Bad Sector Labs
LightNews LightNews
badsectorlabs.com
Bad Sector Labs
@badsectorlabs.com
490 followers 53 following 59 posts
Cybersecurity news, techniques, exploits, and tools every week at http://blog.badsectorlabs.com 🐘@badsectorlabs@infosec.exchange
Posts Replies Media Videos
Pinned
badsectorlabs.com
Bad Sector Labs @badsectorlabs.com · Nov 19
Stop testing in prod (even someone else's)! Are you tired of installing Active Directory on your test VMs for the 100th time? Ever YOLO a binary off GitHub into prod because your testing setup is tedious? I've built a solution: ludus.cloud
(1/5)
Ludus
The easiest way to deploy testing infrastructure
ludus.cloud
badsectorlabs.com
Apple's sourcemaps takedown (@moeruri), Call stack sig bypass (@saerxcit), AD Site pwnage (@croco_byte), sneaky remap (@MagisterQuis), Deceptiq launch (@deceptiq_), and more!

blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-11-10
Apple's sourcemaps takedown (@moeruri), Call stack sig bypass (@saerxcit), AD Site pwnage (@croco_byte), sneaky remap (@MagisterQuis), Deceptiq launch (@deceptiq_), and more!
blog.badsectorlabs.com
November 11, 2025 at 7:21 PM
badsectorlabs.com
WriteAccountRestrictions fun (@unsigned_sh0rt), RCE in Dell UnityVSA (@SinSinology), Unity Runtime exploit (@ryotkak), Lenovo DCC LPE (@0x4d5aC), remote control over generators (@XeEaton), and more!

blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-10-06
WriteAccountRestrictions fun (@unsigned_sh0rt), RCE in Dell UnityVSA (@SinSinology), Unity Runtime exploit (@ryotkak), Lenovo DCC LPE (@0x4d5aC), remote control over generators (@XeEaton), and more!
blog.badsectorlabs.com
October 7, 2025 at 4:51 PM
badsectorlabs.com
FreeBPX RCE (@chudyPB), badpie (@dtmsecurity), macOS auditd malloc woes (@jfmeee), Spotlight TCC leak (@patrickwardle), WSUS relaying (@Coontzy1), pyLDAPGui (@ZephrFish), and more!

blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-09-15
FreeBPX RCE (@chudyPB), badpie (@dtmsecurity), macOS auditd malloc woes (@jfmeee), Spotlight TCC leak (@patrickwardle), WSUS relaying (@Coontzy1), pyLDAPGui (@ZephrFish), and more!
blog.badsectorlabs.com
September 16, 2025 at 2:31 PM
badsectorlabs.com
Sure, a bunch of NPM packages got backdoor'd (again), but don't miss the great research and tools released last week! blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-09-08
Metamorphic compilation (@tijme), Windows Secure Calls (@33y0re), macOS race condition exploit (@patch1t), NTLM relaying (@elad_shamir), iOS zero-click RE (@quarkslab), and more!
blog.badsectorlabs.com
September 9, 2025 at 3:35 PM
badsectorlabs.com
Lots of tooling around the new Bloodhound "OpenGraph" standard this week including vCenterHound from
@m0rd4vid and the bhopengraph library from
@podalirius_.

blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-08-25
WebClient deep dive (@0xthirteen), 2x RCE chains in Commvault (@chudyPB), how to rob a hotel (@dmcxblue), MSI patch/protocol handler RCE (@johnnyspandex), self-relaying (@_logangoins), and more!
blog.badsectorlabs.com
August 26, 2025 at 5:09 PM
badsectorlabs.com
DEF CON releases, PDQ SmartDeploy creds (@unsigned_sh0rt), FortiSIEM root command injection (@SinSinology), a cat themed loader (@vxunderground), fine-tune LLMs for offsec (@kyleavery_), juicing NTDS.DIT (@MGrafnetter), and more!

blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-08-18
DEF CON releases, PDQ SmartDeploy creds (@unsigned_sh0rt), FortiSIEM root command injection (@SinSinology), a cat themed loader (@vxunderground), fine-tune LLMs for offsec (@kyleavery_), juicing NTDS....
blog.badsectorlabs.com
August 19, 2025 at 6:30 PM
badsectorlabs.com
Come see a preview of the new Web UI for 🏟️Ludus at the Embedded Systems Village. Our mini-workshop walks you through deploying a range and then hacking an emulated IP camera.
August 8, 2025 at 9:18 PM
badsectorlabs.com
In Vegas for hacker summer camp and trying to get food without breaking the bank? I vibed a simple map site: defconfood.badsectorlabs.com

Come see Ludus at the embedded Systems Village - hack an IP camera, see the new UI, and get a sticker!
DEF CON Las Vegas Food Map
defconfood.badsectorlabs.com
August 7, 2025 at 8:50 PM
badsectorlabs.com
Last LWIS before DEF CON. Come see us in the Embedded Systems Village where we have a mini-workshop hosting an emulated camera on Ludus for you to hack!

blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-08-04
AEM RCE (@infosec_au), Intune cert abuse (@_dirkjan), Entra tradecraft (@hotnops), LLMs for R&D (@kyleavery_), File System API research (@Print3M_), and more!
blog.badsectorlabs.com
August 5, 2025 at 3:47 PM
badsectorlabs.com
VMware Tools LPE (@justbronzebee), Adaptix C2 0.7 (@hacker_ralf), Ludus MCP (@__Mastadon), SOAP(y) (@_logangoins), and more!

blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-07-28
VMware Tools LPE (@justbronzebee), Adaptix C2 0.7 (@hacker_ralf), Ludus MCP (@__Mastadon), SOAP(y) (@_logangoins), and more!
blog.badsectorlabs.com
July 29, 2025 at 3:58 PM
badsectorlabs.com
PIC agents (@_RastaMouse), ToolShell, Async BOFs (@Cneelis), SCCM MP relays (@unsigned_sh0rt), RAITrigger (@ShitSecure), and more!

blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-07-21
PIC agents (@_RastaMouse), ToolShell, Async BOFs (@Cneelis), SCCM MP relays (@unsigned_sh0rt), RAITrigger (@ShitSecure), and more!
blog.badsectorlabs.com
July 22, 2025 at 9:38 PM
badsectorlabs.com
LudusHound (@bagelByt3s), SpeechRuntimeMove (@ShitSecure), Havoc Pro (@C5pider), FortiWeb RCE (@SinSinology), SailPoint IQService RCE (@NetSPI), Altiris RCE (@lefterispan), WAF bypass (@nyxgeek), and more!

blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-07-14
LudusHound (@bagelByt3s), SpeechRuntimeMove (@ShitSecure), Havoc Pro (@C5pider), FortiWeb RCE (@SinSinology), SailPoint IQService RCE (@NetSPI), Altiris RCE (@lefterispan), WAF bypass (@nyxgeek ), and...
blog.badsectorlabs.com
July 15, 2025 at 2:38 PM
badsectorlabs.com
Ludushound shows the power of community driven innovation in cybersecurity. @bagelByt3s created an awesome tool to convert bloodhound data into a working lab in 🏟️ Ludus. Replicate complex live environments with automation - and get back to the fun stuff!

specterops.io/blog/2025/07...
LudusHound: Raising BloodHound Attack Paths to Life - SpecterOps
LudusHound is a tool for red and blue teams that transforms BloodHound data into a fully functional, Active Directory replica environment via the Ludus framework for controlled testing.
specterops.io
July 14, 2025 at 7:12 PM
badsectorlabs.com
Lots of good write ups (like Citrix Bleed 2) but my favorite was seeing how 🏟️ Ludus.cloud helped Cameron Stish of Guidepoint Security find "LoopyTicket" (CVE-2025-33073).

blog.badsectorlabs.com/last-week-in...
Ludus
The easiest way to deploy testing infrastructure
Ludus.cloud
July 8, 2025 at 1:40 PM
badsectorlabs.com
Tons of great content released over the past few weeks. Get caught up with Last Week in Security!

blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-06-30
Linux sleep obfs (@k0zmer), sudo vuln (@0xm1rch), self-xss trick (@slonser_), primitive injection (@trickster012), Sitecore RCE (@chudyPB ), and more!
blog.badsectorlabs.com
July 1, 2025 at 4:48 PM
badsectorlabs.com
This week's edition is packed full of great techniques and tools! One of the longest posts we've done; there's so much cool stuff being released.

blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-06-09
Windows self-delete on 24H2 (@TKYNSEC), DNS rebinding (@yarlob), VSCode backdoor (@d1rkmtr), leak Google users' 📞# (@brutecat), Entra sync dumping (@hotnops), Delegations (@podalirius_), Chrome abuse ...
blog.badsectorlabs.com
June 10, 2025 at 3:12 PM
badsectorlabs.com
@raphaelmudge.bsky.social summed up why we built and released Ludus open source: "Develop technologies that give individual operators and researchers LEVERAGE acting on hypothesis and make it fast to try things, adapt, and modify."

