Bad Sector Labs

Weekly Cybersecurity news, techniques, exploits, and tools every Monday at blog.badsectorlabs.com

2025-07-08

Lots of good write ups (like Citrix Bleed 2) but my favorite was seeing how 🏟️ Ludus.cloud helped Cameron Stish of Guidepoint Security find "LoopyTicket" (CVE-2025-33073).

blog.badsectorlabs.com/last-we

2025-07-01

Tons of great content released over the past few weeks. Get caught up with Last Week in Security!

blog.badsectorlabs.com/last-we

2025-06-10

This week's edition is packed full of great techniques and tools! One of the longest posts we've done; there's so much cool stuff being released.

blog.badsectorlabs.com/last-we

2025-06-06

Want to learn pivoting this weekend? The 🏟️Ludus community created a Pivot Lab with 11 different pivoting tools! Check it out: docs.ludus.cloud/docs/environm

2025-06-02

Stealth syscalls (@darkrelaylabs), VM introspection (@memn0ps), Marebackup LPE (@itm4n), Arc C2 (@ZephrFish), Obfusk8 (@x86byte), and more!

blog.badsectorlabs.com/last-we

2025-05-27

BadSuccessor (@YuG0rd), o3 finds SMB 0day (@seanhn), crashing defender (@InfoGuard_Labs), MDT looting (@Oddvarmoe), and more!

blog.badsectorlabs.com/last-we

2025-05-21

MATCH (c1:Computer)-[:MemberOf*1..]->(g:Group) WHERE g.objectsid ENDS WITH '-516' WITH COLLECT(c1[.]name) AS dcs MATCH (c2:Computer) WHERE c2.enabled = true AND (c2.operatingsystem contains '2025') AND (c2[.]name IN dcs) RETURN c2[.]name

If this query hits, you're DA: akamai.com/blog/security-resea

2025-05-19

Certipy 5 (@ly4k_), MobileIron pwnage (@chudypb), new CRTO pricing (@_ZeroPointSec), Volatility 3 parity (@volatility), and more!

blog.badsectorlabs.com/last-we

2025-05-15

Cobalt Strike for free!? Adaptix C2 (@hacker_ralf) is the best open source C2 I've used since Havoc (@C5pider). Adaptix has SOCKS5, remote and local port forwards, and BOF support! Now it's easy to install the server and client, especially on 🏟️Ludus with our new role:

github.com/badsectorlabs/ludus

2025-05-12

SysAid RCE (@SinSinology + @watchtowrcyber), defendnot (@es3n1n), iOS widget hacks (@bryce), Sword of Secrets (@GiliYankovitch), and more!

blog.badsectorlabs.com/last-we

2025-05-08

The Ludus range config can get complex (lots of features == lots of options!), but VSCode (and Cursor/Windsurf) can help if you add:

# yaml-language-server: $schema=docs.ludus.cloud/schemas/range

to the top of a yaml, the editor will highlight and explain errors! 🤯

2025-05-06

ProxyBlobing (@_atsika), SonicWall n-days (@SinSinology), Drag and Pwnd (@d4d89704243), Loki C2 2.0 (@0xBoku), GraphSpy 1.5.0 (@RedByte1337), and more!

blog.badsectorlabs.com/last-we

2025-05-02

Got my hands on an unreleased Google DeepMind AI workstation! 🧠💻

jk, but the new 🏟️Ludus 🚫🏖️Anti-Sandbox update allows for full customization of machine values. Make your machines look like whatever you (or your APTs) expect. docs.ludus.cloud/docs/enterpri

2025-04-29

Survive the RSA noise by focusing on the technical, with Last Week in Security!

blog.badsectorlabs.com/last-we

2025-04-22

Go beyond the CVE drama; lots of good technical content from last week: blog.badsectorlabs.com/last-we

2025-04-15

WinRMS relay (@Defte_), plaintext Zip attacks (@pfiatde), SQL Server Crypto deep dive (@_xpn_), FindUnusualSessions (@podalirius_), and more!

blog.badsectorlabs.com/last-we

2025-03-25

Next.js auth bypass (@zhero___ + @inzo____), ServiceNow for red teamers (@__invictus_), Veeam RCE - again! (@chudypb), ArgFuscator (@wietze), and more!

blog.badsectorlabs.com/last-we

2025-03-22

📢 🏟️ Ludus 1.9.2 is now available! New features include:
✅ Install Linux packages easily from range config
✅ Control Wireguard subnet traffic with custom network rules
✅ Fixed domain joining for non-English Windows and more!

Full changelog: gitlab.com/badsectorlabs/ludus

2025-03-18

Evilginx Pro (@mrgretzky), Pre-auth RCE in a CMS (@chudypb), GOAD ADCS (@M4yFly), YouTube email disclosure (@brutecat), SAML parser bug (@ulldma), and more!

blog.badsectorlabs.com/last-we

2025-03-14

Excited to announce 🏟️Ludus 1.9.0 now with arbitrary snapshot support! See the docs: docs.ludus.cloud/docs/snapshots
We've added documentation for deploy tags as well.
1.9.0 also includes:
- Disable Windows Defender via GPO
- Better VM validation
- Chrome/Edge FRE disabled
- Much more!

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst