Last Week in Security (LWiS) - 2026-03-30 🏟️❤️🤖 Ludus MCP/Skills (@badsectorlabs), Grapefruit 📱 security suite (@CodeColorist), 2 Citrix NetScaler posts (@AlizTheHax0r + @_mccaulay), 🔒 BIOS bypass (@craigsblackie), and more!

🏟️❤️🤖 Ludus MCP/Skills (@badsectorlabs), Grapefruit 📱 security suite (@CodeColorist), 2 Citrix NetScaler posts (@AlizTheHax0r + @_mccaulay), 🔒 BIOS bypass (@craigsblackie), and more!

blog.badsectorlabs.com/last-week-in...

Last Week in Security (LWiS) - 2026-03-24 The FCC bans all new foreign routers, Delve was a compliance as a service scam, ForceHound, VMKatz, and more!

The FCC bans all new foreign routers, Delve was a compliance as a service scam, ForceHound, VMKatz, and more!

blog.badsectorlabs.com/last-week-in...

Ludus The easiest way to deploy cybersecurity infrastructure

We want as many people as possible to be able to use Ludus Pro. You can apply for an NFR license to get Pro features free for non-commercial use at ludus.cloud

Full quality video: youtu.be/swa9k4QxeXA

Ludus is free an open source, with optional paid plugins to support enterprise use cases. All new features besides the Web UI are available via the API/CLI and open source, commercial use permitted.

Ludus 2 brings:
- 🏘️ Cluster support
- 🌐 Web UI
- 🗺️ Range Blueprints
- 🤝 Better sharing (Users and groups!)
- 🗃️ New backend
- 🆔 SSO
- 📚 Updated docs

🏟️ Ludus launched 2 years ago and the community embraced and extended it with write-ups, roles, configs, and environments. We're excited to see what you build with Ludus 2! (1/4)

Last Week in Security (LWiS) - 2026-03-09 Ludus 2 (@badsectorlabs), new GOAD lab (@M4yFly), 🍪 hack (@XeEaton), DPAPI + Nemesis (@harmj0y + @tifkin_), iOS exploit kit found (@Mandiant), and more!

Ludus 2 (@badsectorlabs), new GOAD lab (@M4yFly), 🍪 hack (@XeEaton), DPAPI + Nemesis (@harmj0y + @tifkin_), iOS exploit kit found (@Mandiant), and more!

blog.badsectorlabs.com/last-week-in...

We try hard to do this with Ludus. We've gotten huge value from the Ludus Discord and watching what people struggle with or have to fight to get to work and that makes us try to solve that issue in Ludus itself.

It's a balance of not adding every little feature though, so there is art to it.

A scalpel, a hammer, and a foot gun Last month, I released a Yara signature generator for Crystal Palace. AKA, an invariant content observation tool. I then used the feature to document the physics of various content-signature parame…

A Scalpel, A Hammer, and a Foot Gun

aff-wg.org/2026/03/03/a...

Last Week in Security (LWiS) - 2026-03-02 SolarWinds RCE (@chudyPB), Windows 11 Recall-based LPE (@filip_dragovic), Robot RCEs (@olivier_boschko + @ruikai), EDR as a RAT (@p0w1_), and more!

SolarWinds RCE (@chudyPB), Windows 11 Recall-based LPE (@filip_dragovic), Robot RCEs (@olivier_boschko + @ruikai), EDR as a RAT (@p0w1_), and more!

blog.badsectorlabs.com/last-week-in...

Last Week in Security (LWiS) - 2026-02-23 Firefox RCE (@kqx_io), Havoc Professional (@C5pider + @0xC4RN4GE + @avx128), afd.sys UAF (@Dark_Puzzle + @Bad_Jubies), macOS JIT abuse (@kyleavery), AEMonitor (@__pberba__), and more!

Firefox RCE (@kqx_io), Havoc Professional (@C5pider + @0xC4RN4GE + @avx128), afd.sys UAF (@Dark_Puzzle + @Bad_Jubies), macOS JIT abuse (@kyleavery), AEMonitor (@__pberba__), and more!

blog.badsectorlabs.com/last-week-in...

Last Week in Security (LWiS) - 2026-02-16 SharePoint enumeration (@matthiasdeeg), LNK

SharePoint enumeration (@matthiasdeeg), LNK "0days" (@Wietze), AMD driver LPE (@Bad_Jubies), POSTing to superadmin (@XeEaton), and more!

blog.badsectorlabs.com/last-week-in...

Last Week in Security (LWiS) - 2026-02-09

"Negative-day" discovery (@spaceraccoonsec), Exploit gen with LLMs (@seanhn), Harmony LPE (@johnnyspandex + @buffaloverflow), NetSupport Manager RCE (@0xor_solo), Azure blob C2 (@KingOfTheNOPs + @senderend) and more!

blog.badsectorlabs.com/last-week-in...

Last Week in Security (LWiS) - 2026-01-12 SmarterMail Pre-auth RCE (@chudyPB + @SinSinology), Claude Code code execution (@ryotkak), VSS create (@RicardoJoseRF ), EDRStartupHinder (@TwoSevenOneT), and more!

SmarterMail Pre-auth RCE (@chudyPB + @SinSinology), Claude Code code execution (@ryotkak), VSS create (@RicardoJoseRF ), EDRStartupHinder (@TwoSevenOneT), and more!

blog.badsectorlabs.com/last-week-in...

Last Week in Security (LWiS) - 2026-01-05 Windows ARM64 internals (@33y0re), VEH^2 PoC (@0xfluxsec), macOS 26 TCC bypass (@patch1t), BOFs with Crystal Palace (@_RastaMouse), Flare-On 2025 write-ups (@washi_dev), and more!

Start your 2026 off with 3 weeks of news, techniques, write-ups, and exploits!

blog.badsectorlabs.com/last-week-in...

Bad Sector Labs Blog Weekly Cybersecurity news, techniques, exploits, and tools every Monday

You can always read the most recent edition at blog.badsectorlabs.com

See you in 2026! 🎉

Thanks to the community for sharing your work!

Follow along on 🦋 Bluesky (@badsectorlabs.com), 🐘 Mastodon (@badsectorlabs@infosec.exchange), sign up for the email newsletter at subscribe.badsectorlabs.com/subscription...,
or subscribe to the RSS feed at blog.badsectorlabs.com/feeds/all.at...

We published 44 editions of Last Week in Security in 2025, the best free technical cybersecurity newsletter.

We sifted through the noise (without AI!) to deliver:
📰 179 News Stories
🧠 407 Techniques & Write-ups
🛠️ 438 Tools & Exploits
👀 51 New X Accounts & 37 New Blogs followed

Last Week in Security (LWiS) - 2025-12-08 SCOM lab (@synzack21), WatchGuard RCE (@_mccaulay), Clickjacking with SVGs (@rebane2001), macOS LPE (@theevilbit), a new private phone company (@nickcalyx + @phreeli), Proxmox tradecraft (@ZephrFish) ...

SCOM lab (@synzack21), WatchGuard RCE (@_mccaulay), Clickjacking with SVGs (@rebane2001), macOS LPE (@theevilbit), a new private phone company (@nickcalyx + @phreeli), Proxmox tradecraft (@ZephrFish) and more!

blog.badsectorlabs.com/last-week-in...

Git SCOMmit - Putting the Ops in OpsMgr - SpecterOps Yet another System Center Ludus configuration for your collection. https://github.com/Synzack/ludus_scom

SCOM is one of the most deployed, but least researched, System Center products.

Zach Stein breaks down how it works + how to build a lab to test new tradecraft. ghst.ly/3Ymzfcw

Last Week in Security (LWiS) - 2025-11-10 Apple's sourcemaps takedown (@moeruri), Call stack sig bypass (@saerxcit), AD Site pwnage (@croco_byte), sneaky remap (@MagisterQuis), Deceptiq launch (@deceptiq_), and more!

Apple's sourcemaps takedown (@moeruri), Call stack sig bypass (@saerxcit), AD Site pwnage (@croco_byte), sneaky remap (@MagisterQuis), Deceptiq launch (@deceptiq_), and more!

blog.badsectorlabs.com/last-week-in...