When spinning up ADCS or SCCM is 3 commands, it gives you leverage.
June 9, 2025 at 5:07 PM
badsectorlabs.com
Want to learn pivoting this weekend? The 🏟️Ludus community created a Pivot Lab with 11 different pivoting tools! Check it out: docs.ludus.cloud/docs/environ...
June 6, 2025 at 8:32 PM
badsectorlabs.com
Stealth syscalls (@darkrelaylabs), VM introspection (@memn0ps), Marebackup LPE (@itm4n.bsky.social), Azure Arc C2 (@zephrfish.yxz.red), Obfusk8 (@x86byte), and more!

blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-06-02
Stealth syscalls (@darkrelaylabs), VM introspection (@memn0ps), Marebackup LPE (@itm4n), Azure Arc C2 (@ZephrFish), Obfusk8 (@x86byte), and more!
blog.badsectorlabs.com
June 2, 2025 at 10:23 PM
badsectorlabs.com
BadSuccessor (@YuG0rd), o3 finds SMB 0day (@seanhn), crashing defender (@InfoGuard_Labs), MDT looting (@Oddvarmoe), and more!

blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-05-27
BadSuccessor (@YuG0rd), o3 finds SMB 0day (@seanhn), crashing defender (@InfoGuard_Labs), MDT looting (@Oddvarmoe), and more!
blog.badsectorlabs.com
May 27, 2025 at 11:27 PM
badsectorlabs.com
MATCH (c1:Computer)-[:MemberOf*1..]->(g:Group) WHERE g.objectsid ENDS WITH '-516' WITH COLLECT(c1[.]name) AS dcs MATCH (c2:Computer) WHERE c2.enabled = true AND (c2.operatingsystem contains '2025') AND (c2[.]name IN dcs) RETURN c2[.]name

If this query hits, you're DA: www.akamai.com/blog/securit...
www.akamai.com
May 21, 2025 at 6:14 PM
badsectorlabs.com
Certipy 5 (@ly4k_), MobileIron pwnage (@chudyPB), new CRTO pricing (@_ZeroPointSec), Volatility 3 parity (@volatility), and more!

blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-05-19
Certipy 5 (@ly4k_), MobileIron pwnage (@chudyPB), new CRTO pricing (@_ZeroPointSec), Volatility 3 parity (@volatility), and more!
blog.badsectorlabs.com
May 19, 2025 at 9:53 PM
badsectorlabs.com
Cobalt Strike for free!? Adaptix C2 (@hacker_ralf) is the best open source C2 I've used since Havoc (@C5pider). Adaptix has SOCKS5, remote and local port forwards, and BOF support! Now it's easy to install the server and client, especially on 🏟️Ludus with our new role:

github.com/badsectorlab...
May 15, 2025 at 9:26 PM
badsectorlabs.com
SysAid RCE (@SinSinology + @watchtowrcyber), defendnot (@es3n1n), iOS widget hacks (@brycebostwick.bsky.social), Sword of Secrets (@GiliYankovitch), and more!

blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-05-12
SysAid RCE (@SinSinology + @watchtowrcyber), defendnot (@es3n1n), iOS widget hacks (@brycebostwick1), Sword of Secrets (@GiliYankovitch), and more!
blog.badsectorlabs.com
May 12, 2025 at 11:31 PM
badsectorlabs.com
The Ludus range config can get complex - lots of features == lots of options, but VSCode (and Cursor/Windsurf) can help if you add:

# yaml-language-server: $schema=https://docs.ludus.cloud/schemas/range-config.json

to the top of a yaml, the editor will highlight and explain errors! 🤯
May 8, 2025 at 5:39 PM