LightNews
badsectorlabs.com
Bad Sector Labs
@badsectorlabs.com
490 followers 53 following 58 posts
Cybersecurity news, techniques, exploits, and tools every week at http://blog.badsectorlabs.com 🐘@[email protected]
blog.badsectorlabs.com
Posts Media Videos Starter Packs
Pinned
badsectorlabs.com
Bad Sector Labs @badsectorlabs.com · Nov 19
Stop testing in prod (even someone else's)! Are you tired of installing Active Directory on your test VMs for the 100th time? Ever YOLO a binary off GitHub into prod because your testing setup is tedious? I've built a solution: ludus.cloud
(1/5)
Ludus
The easiest way to deploy testing infrastructure
ludus.cloud
1 7
badsectorlabs.com
Bad Sector Labs @badsectorlabs.com · 9d
WriteAccountRestrictions fun (@unsigned_sh0rt), RCE in Dell UnityVSA (@SinSinology), Unity Runtime exploit (@ryotkak), Lenovo DCC LPE (@0x4d5aC), remote control over generators (@XeEaton), and more!

blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-10-06
WriteAccountRestrictions fun (@unsigned_sh0rt), RCE in Dell UnityVSA (@SinSinology), Unity Runtime exploit (@ryotkak), Lenovo DCC LPE (@0x4d5aC), remote control over generators (@XeEaton), and more!
blog.badsectorlabs.com
2
badsectorlabs.com
Bad Sector Labs @badsectorlabs.com · Sep 16
FreeBPX RCE (@chudyPB), badpie (@dtmsecurity), macOS auditd malloc woes (@jfmeee), Spotlight TCC leak (@patrickwardle), WSUS relaying (@Coontzy1), pyLDAPGui (@ZephrFish), and more!

blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-09-15
FreeBPX RCE (@chudyPB), badpie (@dtmsecurity), macOS auditd malloc woes (@jfmeee), Spotlight TCC leak (@patrickwardle), WSUS relaying (@Coontzy1), pyLDAPGui (@ZephrFish), and more!
blog.badsectorlabs.com
2
badsectorlabs.com
Bad Sector Labs @badsectorlabs.com · Sep 9
Sure, a bunch of NPM packages got backdoor'd (again), but don't miss the great research and tools released last week! blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-09-08
Metamorphic compilation (@tijme), Windows Secure Calls (@33y0re), macOS race condition exploit (@patch1t), NTLM relaying (@elad_shamir), iOS zero-click RE (@quarkslab), and more!
blog.badsectorlabs.com
badsectorlabs.com
Bad Sector Labs @badsectorlabs.com · Aug 26
Lots of tooling around the new Bloodhound "OpenGraph" standard this week including vCenterHound from
@m0rd4vid and the bhopengraph library from
@podalirius_.

blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-08-25
WebClient deep dive (@0xthirteen), 2x RCE chains in Commvault (@chudyPB), how to rob a hotel (@dmcxblue), MSI patch/protocol handler RCE (@johnnyspandex), self-relaying (@_logangoins), and more!
blog.badsectorlabs.com
2
badsectorlabs.com
Bad Sector Labs @badsectorlabs.com · Aug 19
DEF CON releases, PDQ SmartDeploy creds (@unsigned_sh0rt), FortiSIEM root command injection (@SinSinology), a cat themed loader (@vxunderground), fine-tune LLMs for offsec (@kyleavery_), juicing NTDS.DIT (@MGrafnetter), and more!

blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-08-18
DEF CON releases, PDQ SmartDeploy creds (@unsigned_sh0rt), FortiSIEM root command injection (@SinSinology), a cat themed loader (@vxunderground), fine-tune LLMs for offsec (@kyleavery_), juicing NTDS....
blog.badsectorlabs.com
1 1 3
badsectorlabs.com
Bad Sector Labs @badsectorlabs.com · Aug 8
Come see a preview of the new Web UI for 🏟️Ludus at the Embedded Systems Village. Our mini-workshop walks you through deploying a range and then hacking an emulated IP camera.
1
badsectorlabs.com
Bad Sector Labs @badsectorlabs.com · Aug 7
In Vegas for hacker summer camp and trying to get food without breaking the bank? I vibed a simple map site: defconfood.badsectorlabs.com

Come see Ludus at the embedded Systems Village - hack an IP camera, see the new UI, and get a sticker!
DEF CON Las Vegas Food Map
defconfood.badsectorlabs.com
1 3
badsectorlabs.com
Bad Sector Labs @badsectorlabs.com · Aug 5
Last LWIS before DEF CON. Come see us in the Embedded Systems Village where we have a mini-workshop hosting an emulated camera on Ludus for you to hack!

blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-08-04
AEM RCE (@infosec_au), Intune cert abuse (@_dirkjan), Entra tradecraft (@hotnops), LLMs for R&D (@kyleavery_), File System API research (@Print3M_), and more!
blog.badsectorlabs.com
2 1
badsectorlabs.com
Bad Sector Labs @badsectorlabs.com · Jul 29
VMware Tools LPE (@justbronzebee), Adaptix C2 0.7 (@hacker_ralf), Ludus MCP (@__Mastadon), SOAP(y) (@_logangoins), and more!

blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-07-28
VMware Tools LPE (@justbronzebee), Adaptix C2 0.7 (@hacker_ralf), Ludus MCP (@__Mastadon), SOAP(y) (@_logangoins), and more!
blog.badsectorlabs.com
2 2
badsectorlabs.com
Bad Sector Labs @badsectorlabs.com · Jul 22
PIC agents (@_RastaMouse), ToolShell, Async BOFs (@Cneelis), SCCM MP relays (@unsigned_sh0rt), RAITrigger (@ShitSecure), and more!

blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-07-21
PIC agents (@_RastaMouse), ToolShell, Async BOFs (@Cneelis), SCCM MP relays (@unsigned_sh0rt), RAITrigger (@ShitSecure), and more!
blog.badsectorlabs.com
1 2
badsectorlabs.com
Bad Sector Labs @badsectorlabs.com · Jul 15
LudusHound (@bagelByt3s), SpeechRuntimeMove (@ShitSecure), Havoc Pro (@C5pider), FortiWeb RCE (@SinSinology), SailPoint IQService RCE (@NetSPI), Altiris RCE (@lefterispan), WAF bypass (@nyxgeek), and more!

blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-07-14
LudusHound (@bagelByt3s), SpeechRuntimeMove (@ShitSecure), Havoc Pro (@C5pider), FortiWeb RCE (@SinSinology), SailPoint IQService RCE (@NetSPI), Altiris RCE (@lefterispan), WAF bypass (@nyxgeek ), and...
blog.badsectorlabs.com
3
badsectorlabs.com
Bad Sector Labs @badsectorlabs.com · Jul 14
Ludushound shows the power of community driven innovation in cybersecurity. @bagelByt3s created an awesome tool to convert bloodhound data into a working lab in 🏟️ Ludus. Replicate complex live environments with automation - and get back to the fun stuff!

specterops.io/blog/2025/07...
LudusHound: Raising BloodHound Attack Paths to Life - SpecterOps
LudusHound is a tool for red and blue teams that transforms BloodHound data into a fully functional, Active Directory replica environment via the Ludus framework for controlled testing.
specterops.io
1 3
badsectorlabs.com
Bad Sector Labs @badsectorlabs.com · Jul 8
Lots of good write ups (like Citrix Bleed 2) but my favorite was seeing how 🏟️ Ludus.cloud helped Cameron Stish of Guidepoint Security find "LoopyTicket" (CVE-2025-33073).

blog.badsectorlabs.com/last-week-in...
Ludus
The easiest way to deploy testing infrastructure
Ludus.cloud
3
badsectorlabs.com
Bad Sector Labs @badsectorlabs.com · Jul 1
Tons of great content released over the past few weeks. Get caught up with Last Week in Security!

blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-06-30
Linux sleep obfs (@k0zmer), sudo vuln (@0xm1rch), self-xss trick (@slonser_), primitive injection (@trickster012), Sitecore RCE (@chudyPB ), and more!
blog.badsectorlabs.com
2
badsectorlabs.com
Bad Sector Labs @badsectorlabs.com · Jun 10
This week's edition is packed full of great techniques and tools! One of the longest posts we've done; there's so much cool stuff being released.

blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-06-09
Windows self-delete on 24H2 (@TKYNSEC), DNS rebinding (@yarlob), VSCode backdoor (@d1rkmtr), leak Google users' 📞# (@brutecat), Entra sync dumping (@hotnops), Delegations (@podalirius_), Chrome abuse ...
blog.badsectorlabs.com
1 2
badsectorlabs.com
Bad Sector Labs @badsectorlabs.com · Jun 9
@raphaelmudge.bsky.social summed up why we built and released Ludus open source: "Develop technologies that give individual operators and researchers LEVERAGE acting on hypothesis and make it fast to try things, adapt, and modify."

