Lots of good write ups (like Citrix Bleed 2) but my favorite was seeing how 🏟️ Ludus.cloud helped Cameron Stish of Guidepoint Security find "LoopyTicket" (CVE-2025-33073).
https://blog.badsectorlabs.com/last-week-in-security-lwis-2025-07-07.html
Weekly Cybersecurity news, techniques, exploits, and tools every Monday at http://blog.badsectorlabs.com
Lots of good write ups (like Citrix Bleed 2) but my favorite was seeing how 🏟️ Ludus.cloud helped Cameron Stish of Guidepoint Security find "LoopyTicket" (CVE-2025-33073).
https://blog.badsectorlabs.com/last-week-in-security-lwis-2025-07-07.html
Tons of great content released over the past few weeks. Get caught up with Last Week in Security!
https://blog.badsectorlabs.com/last-week-in-security-lwis-2025-06-30.html
This week's edition is packed full of great techniques and tools! One of the longest posts we've done; there's so much cool stuff being released.
https://blog.badsectorlabs.com/last-week-in-security-lwis-2025-06-09.html
Want to learn pivoting this weekend? The 🏟️Ludus community created a Pivot Lab with 11 different pivoting tools! Check it out: https://docs.ludus.cloud/docs/environment-guides/pivot-lab
Stealth syscalls (@darkrelaylabs), VM introspection (@memn0ps), Marebackup LPE (@itm4n), Arc C2 (@ZephrFish), Obfusk8 (@x86byte), and more!
https://blog.badsectorlabs.com/last-week-in-security-lwis-2025-06-02.html
BadSuccessor (@YuG0rd), o3 finds SMB 0day (@seanhn), crashing defender (@InfoGuard_Labs), MDT looting (@Oddvarmoe), and more!
https://blog.badsectorlabs.com/last-week-in-security-lwis-2025-05-27.html
MATCH (c1:Computer)-[:MemberOf*1..]->(g:Group) WHERE g.objectsid ENDS WITH '-516' WITH COLLECT(c1[.]name) AS dcs MATCH (c2:Computer) WHERE c2.enabled = true AND (c2.operatingsystem contains '2025') AND (c2[.]name IN dcs) RETURN c2[.]name
If this query hits, you're DA: https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory
Certipy 5 (@ly4k_), MobileIron pwnage (@chudypb), new CRTO pricing (@_ZeroPointSec), Volatility 3 parity (@volatility), and more!
https://blog.badsectorlabs.com/last-week-in-security-lwis-2025-05-19.html
Cobalt Strike for free!? Adaptix C2 (@hacker_ralf) is the best open source C2 I've used since Havoc (@C5pider). Adaptix has SOCKS5, remote and local port forwards, and BOF support! Now it's easy to install the server and client, especially on 🏟️Ludus with our new role:
SysAid RCE (@SinSinology + @watchtowrcyber), defendnot (@es3n1n), iOS widget hacks (@bryce), Sword of Secrets (@GiliYankovitch), and more!
https://blog.badsectorlabs.com/last-week-in-security-lwis-2025-05-12.html
The Ludus range config can get complex (lots of features == lots of options!), but VSCode (and Cursor/Windsurf) can help if you add:
# yaml-language-server: $schema=https://docs.ludus.cloud/schemas/range-config.json
to the top of a yaml, the editor will highlight and explain errors! 🤯
ProxyBlobing (@_atsika), SonicWall n-days (@SinSinology), Drag and Pwnd (@d4d89704243), Loki C2 2.0 (@0xBoku), GraphSpy 1.5.0 (@RedByte1337), and more!
https://blog.badsectorlabs.com/last-week-in-security-lwis-2025-05-05.html
Got my hands on an unreleased Google DeepMind AI workstation! 🧠💻
jk, but the new 🏟️Ludus 🚫🏖️Anti-Sandbox update allows for full customization of machine values. Make your machines look like whatever you (or your APTs) expect. https://docs.ludus.cloud/docs/enterprise/anti-sandbox
Survive the RSA noise by focusing on the technical, with Last Week in Security!
https://blog.badsectorlabs.com/last-week-in-security-lwis-2025-04-28.html
Go beyond the CVE drama; lots of good technical content from last week: https://blog.badsectorlabs.com/last-week-in-security-lwis-2025-04-21.html
WinRMS relay (@Defte_), plaintext Zip attacks (@pfiatde), SQL Server Crypto deep dive (@_xpn_), FindUnusualSessions (@podalirius_), and more!
https://blog.badsectorlabs.com/last-week-in-security-lwis-2025-04-14.html
Next.js auth bypass (@zhero___ + @inzo____), ServiceNow for red teamers (@__invictus_), Veeam RCE - again! (@chudypb), ArgFuscator (@wietze), and more!
https://blog.badsectorlabs.com/last-week-in-security-lwis-2025-03-24.html
📢 🏟️ Ludus 1.9.2 is now available! New features include:
✅ Install Linux packages easily from range config
✅ Control Wireguard subnet traffic with custom network rules
✅ Fixed domain joining for non-English Windows and more!
Full changelog: https://gitlab.com/badsectorlabs/ludus/-/releases/1.9.2#changelog
Evilginx Pro (@mrgretzky), Pre-auth RCE in a CMS (@chudypb), GOAD ADCS (@M4yFly), YouTube email disclosure (@brutecat), SAML parser bug (@ulldma), and more!
https://blog.badsectorlabs.com/last-week-in-security-lwis-2025-03-17.html
Excited to announce 🏟️Ludus 1.9.0 now with arbitrary snapshot support! See the docs: https://docs.ludus.cloud/docs/snapshots
We've added documentation for deploy tags as well.
1.9.0 also includes:
- Disable Windows Defender via GPO
- Better VM validation
- Chrome/Edge FRE disabled
- Much more!