Bad Sector Labs
@badsectorlabs.com
Cybersecurity news, techniques, exploits, and tools every week at http://blog.badsectorlabs.com 🐘@badsectorlabs@infosec.exchange
Pinned
Bad Sector Labs
@badsectorlabs.com
· Nov 19
Ludus
The easiest way to deploy testing infrastructure
ludus.cloud
Stop testing in prod (even someone else's)! Are you tired of installing Active Directory on your test VMs for the 100th time? Ever YOLO a binary off GitHub into prod because your testing setup is tedious? I've built a solution: ludus.cloud
(1/5)
(1/5)
Apple's sourcemaps takedown (@moeruri), Call stack sig bypass (@saerxcit), AD Site pwnage (@croco_byte), sneaky remap (@MagisterQuis), Deceptiq launch (@deceptiq_), and more!
blog.badsectorlabs.com/last-week-in...
blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-11-10
Apple's sourcemaps takedown (@moeruri), Call stack sig bypass (@saerxcit), AD Site pwnage (@croco_byte), sneaky remap (@MagisterQuis), Deceptiq launch (@deceptiq_), and more!
blog.badsectorlabs.com
November 11, 2025 at 7:21 PM
Apple's sourcemaps takedown (@moeruri), Call stack sig bypass (@saerxcit), AD Site pwnage (@croco_byte), sneaky remap (@MagisterQuis), Deceptiq launch (@deceptiq_), and more!
blog.badsectorlabs.com/last-week-in...
blog.badsectorlabs.com/last-week-in...
WriteAccountRestrictions fun (@unsigned_sh0rt), RCE in Dell UnityVSA (@SinSinology), Unity Runtime exploit (@ryotkak), Lenovo DCC LPE (@0x4d5aC), remote control over generators (@XeEaton), and more!
blog.badsectorlabs.com/last-week-in...
blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-10-06
WriteAccountRestrictions fun (@unsigned_sh0rt), RCE in Dell UnityVSA (@SinSinology), Unity Runtime exploit (@ryotkak), Lenovo DCC LPE (@0x4d5aC), remote control over generators (@XeEaton), and more!
blog.badsectorlabs.com
October 7, 2025 at 4:51 PM
WriteAccountRestrictions fun (@unsigned_sh0rt), RCE in Dell UnityVSA (@SinSinology), Unity Runtime exploit (@ryotkak), Lenovo DCC LPE (@0x4d5aC), remote control over generators (@XeEaton), and more!
blog.badsectorlabs.com/last-week-in...
blog.badsectorlabs.com/last-week-in...
FreeBPX RCE (@chudyPB), badpie (@dtmsecurity), macOS auditd malloc woes (@jfmeee), Spotlight TCC leak (@patrickwardle), WSUS relaying (@Coontzy1), pyLDAPGui (@ZephrFish), and more!
blog.badsectorlabs.com/last-week-in...
blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-09-15
FreeBPX RCE (@chudyPB), badpie (@dtmsecurity), macOS auditd malloc woes (@jfmeee), Spotlight TCC leak (@patrickwardle), WSUS relaying (@Coontzy1), pyLDAPGui (@ZephrFish), and more!
blog.badsectorlabs.com
September 16, 2025 at 2:31 PM
FreeBPX RCE (@chudyPB), badpie (@dtmsecurity), macOS auditd malloc woes (@jfmeee), Spotlight TCC leak (@patrickwardle), WSUS relaying (@Coontzy1), pyLDAPGui (@ZephrFish), and more!
blog.badsectorlabs.com/last-week-in...
blog.badsectorlabs.com/last-week-in...
Sure, a bunch of NPM packages got backdoor'd (again), but don't miss the great research and tools released last week! blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-09-08
Metamorphic compilation (@tijme), Windows Secure Calls (@33y0re), macOS race condition exploit (@patch1t), NTLM relaying (@elad_shamir), iOS zero-click RE (@quarkslab), and more!
blog.badsectorlabs.com
September 9, 2025 at 3:35 PM
Sure, a bunch of NPM packages got backdoor'd (again), but don't miss the great research and tools released last week! blog.badsectorlabs.com/last-week-in...
