Bad Sector Labs
@badsectorlabs
Followers
8K
Following
663
Media
68
Statuses
913
Cybersecurity news, techniques, exploits, and tools every week at https://t.co/UgKmeEEjIV 🐘 @[email protected]
Joined November 2011
Stop testing in prod (even someone else's)! Are you tired of installing Active Directory on your test VMs for the 100th time? Ever YOLO a binary off GitHub into prod because your testing setup is tedious? I've built a solution: .(1/5).
ludus.cloud
The easiest way to deploy testing infrastructure
14
74
189
RT @evilsocket: Legba v1.1.0 is out! 🥳This is a major release that required a significant amount of (human) effort, bringing several key im….
0
24
0
There are a ton of new 🛠️ tools ⚒️ in this post and I'm sure we missed a ton more. Let us know if your favorite was left out so we can include it next week in the "New to me" section!.
blog.badsectorlabs.com
DEF CON releases, PDQ SmartDeploy creds (@unsigned_sh0rt), FortiSIEM root command injection (@SinSinology), a cat themed loader (@vxunderground), fine-tune LLMs for offsec (@kyleavery_), juicing...
0
4
21
Come see a preview of the new Web UI for 🏟️Ludus at the Embedded Systems Village. Our mini-workshop walks you through deploying a range and then hacking an emulated IP camera.
6
3
42
In Vegas for hacker summer camp and trying to get food without breaking the bank? I vibed a simple map site: Come see Ludus at the embedded Systems Village - hack an IP camera, see the new UI, and get a sticker!.
2
5
19
Last LWIS before DEF CON. Come see us in the Embedded Systems Village where we have a mini-workshop hosting an emulated camera on Ludus for you to hack!.
blog.badsectorlabs.com
AEM RCE (@infosec_au), Intune cert abuse (@_dirkjan), Entra tradecraft (@hotnops), LLMs for R&D (@kyleavery_), File System API research (@Print3M_), and more!
1
5
10
RT @curi0usJack: Created two new ansible roles for @badsectorlabs's Ludus that enable ASR rules and create/link the recommended audit GPOs….
github.com
Ludus roles to deploy ASR rules and MDI auditing settings - curi0usJack/Ludus-MDE-MDI-Roles
0
31
0
Published LWiS just as the "upload a PNG to a live bird" story broke, so it didn't make it in sadly. 🐦⬛🤯Here it is though:
tomshardware.com
Who needs Starlink when you've got an actual starling
VMware Tools LPE (@justbronzebee), Adaptix C2 0.7 (@hacker_ralf), Ludus MCP (@__MastadonMastadon>__), and more!
0
0
7
RT @Infosecpat: I been working on GOAD. I installed @badsectorlabs Ludus and loving it. This will be fun and making videos soon on my new j….
0
6
0
RT @__Mastadon: I've recently released an MCP server for controlling your #Ludus lab or making range config files using natural language wi….
github.com
Contribute to NocteDefensor/LudusMCP development by creating an account on GitHub.
0
4
0
Consistently seeing Ludus related content in these posts a year and a half after release. Finding Ludus wallpapers or domain names in write ups is really cool. It's great that Ludus is helping push security forward in its little way ☺️.
PIC agents (@_RastaMouse), ToolShell, Async BOFs (@Cneelis), SCCM MP relays (@unsigned_sh0rt), and more!
3
1
34
LudusHound (@bagelByt3s), SpeechRuntimeMove (@ShitSecure), Havoc Pro (@C5pider), FortiWeb RCE (@SinSinology), SailPoint IQService RCE (@NetSPI), Altiris RCE (@lefterispan), WAF bypass (@nyxgeek), and more!.
blog.badsectorlabs.com
LudusHound (@bagelByt3s), SpeechRuntimeMove (@ShitSecure), Havoc Pro (@C5pider), FortiWeb RCE (@SinSinology), SailPoint IQService RCE (@NetSPI), Altiris RCE (@lefterispan), WAF bypass (@nyxgeek ),...
0
10
59
RT @SpecterOps: 🔴 Red and blue teams, this one's for you. 🔵. LudusHound bridges BloodHound Attack Paths with lab automation by creating a f….
0
79
0
RT @__ar0d__: This is 🔥 🔥 🔥 . LESS AND LESS excuses on why you can’t test before YOLOing in your client network. Amazing work Beyviel 👏 . @….
specterops.io
LudusHound is a tool for red and blue teams that transforms BloodHound data into a fully functional, Active Directory replica environment via the Ludus framework for controlled testing.
0
20
0
Ludushound shows the power of community driven innovation in cybersecurity. @bagelByt3s created an awesome tool to convert bloodhound data into a working lab in 🏟️ Ludus. Replicate complex live environments with automation - and get back to the fun stuff!.
specterops.io
LudusHound is a tool for red and blue teams that transforms BloodHound data into a fully functional, Active Directory replica environment via the Ludus framework for controlled testing.
1
91
265
Few exploit devs consistently impress like @SinSinology. Seems like there isn't a week that goes by that we don't put an unauth-RCE of his in Last Week in Security. Keep crushing it! 👏👏👏.
Another Falls! Fortinet PSIRT really needs to go out and touch grass ☠️
1
1
29
Introducing Havoc Professional: A Lethal Presence. We’re excited to share a first look at Havoc Professional, a next-generation, highly modular Command and Control framework, and Kaine-kit our fully Position Independent Code agent engineered for stealth!.
3
4
74
Lots of good write ups (like Citrix Bleed 2) but my favorite was seeing how 🏟️ helped Cameron Stish of Guidepoint Security find "LoopyTicket" (CVE-2025-33073).
blog.badsectorlabs.com
Lenovo Applocker bypass (@Oddvarmoe), Citrix Bleed 2 (@SinSinology, @inkmoro, Aliz Hammond), A+ adversary simulation (@quarkslab), DreamWalkers loader (@max2cbx), SigStrike (@rushter), and more!
1
5
25
Tons of great content released over the past few weeks. Get caught up with Last Week in Security!.
blog.badsectorlabs.com
Linux sleep obfs (@k0zmer), sudo vuln (@0xm1rch), self-xss trick (@slonser_), primitive injection (@trickster012), Sitecore RCE (@chudyPB ), and more!
0
9
34
RT @k0zmer: single-threaded event driven sleep obfuscation poc for linux utilizing file descriptors, inspired by "pendulum" from @kyleavery….
github.com
single-threaded event driven sleep obfuscation poc for linux - kozmer/silentpulse
0
21
0