Bad Sector Labs(@badsectorlabs) 's Twitter Profileg
Bad Sector Labs

@badsectorlabs

Cybersecurity news, techniques, exploits, and tools every week at https://t.co/UgKmeEEjIV ๐Ÿ˜ @[email protected]

ID:416718790

linkhttps://blog.badsectorlabs.com calendar_today20-11-2011 02:01:37

728 Tweets

6,2K Followers

440 Following

Bad Sector Labs(@badsectorlabs) 's Twitter Profile Photo
Bad Sector Labs
@badsectorlabs

2 weeks ago

It's cool to see others embracing ๐ŸŸ๏ธ Ludus. Great work!

account_circle
Bad Sector Labs(@badsectorlabs) 's Twitter Profile Photo
Bad Sector Labs
@badsectorlabs

3 weeks ago

User readable /sys/kernel/notes exposed the address of xen_startup, effectively breaking kernel address space layout randomization (KASLR) for local privilege escalation exploits (or any exploit with file read ability) for the entire history of KASLRโ€ฆ ๐Ÿ˜ฌ

account_circle
Bad Sector Labs(@badsectorlabs) 's Twitter Profile Photo
Bad Sector Labs
@badsectorlabs

3 weeks ago

Exploit devs stealing work and dropping 0days like old days!

account_circle
Bad Sector Labs(@badsectorlabs) 's Twitter Profile Photo
Bad Sector Labs
@badsectorlabs

3 weeks ago

The 'Kobold letters' entry under Techniques and Write-ups is going to be gold for bespoke phishing campaigns.

blog.badsectorlabs.com/last-week-in-sโ€ฆ

account_circle
S4ntiagoP(@s4ntiago_p) 's Twitter Profile Photo
S4ntiagoP
@s4ntiago_p

3 weeks ago

Got some free time and added a requested feature to NoConsolation.
Now binaries are automatically encrypted and stored in memory, so they don't need to be sent each time. Have fun!
github.com/fortra/No-Consโ€ฆ

account_circle
blasty(@bl4sty) 's Twitter Profile Photo
blasty
@bl4sty

3 weeks ago

the xz sshd backdoor rabbithole goes quite a bit deeper. I was just able to trigger some harder to reach functionality of the backdoor. there's still more to explore.. 1/n

the xz sshd backdoor rabbithole goes quite a bit deeper. I was just able to trigger some harder to reach functionality of the backdoor. there's still more to explore.. 1/n
account_circle
Bad Sector Labs(@badsectorlabs) 's Twitter Profile Photo
Bad Sector Labs
@badsectorlabs

4 weeks ago

Fully agree! I ran raspberry pis with pwnable.kr challenges on them for soldiers when I was in the army, but now there is ludus.cloud which makes complex labs accessible to everyone!

account_circle
Kuba Gretzky(@mrgretzky) 's Twitter Profile Photo
Kuba Gretzky
@mrgretzky

1 month ago

Evilginx ๐Ÿ’— Gophish

The long-awaited official integration of Evilginx with Gophish has finally arrived with the Evilginx 3.3 update. ๐Ÿช๐ŸŸ

The update includes lots of quality-of-life improvements as well.

Enjoy and happy phishing! ๐Ÿค—
breakdev.org/evilginx-3-3-gโ€ฆ

account_circle
Bad Sector Labs(@badsectorlabs) 's Twitter Profile Photo
Bad Sector Labs
@badsectorlabs

1 month ago

Laser focused on the XZ backdoor ๐Ÿง๐Ÿšชfrom last week? Come check out all the other stuff you missed including the best Linux LPE since DirtyCOW.

Alberto kept the news flowing while I worked on ludus.cloud 1.3.0.

blog.badsectorlabs.com/last-week-in-sโ€ฆ

account_circle
Bad Sector Labs(@badsectorlabs) 's Twitter Profile Photo
Bad Sector Labs
@badsectorlabs

1 month ago

What's better than ๐ŸŸ๏ธLudus? Ludus with friends ๐Ÿค! Range sharing just dropped in Ludus 1.3.0 (no joke).

Set up a range and let others access it or set up lots of ranges for yourself and switch between them seamlessly.

Free and open source ๐ŸคŸ

docs.ludus.cloud/docs/sharing

account_circle
Lau(@notselwyn) 's Twitter Profile Photo
Lau
@notselwyn

1 month ago

Exciting news! ๐Ÿš€ Just dropped my blogpost unveiling the universal Linux kernel LPE PoC for CVE-2024-1086 (working on v5.14 - v6.7) used for pwning Debian, Ubuntu, and KernelCTF Mitigation instances, including novel techniques like Dirty Pagedirectory ๐Ÿงต

pwning.tech/nftables

account_circle
Bad Sector Labs(@badsectorlabs) 's Twitter Profile Photo
Bad Sector Labs
@badsectorlabs

1 month ago

Bad Sector Labs (@badsectorlabs) on Twitter photo 2024-03-29 19:47:13
account_circle