Lots of tooling around the new Bloodhound "OpenGraph" standard this week including vCenterHound from
@m0rd4vid and the bhopengraph library from
@podalirius_.
blog.badsectorlabs.com/last-week-in...
@m0rd4vid and the bhopengraph library from
@podalirius_.
blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-08-25
WebClient deep dive (@0xthirteen), 2x RCE chains in Commvault (@chudyPB), how to rob a hotel (@dmcxblue), MSI patch/protocol handler RCE (@johnnyspandex), self-relaying (@_logangoins), and more!
blog.badsectorlabs.com
August 26, 2025 at 5:09 PM
Lots of tooling around the new Bloodhound "OpenGraph" standard this week including vCenterHound from
@m0rd4vid and the bhopengraph library from
@podalirius_.
blog.badsectorlabs.com/last-week-in...
@m0rd4vid and the bhopengraph library from
@podalirius_.
blog.badsectorlabs.com/last-week-in...
DEF CON releases, PDQ SmartDeploy creds (@unsigned_sh0rt), FortiSIEM root command injection (@SinSinology), a cat themed loader (@vxunderground), fine-tune LLMs for offsec (@kyleavery_), juicing NTDS.DIT (@MGrafnetter), and more!
blog.badsectorlabs.com/last-week-in...
blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-08-18
DEF CON releases, PDQ SmartDeploy creds (@unsigned_sh0rt), FortiSIEM root command injection (@SinSinology), a cat themed loader (@vxunderground), fine-tune LLMs for offsec (@kyleavery_), juicing NTDS....
blog.badsectorlabs.com
August 19, 2025 at 6:30 PM
DEF CON releases, PDQ SmartDeploy creds (@unsigned_sh0rt), FortiSIEM root command injection (@SinSinology), a cat themed loader (@vxunderground), fine-tune LLMs for offsec (@kyleavery_), juicing NTDS.DIT (@MGrafnetter), and more!
blog.badsectorlabs.com/last-week-in...
blog.badsectorlabs.com/last-week-in...
Come see a preview of the new Web UI for 🏟️Ludus at the Embedded Systems Village. Our mini-workshop walks you through deploying a range and then hacking an emulated IP camera.
August 8, 2025 at 9:18 PM
Come see a preview of the new Web UI for 🏟️Ludus at the Embedded Systems Village. Our mini-workshop walks you through deploying a range and then hacking an emulated IP camera.
In Vegas for hacker summer camp and trying to get food without breaking the bank? I vibed a simple map site: defconfood.badsectorlabs.com
Come see Ludus at the embedded Systems Village - hack an IP camera, see the new UI, and get a sticker!
Come see Ludus at the embedded Systems Village - hack an IP camera, see the new UI, and get a sticker!
DEF CON Las Vegas Food Map
defconfood.badsectorlabs.com
August 7, 2025 at 8:50 PM
In Vegas for hacker summer camp and trying to get food without breaking the bank? I vibed a simple map site: defconfood.badsectorlabs.com
Come see Ludus at the embedded Systems Village - hack an IP camera, see the new UI, and get a sticker!
Come see Ludus at the embedded Systems Village - hack an IP camera, see the new UI, and get a sticker!
Last LWIS before DEF CON. Come see us in the Embedded Systems Village where we have a mini-workshop hosting an emulated camera on Ludus for you to hack!
blog.badsectorlabs.com/last-week-in...
blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-08-04
AEM RCE (@infosec_au), Intune cert abuse (@_dirkjan), Entra tradecraft (@hotnops), LLMs for R&D (@kyleavery_), File System API research (@Print3M_), and more!
blog.badsectorlabs.com
August 5, 2025 at 3:47 PM
Last LWIS before DEF CON. Come see us in the Embedded Systems Village where we have a mini-workshop hosting an emulated camera on Ludus for you to hack!
blog.badsectorlabs.com/last-week-in...
blog.badsectorlabs.com/last-week-in...
