704243), Loki C2 2.0 (@0xBoku), GraphSpy 1.5.0 (@RedByte1337), and more!

blog.badsectorlabs.com/last-week-in...

06.05.2025 20:01 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Got my hands on an unreleased Google DeepMind AI workstation! πŸ§ πŸ’»

jk, but the new 🏟️Ludus πŸš«πŸ–οΈAnti-Sandbox update allows for full customization of machine values. Make your machines look like whatever you (or your APTs) expect. docs.ludus.cloud/docs/enterpr...

02.05.2025 22:01 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Last Week in Security (LWiS) - 2025-04-28 TTTracer unmasks sleep obfs (@felixm_pw), GitHub spoofing (@pfiatde), Synology RCE (@ret2systems), netify scraper (@Jhaddix), and more!

Survive the RSA noise by focusing on the technical, with Last Week in Security! blog.badsectorlabs.com/last-week-in...

29.04.2025 14:43 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Last Week in Security (LWiS) - 2025-04-21 CVE drama (@MITREcorp), Control Flow Hijacking w/Data Pointers (@0xLegacyy), Copilot in notepad (@zux0x3a), .NET AOT in Ghidra (@washi_dev), CSWSH in 2025 (@IncludeSecurity), 300ms to Admin (@compasss...

Go beyond the CVE drama; lots of good technical content from last week: blog.badsectorlabs.com/last-week-in...

22.04.2025 13:56 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Last Week in Security (LWiS) - 2025-04-14 WinRMS relay (@Defte_), plaintext Zip attacks (@pfiatde), SQL Server Crypto deep dive (@_xpn_), FindUnusualSessions (@podalirius_), and more!

WinRMS relay (@Defte_), plaintext Zip attacks (@pfiatde), SQL Server Crypto deep dive (@_xpn_), FindUnusualSessions (@podalirius_), and more!

blog.badsectorlabs.com/last-week-in...

15.04.2025 19:46 β€” πŸ‘ 5    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0

2️⃣ While honing offensive techniques in the lab, plan to transition from the pay-to-play #PEN200 network to a self-hosted cyber range. Explore options to reduce upfront costs, streamline deployment w/ Ludus, & integrate SIEM solutions to enhance your learning experience.

🧡: 3/4

25.03.2025 17:05 β€” πŸ‘ 0    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Preview
Fileless lateral movement with trapped COM objects | IBM New research from IBM X-Force Red has led to the development of a proof-of-concept fileless lateral movement technique by abusing trapped Component Object Model (COM) objects. Get the details.

[Blog] This ended up being a great applied research project with my co-worker Dylan Tran on weaponizing a technique for fileless DCOM lateral movement based on the original work of James Forshaw. Defensive recommendations provided.

- Blog: ibm.com/think/news/f...
- PoC: github.com/xforcered/Fo...

25.03.2025 21:21 β€” πŸ‘ 16    πŸ” 11    πŸ’¬ 0    πŸ“Œ 1
Preview
Last Week in Security (LWiS) - 2025-03-24 Next.js auth bypass (@zhero___ + @inzo____), ServiceNow for red teamers (@__invictus_), Veeam RCE - again! (@chudyPB), ArgFuscator (@Wietze), and more!

Next.js auth bypass (@zhero___ + @inzo____), ServiceNow for red teamers (@__invictus_), Veeam RCE - again! (@chudyPB), ArgFuscator (@Wietze), and more!

blog.badsectorlabs.com/last-week-in...

25.03.2025 16:02 β€” πŸ‘ 5    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
ludus 1.9.2 Β· Bad Sector Labs / Ludus Β· GitLab Changelog All notable changes to this project will be documented in this file. [1.9.2]...

πŸ“’ 🏟️ Ludus 1.9.2 is now available! New features include:
βœ… Install Linux packages easily from range config
βœ… Control Wireguard subnet traffic with custom network rules
βœ… Fixed domain joining for non-English Windows and more!

Full changelog: gitlab.com/badsectorlab...

22.03.2025 15:24 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Last Week in Security (LWiS) - 2025-03-17 Evilginx Pro (@mrgretzky), Pre-auth RCE in a CMS (@chudyPB), GOAD ADCS (@M4yFly), YouTube email disclosure (@brutecat), SAML parser bug (@ulldma.bsky.social/@ulldma@infosec.exchange), and more!

Evilginx Pro (@mrgretzky.breakdev.org ), Pre-auth RCE in a CMS (@chudypb.bsky.social), GOAD ADCS, YouTube email disclosure (@brutecat.com), SAML parser bug (ulldma.bsky.social), and more!

blog.badsectorlabs.com/last-week-in...

18.03.2025 00:05 β€” πŸ‘ 6    πŸ” 2    πŸ’¬ 0    πŸ“Œ 1
πŸ“Έ Snapshots | Ludus Ludus provides snapshot functionality for VMs in your range. Snapshots allow you to save the state of a VM at a point in time and revert back to it later.

Excited to announce 🏟️Ludus 1.9.0 now with arbitrary snapshot support! See the docs: docs.ludus.cloud/docs/snapshots
We've added documentation for deploy tags as well.
1.9.0 also includes:
- Disable Windows Defender via GPO
- Better VM validation
- Chrome/Edge FRE disabled
- Much more!

14.03.2025 15:50 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Evilginx Pro is finally here! After over two years of development, Evilginx Pro reverse proxy phishing framework for red teams is finally live!

🚨 Evilginx Pro is finally here! 🚨🎣🐟

This is it! After over two years of development, countless delays, and hundreds of manual company verifications, Evilginx Pro is finally live!

Thank you all for your invaluable support πŸ’—

breakdev.org/evilginx-pro...

12.03.2025 15:29 β€” πŸ‘ 11    πŸ” 6    πŸ’¬ 0    πŸ“Œ 0

@badsectorlabs.com is following 20 prominent accounts