When spinning up ADCS or SCCM is 3 commands, it gives you leverage.
1
badsectorlabs.com
Bad Sector Labs @badsectorlabs.com · Jun 6
Want to learn pivoting this weekend? The 🏟️Ludus community created a Pivot Lab with 11 different pivoting tools! Check it out: docs.ludus.cloud/docs/environ...
2 4
badsectorlabs.com
Bad Sector Labs @badsectorlabs.com · Jun 2
Stealth syscalls (@darkrelaylabs), VM introspection (@memn0ps), Marebackup LPE (@itm4n.bsky.social), Azure Arc C2 (@zephrfish.yxz.red), Obfusk8 (@x86byte), and more!

blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-06-02
Stealth syscalls (@darkrelaylabs), VM introspection (@memn0ps), Marebackup LPE (@itm4n), Azure Arc C2 (@ZephrFish), Obfusk8 (@x86byte), and more!
blog.badsectorlabs.com
1 2
badsectorlabs.com
Bad Sector Labs @badsectorlabs.com · May 27
BadSuccessor (@YuG0rd), o3 finds SMB 0day (@seanhn), crashing defender (@InfoGuard_Labs), MDT looting (@Oddvarmoe), and more!

blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-05-27
BadSuccessor (@YuG0rd), o3 finds SMB 0day (@seanhn), crashing defender (@InfoGuard_Labs), MDT looting (@Oddvarmoe), and more!
blog.badsectorlabs.com
2
badsectorlabs.com
Bad Sector Labs @badsectorlabs.com · May 21
MATCH (c1:Computer)-[:MemberOf*1..]->(g:Group) WHERE g.objectsid ENDS WITH '-516' WITH COLLECT(c1[.]name) AS dcs MATCH (c2:Computer) WHERE c2.enabled = true AND (c2.operatingsystem contains '2025') AND (c2[.]name IN dcs) RETURN c2[.]name

If this query hits, you're DA: www.akamai.com/blog/securit...
www.akamai.com
2 4
badsectorlabs.com
Bad Sector Labs @badsectorlabs.com · May 19
Certipy 5 (@ly4k_), MobileIron pwnage (@chudyPB), new CRTO pricing (@_ZeroPointSec), Volatility 3 parity (@volatility), and more!

blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-05-19
Certipy 5 (@ly4k_), MobileIron pwnage (@chudyPB), new CRTO pricing (@_ZeroPointSec), Volatility 3 parity (@volatility), and more!
blog.badsectorlabs.com
5
badsectorlabs.com
Bad Sector Labs @badsectorlabs.com · May 15
Cobalt Strike for free!? Adaptix C2 (@hacker_ralf) is the best open source C2 I've used since Havoc (@C5pider). Adaptix has SOCKS5, remote and local port forwards, and BOF support! Now it's easy to install the server and client, especially on 🏟️Ludus with our new role:

github.com/badsectorlab...
1 6
badsectorlabs.com
Bad Sector Labs @badsectorlabs.com · May 12
SysAid RCE (@SinSinology + @watchtowrcyber), defendnot (@es3n1n), iOS widget hacks (@brycebostwick.bsky.social), Sword of Secrets (@GiliYankovitch), and more!

blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-05-12
SysAid RCE (@SinSinology + @watchtowrcyber), defendnot (@es3n1n), iOS widget hacks (@brycebostwick1), Sword of Secrets (@GiliYankovitch), and more!
blog.badsectorlabs.com
2
badsectorlabs.com
Bad Sector Labs @badsectorlabs.com · May 8
The Ludus range config can get complex - lots of features == lots of options, but VSCode (and Cursor/Windsurf) can help if you add:

# yaml-language-server: $schema=https://docs.ludus.cloud/schemas/range-config.json

to the top of a yaml, the editor will highlight and explain errors! 🤯
badsectorlabs.com
Bad Sector Labs @badsectorlabs.com · May 6
ProxyBlobing (@_atsika), SonicWall n-days (@SinSinology), Drag and Pwnd (@d4d89704243), Loki C2 2.0 (@0xBoku), GraphSpy 1.5.0 (@RedByte1337), and more!

blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-05-05
ProxyBlobing (@_atsika), SonicWall n-days (@SinSinology), Drag and Pwnd (@d4d89704243), Loki C2 2.0 (@0xBoku), GraphSpy 1.5.0 (@RedByte1337), and more!
blog.badsectorlabs.com
2