VMware Tools LPE (@justbronzebee), Adaptix C2 0.7 (@hacker_ralf), Ludus MCP (@__Mastadon), SOAP(y) (@_logangoins), and more!
blog.badsectorlabs.com/last-week-in...
blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-07-28
VMware Tools LPE (@justbronzebee), Adaptix C2 0.7 (@hacker_ralf), Ludus MCP (@__Mastadon), SOAP(y) (@_logangoins), and more!
blog.badsectorlabs.com
July 29, 2025 at 3:58 PM
VMware Tools LPE (@justbronzebee), Adaptix C2 0.7 (@hacker_ralf), Ludus MCP (@__Mastadon), SOAP(y) (@_logangoins), and more!
blog.badsectorlabs.com/last-week-in...
blog.badsectorlabs.com/last-week-in...
PIC agents (@_RastaMouse), ToolShell, Async BOFs (@Cneelis), SCCM MP relays (@unsigned_sh0rt), RAITrigger (@ShitSecure), and more!
blog.badsectorlabs.com/last-week-in...
blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-07-21
PIC agents (@_RastaMouse), ToolShell, Async BOFs (@Cneelis), SCCM MP relays (@unsigned_sh0rt), RAITrigger (@ShitSecure), and more!
blog.badsectorlabs.com
July 22, 2025 at 9:38 PM
PIC agents (@_RastaMouse), ToolShell, Async BOFs (@Cneelis), SCCM MP relays (@unsigned_sh0rt), RAITrigger (@ShitSecure), and more!
blog.badsectorlabs.com/last-week-in...
blog.badsectorlabs.com/last-week-in...
LudusHound (@bagelByt3s), SpeechRuntimeMove (@ShitSecure), Havoc Pro (@C5pider), FortiWeb RCE (@SinSinology), SailPoint IQService RCE (@NetSPI), Altiris RCE (@lefterispan), WAF bypass (@nyxgeek), and more!
blog.badsectorlabs.com/last-week-in...
blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-07-14
LudusHound (@bagelByt3s), SpeechRuntimeMove (@ShitSecure), Havoc Pro (@C5pider), FortiWeb RCE (@SinSinology), SailPoint IQService RCE (@NetSPI), Altiris RCE (@lefterispan), WAF bypass (@nyxgeek ), and...
blog.badsectorlabs.com
July 15, 2025 at 2:38 PM
LudusHound (@bagelByt3s), SpeechRuntimeMove (@ShitSecure), Havoc Pro (@C5pider), FortiWeb RCE (@SinSinology), SailPoint IQService RCE (@NetSPI), Altiris RCE (@lefterispan), WAF bypass (@nyxgeek), and more!
blog.badsectorlabs.com/last-week-in...
blog.badsectorlabs.com/last-week-in...
Ludushound shows the power of community driven innovation in cybersecurity. @bagelByt3s created an awesome tool to convert bloodhound data into a working lab in 🏟️ Ludus. Replicate complex live environments with automation - and get back to the fun stuff!
specterops.io/blog/2025/07...
specterops.io/blog/2025/07...
LudusHound: Raising BloodHound Attack Paths to Life - SpecterOps
LudusHound is a tool for red and blue teams that transforms BloodHound data into a fully functional, Active Directory replica environment via the Ludus framework for controlled testing.
specterops.io
July 14, 2025 at 7:12 PM
Ludushound shows the power of community driven innovation in cybersecurity. @bagelByt3s created an awesome tool to convert bloodhound data into a working lab in 🏟️ Ludus. Replicate complex live environments with automation - and get back to the fun stuff!
specterops.io/blog/2025/07...
specterops.io/blog/2025/07...
Lots of good write ups (like Citrix Bleed 2) but my favorite was seeing how 🏟️ Ludus.cloud helped Cameron Stish of Guidepoint Security find "LoopyTicket" (CVE-2025-33073).
blog.badsectorlabs.com/last-week-in...
blog.badsectorlabs.com/last-week-in...
Ludus
The easiest way to deploy testing infrastructure
Ludus.cloud
July 8, 2025 at 1:40 PM
Lots of good write ups (like Citrix Bleed 2) but my favorite was seeing how 🏟️ Ludus.cloud helped Cameron Stish of Guidepoint Security find "LoopyTicket" (CVE-2025-33073).
blog.badsectorlabs.com/last-week-in...
blog.badsectorlabs.com/last-week-in...
