🏟️ Ludus launched 2 years ago and the community embraced and extended it with write-ups, roles, configs, and environments. We're excited to see what you build with Ludus 2!

Ludus 2 brings:
- 🏘️ Cluster support
- 🌐 Web UI
- 🗺️ Range Blueprints
- 🤝 Better sharing (Users and groups!)
- 🗃️ New backend
- 🆔 SSO
- 📚 Updated docs

Ludus is free an open source, with optional paid plugins to support enterprise use cases. All new features besides the Web UI are available via the API/CLI and open source, commercial use permitted.

We want as many people as possible to be able to use Ludus Pro. You can apply for an NFR license to get Pro features free for non-commercial use at http://ludus.cloud

Full quality video: https://youtu.be/swa9k4QxeXA

Cobalt Strike for free!? Adaptix C2 (@hacker_ralf) is the best open source C2 I've used since Havoc (@C5pider). Adaptix has SOCKS5, remote and local port forwards, and BOF support! Now it's easy to install the server and client, especially on 🏟️Ludus with our new role:

https://github.com/badsectorlabs/ludus_adaptix_c2

The Ludus range config can get complex (lots of features == lots of options!), but VSCode (and Cursor/Windsurf) can help if you add:

# yaml-language-server: $schema=https://docs.ludus.cloud/schemas/range-config.json

to the top of a yaml, the editor will highlight and explain errors! 🤯

Got my hands on an unreleased Google DeepMind AI workstation! 🧠💻

jk, but the new 🏟️Ludus 🚫🏖️Anti-Sandbox update allows for full customization of machine values. Make your machines look like whatever you (or your APTs) expect. https://docs.ludus.cloud/docs/enterprise/anti-sandbox

Step 1: Look cool 😎

🏟 Ludus has a brand new installer powered by Charm.

1.5.0 also adds `depends_on` for roles as well as global roles - opening up complex server/client roles to be deployed in any order!

Install docs have been simplified too - now is the best time to try the free and open source cyber range automation solution https://ludus.cloud!

Crowdstrike never ran the channel update on even a single Windows system before sending it out to every customer?!

"Based on the testing performed before the initial deployment of the Template Type (on March 05, 2024), trust in the checks performed in the Content Validator, and previous successful IPC Template Instance deployments, these instances were deployed into production."

I was fully expecting a story of how QA got bypassed and then someone overrode the staged rollout due to a perceived threat. The truth is much worse. There was zero QA of this specific channel file and there is no process for a staged rollout of channel files. Wild!

For reference, this is the CI pipeline for Ludus that must succeed before a release is created. It builds Ludus from a Debian 12 fresh install and tests all functions as an admin, then as a normal user, before finally building a complex range with all the features available in the configuration and checks the resulting range to make sure they all worked.

You've seen the XZ backdoor, but have you gotten hands on with it?

With just a config edit and a deploy, the backdoor and xzbot tool is setup for you - thats the power of 🏟️ Ludus!

New Flare VM, REMnux, and Commando VM roles/templates dropped too!

https://docs.ludus.cloud/docs/Environment%20Guides/malware-lab/