🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Come hack an emulated ARM-based camera running in Ludus at DEF CON’s EmbeddedSystemsVillage! Look for the colosseum full of LEDs 🏟️💡

Dropped a new tool at DEF CON 32! Loot SCCM Distribution points via HTTP with github.com/badsectorlabs/… We've found credentials, certificates, custom apps, keystores, etc. What will you find?

And check out the PR for NTLM relaying to SCCM DP. 😬 github.com/fortra/impacke…

👏🎉 check it out!

TLDR - they’re losing money from Uncle Sam so they’re doing what everyone else does. Pay your taxes folks!

D'oh, so you leaked your AWS credentials 🤦‍♂️ Does it matter 𝐰𝐡𝐞𝐫𝐞? It turns out there's a HUGE difference in how fast attackers will find them. Idan Ben Ari deployed canary tokens (fake AWS credentials) using Thinkst Canary to a number of different locations and analyzed:

The Record From Recorded Future News tl;dr it's cool and badass when your car parses your conversations to determine vehicle passengers, passengers name, locations, traveling speed, objects of interest around them, road conditions, traffic, etc. then sells it to advertisers and data collection groups

🥹💯

I just released a tailscale deploy/remove role for Bad Sector Labs Ludus. Thank you to Chihuahua in charge NotMe for all the testing. Please let me know if you encounter any bugs or if you have any ideas for improvement. Feel free to submit a PR. github.com/NocteDefensor/… #Ludus #Tailscale

MSSQL domain privesc (Scott Sutherland), .mobi whois takeover (watchTowr), LLM CTF (Bishop Fox), mac filesystem 🪄 (Gergely Kalman), and more! blog.badsectorlabs.com/last-week-in-s…

🤣🤣🤣

Sick! 🔥

I’m building incredibly in-depth course work for Command and Control operations as well as detection engineering. This is NOT entry level. Live instruction + lifetime access to materials. Until it launches, once a week I will give away access to someone who retweets and follows

Last week, we asked Devin to make a change. It added an event on the banner component mount, which caused 6.6M PostHog events in one week, which will cost us $733 Devin cost $500 + $733 = $1273 😢👍 Lesson - Review AI-generated code multiple times

First LWiS of 2025! Check it out every week.

Happy to see that frack113 added an Ansible role for our Aurora agent in Ludus Ludus docs.ludus.cloud Ludus Roles docs.ludus.cloud/docs/roles/#lu… github.com/frack113/ludus… Aurora Agent (free) nextron-systems.com/aurora/

2 weeks worth of news, techniques, tools and exploits! blog.badsectorlabs.com/last-week-in-s…

WinRMS relay (Aurélien Chalot), plaintext Zip attacks (pfiatde), SQL Server Crypto deep dive (Adam Chester 🏴‍☠️), and more! blog.badsectorlabs.com/last-week-in-s…

Cobalt Strike for free!? Adaptix C2 (HackerRalf) is the best open source C2 I've used since Havoc (5pider). SOCKS5, remote and local port forwards, and BOF support! Now it's easy to install the server + client, especially on 🏟️Ludus with our new role: github.com/badsectorlabs/…

This week's edition is packed full of great techniques and tools! One of the longest posts we've done; there's so much cool stuff being released. blog.badsectorlabs.com/last-week-in-s…