Tons of great content released over the past few weeks. Get caught up with Last Week in Security!
blog.badsectorlabs.com/last-week-in...
blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-06-30
Linux sleep obfs (@k0zmer), sudo vuln (@0xm1rch), self-xss trick (@slonser_), primitive injection (@trickster012), Sitecore RCE (@chudyPB ), and more!
blog.badsectorlabs.com
July 1, 2025 at 4:48 PM
Tons of great content released over the past few weeks. Get caught up with Last Week in Security!
blog.badsectorlabs.com/last-week-in...
blog.badsectorlabs.com/last-week-in...
This week's edition is packed full of great techniques and tools! One of the longest posts we've done; there's so much cool stuff being released.
blog.badsectorlabs.com/last-week-in...
blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-06-09
Windows self-delete on 24H2 (@TKYNSEC), DNS rebinding (@yarlob), VSCode backdoor (@d1rkmtr), leak Google users' 📞# (@brutecat), Entra sync dumping (@hotnops), Delegations (@podalirius_), Chrome abuse ...
blog.badsectorlabs.com
June 10, 2025 at 3:12 PM
This week's edition is packed full of great techniques and tools! One of the longest posts we've done; there's so much cool stuff being released.
blog.badsectorlabs.com/last-week-in...
blog.badsectorlabs.com/last-week-in...
@raphaelmudge.bsky.social summed up why we built and released Ludus open source: "Develop technologies that give individual operators and researchers LEVERAGE acting on hypothesis and make it fast to try things, adapt, and modify."
When spinning up ADCS or SCCM is 3 commands, it gives you leverage.
When spinning up ADCS or SCCM is 3 commands, it gives you leverage.
June 9, 2025 at 5:07 PM
@raphaelmudge.bsky.social summed up why we built and released Ludus open source: "Develop technologies that give individual operators and researchers LEVERAGE acting on hypothesis and make it fast to try things, adapt, and modify."
When spinning up ADCS or SCCM is 3 commands, it gives you leverage.
When spinning up ADCS or SCCM is 3 commands, it gives you leverage.
Want to learn pivoting this weekend? The 🏟️Ludus community created a Pivot Lab with 11 different pivoting tools! Check it out: docs.ludus.cloud/docs/environ...
June 6, 2025 at 8:32 PM
Want to learn pivoting this weekend? The 🏟️Ludus community created a Pivot Lab with 11 different pivoting tools! Check it out: docs.ludus.cloud/docs/environ...
Stealth syscalls (@darkrelaylabs), VM introspection (@memn0ps), Marebackup LPE (@itm4n.bsky.social), Azure Arc C2 (@zephrfish.yxz.red), Obfusk8 (@x86byte), and more!
blog.badsectorlabs.com/last-week-in...
blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-06-02
Stealth syscalls (@darkrelaylabs), VM introspection (@memn0ps), Marebackup LPE (@itm4n), Azure Arc C2 (@ZephrFish), Obfusk8 (@x86byte), and more!
blog.badsectorlabs.com
June 2, 2025 at 10:23 PM
Stealth syscalls (@darkrelaylabs), VM introspection (@memn0ps), Marebackup LPE (@itm4n.bsky.social), Azure Arc C2 (@zephrfish.yxz.red), Obfusk8 (@x86byte), and more!
blog.badsectorlabs.com/last-week-in...
blog.badsectorlabs.com/last-week-in...
BadSuccessor (@YuG0rd), o3 finds SMB 0day (@seanhn), crashing defender (@InfoGuard_Labs), MDT looting (@Oddvarmoe), and more!
blog.badsectorlabs.com/last-week-in...
blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-05-27
BadSuccessor (@YuG0rd), o3 finds SMB 0day (@seanhn), crashing defender (@InfoGuard_Labs), MDT looting (@Oddvarmoe), and more!
blog.badsectorlabs.com
May 27, 2025 at 11:27 PM
BadSuccessor (@YuG0rd), o3 finds SMB 0day (@seanhn), crashing defender (@InfoGuard_Labs), MDT looting (@Oddvarmoe), and more!
blog.badsectorlabs.com/last-week-in...
blog.badsectorlabs.com/last-week-in...
