Bad Sector Labs

Stop testing in prod (even someone else's)! Are you tired of installing Active Directory on your test VMs for the 100th time? Ever YOLO a binary off GitHub into prod because your testing setup is tedious? I've built a solution: ludus.cloud (1/5)

Consistently seeing Ludus related content in these posts a year and a half after release. Finding Ludus wallpapers or domain names in write ups is really cool. It's great that Ludus is helping push security forward in its little way ☺️

LudusHound (@bagelByt3s), SpeechRuntimeMove (@ShitSecure), Havoc Pro (@C5pider), FortiWeb RCE (@SinSinology), SailPoint IQService RCE (@NetSPI), Altiris RCE (@lefterispan), WAF bypass (@nyxgeek), and more! blog.badsectorlabs.com/last-week-in-s…

🔴 Red and blue teams, this one's for you. 🔵 LudusHound bridges BloodHound Attack Paths with lab automation by creating a functional Active Directory replica testing environment. Read @bagelByt3s blog post for more. ghst.ly/40Ippn1

This is 🔥 🔥 🔥 LESS AND LESS excuses on why you can’t test before YOLOing in your client network. Amazing work Beyviel 👏 @SpecterOps specterops.io/blog/2025/07/1…

Ludushound shows the power of community driven innovation in cybersecurity. @bagelByt3s created an awesome tool to convert bloodhound data into a working lab in 🏟️ Ludus. Replicate complex live environments with automation - and get back to the fun stuff! specterops.io/blog/2025/07/1…

Few exploit devs consistently impress like @SinSinology. Seems like there isn't a week that goes by that we don't put an unauth-RCE of his in Last Week in Security. Keep crushing it! 👏👏👏

Introducing Havoc Professional: A Lethal Presence We’re excited to share a first look at Havoc Professional, a next-generation, highly modular Command and Control framework, and Kaine-kit our fully Position Independent Code agent engineered for stealth! infinitycurve.org/blog/introduct…

Lots of good write ups (like Citrix Bleed 2) but my favorite was seeing how 🏟️ Ludus.cloud helped Cameron Stish of Guidepoint Security find "LoopyTicket" (CVE-2025-33073). blog.badsectorlabs.com/last-week-in-s…

Tons of great content released over the past few weeks. Get caught up with Last Week in Security! blog.badsectorlabs.com/last-week-in-s…

single-threaded event driven sleep obfuscation poc for linux utilizing file descriptors, inspired by "pendulum" from @kyleavery_ github.com/kozmer/silentp…

This week's edition is packed full of great techniques and tools! One of the longest posts we've done; there's so much cool stuff being released. blog.badsectorlabs.com/last-week-in-s…

Want to learn pivoting this weekend? The 🏟️Ludus community created a Pivot Lab with 11 different pivoting tools! Check it out: docs.ludus.cloud/docs/environme…

I just spun up Ludus by @badsectorlabs for the first time. Everything just works! It's brought me a great amount of joy! Thank you 😄

Two of the linked posts use 🏟️Ludus.cloud in their PoCs. Why aren't you? It's free, open source, and built to make your life easier.

Our ansible role has been updated to support v0.5 server and client! Enjoy: github.com/badsectorlabs/…

When you see a ludus.cloud wallpaper in the PoC video

BadSuccessor (@YuG0rd), o3 finds SMB 0day (@seanhn), crashing defender (@InfoGuard_Labs), MDT looting (@Oddvarmoe), and more! blog.badsectorlabs.com/last-week-in-s…

MATCH (c1:Computer)-[:MemberOf*1..]->(g:Group) WHERE g.objectsid ENDS WITH '-516' WITH COLLECT(c1[.]name) AS dcs MATCH (c2:Computer) WHERE c2.enabled = true AND (c2.operatingsystem contains '2025') AND (c2[.]name IN dcs) RETURN c2[.]name If this query hits, you're in.

Don't miss RedirectThread from @yudasm_, @VakninHai, @cybergentix, and Noam in this edition!

Cobalt Strike for free!? Adaptix C2 (@hacker_ralf) is the best open source C2 I've used since Havoc (@C5pider). SOCKS5, remote and local port forwards, and BOF support! Now it's easy to install the server + client, especially on 🏟️Ludus with our new role: github.com/badsectorlabs/…