Last Week in Security (LWiS) - 2025-10-06 WriteAccountRestrictions fun (@unsigned_sh0rt), RCE in Dell UnityVSA (@SinSinology), Unity Runtime exploit (@ryotkak), Lenovo DCC LPE (@0x4d5aC), remote control over generators (@XeEaton), and more!

WriteAccountRestrictions fun (@unsigned_sh0rt), RCE in Dell UnityVSA (@SinSinology), Unity Runtime exploit (@ryotkak), Lenovo DCC LPE (@0x4d5aC), remote control over generators (@XeEaton), and more!

blog.badsectorlabs.com/last-week-in...

Last Week in Security (LWiS) - 2025-09-15 FreeBPX RCE (@chudyPB), badpie (@dtmsecurity), macOS auditd malloc woes (@jfmeee), Spotlight TCC leak (@patrickwardle), WSUS relaying (@Coontzy1), pyLDAPGui (@ZephrFish), and more!

FreeBPX RCE (@chudyPB), badpie (@dtmsecurity), macOS auditd malloc woes (@jfmeee), Spotlight TCC leak (@patrickwardle), WSUS relaying (@Coontzy1), pyLDAPGui (@ZephrFish), and more!

blog.badsectorlabs.com/last-week-in...

Last Week in Security (LWiS) - 2025-09-08 Metamorphic compilation (@tijme), Windows Secure Calls (@33y0re), macOS race condition exploit (@patch1t), NTLM relaying (@elad_shamir), iOS zero-click RE (@quarkslab), and more!

Sure, a bunch of NPM packages got backdoor'd (again), but don't miss the great research and tools released last week! blog.badsectorlabs.com/last-week-in...

Last Week in Security (LWiS) - 2025-08-25 WebClient deep dive (@0xthirteen), 2x RCE chains in Commvault (@chudyPB), how to rob a hotel (@dmcxblue), MSI patch/protocol handler RCE (@johnnyspandex), self-relaying (@_logangoins), and more!

Lots of tooling around the new Bloodhound "OpenGraph" standard this week including vCenterHound from
@m0rd4vid and the bhopengraph library from
@podalirius_.

blog.badsectorlabs.com/last-week-in...

Last Week in Security (LWiS) - 2025-08-18 DEF CON releases, PDQ SmartDeploy creds (@unsigned_sh0rt), FortiSIEM root command injection (@SinSinology), a cat themed loader (@vxunderground), fine-tune LLMs for offsec (@kyleavery_), juicing NTDS....

DEF CON releases, PDQ SmartDeploy creds (@unsigned_sh0rt), FortiSIEM root command injection (@SinSinology), a cat themed loader (@vxunderground), fine-tune LLMs for offsec (@kyleavery_), juicing NTDS.DIT (@MGrafnetter), and more!

blog.badsectorlabs.com/last-week-in...

Come see a preview of the new Web UI for 🏟️Ludus at the Embedded Systems Village. Our mini-workshop walks you through deploying a range and then hacking an emulated IP camera.

In Vegas for hacker summer camp and trying to get food without breaking the bank? I vibed a simple map site: defconfood.badsectorlabs.com

Come see Ludus at the embedded Systems Village - hack an IP camera, see the new UI, and get a sticker!

Last Week in Security (LWiS) - 2025-08-04 AEM RCE (@infosec_au), Intune cert abuse (@_dirkjan), Entra tradecraft (@hotnops), LLMs for R&D (@kyleavery_), File System API research (@Print3M_), and more!

Last LWIS before DEF CON. Come see us in the Embedded Systems Village where we have a mini-workshop hosting an emulated camera on Ludus for you to hack!

blog.badsectorlabs.com/last-week-in...

Last Week in Security (LWiS) - 2025-07-28 VMware Tools LPE (@justbronzebee), Adaptix C2 0.7 (@hacker_ralf), Ludus MCP (@__Mastadon), SOAP(y) (@_logangoins), and more!

VMware Tools LPE (@justbronzebee), Adaptix C2 0.7 (@hacker_ralf), Ludus MCP (@__Mastadon), SOAP(y) (@_logangoins), and more!

blog.badsectorlabs.com/last-week-in...