MATCH (c1:Computer)-[:MemberOf*1..]->(g:Group) WHERE g.objectsid ENDS WITH '-516' WITH COLLECT(c1[.]name) AS dcs MATCH (c2:Computer) WHERE c2.enabled = true AND (c2.operatingsystem contains '2025') AND (c2[.]name IN dcs) RETURN c2[.]name
If this query hits, you're DA: www.akamai.com/blog/securit...
If this query hits, you're DA: www.akamai.com/blog/securit...
www.akamai.com
May 21, 2025 at 6:14 PM
MATCH (c1:Computer)-[:MemberOf*1..]->(g:Group) WHERE g.objectsid ENDS WITH '-516' WITH COLLECT(c1[.]name) AS dcs MATCH (c2:Computer) WHERE c2.enabled = true AND (c2.operatingsystem contains '2025') AND (c2[.]name IN dcs) RETURN c2[.]name
If this query hits, you're DA: www.akamai.com/blog/securit...
If this query hits, you're DA: www.akamai.com/blog/securit...
Certipy 5 (@ly4k_), MobileIron pwnage (@chudyPB), new CRTO pricing (@_ZeroPointSec), Volatility 3 parity (@volatility), and more!
blog.badsectorlabs.com/last-week-in...
blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-05-19
Certipy 5 (@ly4k_), MobileIron pwnage (@chudyPB), new CRTO pricing (@_ZeroPointSec), Volatility 3 parity (@volatility), and more!
blog.badsectorlabs.com
May 19, 2025 at 9:53 PM
Certipy 5 (@ly4k_), MobileIron pwnage (@chudyPB), new CRTO pricing (@_ZeroPointSec), Volatility 3 parity (@volatility), and more!
blog.badsectorlabs.com/last-week-in...
blog.badsectorlabs.com/last-week-in...
Cobalt Strike for free!? Adaptix C2 (@hacker_ralf) is the best open source C2 I've used since Havoc (@C5pider). Adaptix has SOCKS5, remote and local port forwards, and BOF support! Now it's easy to install the server and client, especially on 🏟️Ludus with our new role:
github.com/badsectorlab...
github.com/badsectorlab...
May 15, 2025 at 9:26 PM
Cobalt Strike for free!? Adaptix C2 (@hacker_ralf) is the best open source C2 I've used since Havoc (@C5pider). Adaptix has SOCKS5, remote and local port forwards, and BOF support! Now it's easy to install the server and client, especially on 🏟️Ludus with our new role:
github.com/badsectorlab...
github.com/badsectorlab...
SysAid RCE (@SinSinology + @watchtowrcyber), defendnot (@es3n1n), iOS widget hacks (@brycebostwick.bsky.social), Sword of Secrets (@GiliYankovitch), and more!
blog.badsectorlabs.com/last-week-in...
blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-05-12
SysAid RCE (@SinSinology + @watchtowrcyber), defendnot (@es3n1n), iOS widget hacks (@brycebostwick1), Sword of Secrets (@GiliYankovitch), and more!
blog.badsectorlabs.com
May 12, 2025 at 11:31 PM
SysAid RCE (@SinSinology + @watchtowrcyber), defendnot (@es3n1n), iOS widget hacks (@brycebostwick.bsky.social), Sword of Secrets (@GiliYankovitch), and more!
blog.badsectorlabs.com/last-week-in...
blog.badsectorlabs.com/last-week-in...
The Ludus range config can get complex - lots of features == lots of options, but VSCode (and Cursor/Windsurf) can help if you add:
# yaml-language-server: $schema=https://docs.ludus.cloud/schemas/range-config.json
to the top of a yaml, the editor will highlight and explain errors! 🤯
# yaml-language-server: $schema=https://docs.ludus.cloud/schemas/range-config.json
to the top of a yaml, the editor will highlight and explain errors! 🤯
May 8, 2025 at 5:39 PM
The Ludus range config can get complex - lots of features == lots of options, but VSCode (and Cursor/Windsurf) can help if you add:
# yaml-language-server: $schema=https://docs.ludus.cloud/schemas/range-config.json
to the top of a yaml, the editor will highlight and explain errors! 🤯
# yaml-language-server: $schema=https://docs.ludus.cloud/schemas/range-config.json
to the top of a yaml, the editor will highlight and explain errors! 🤯