你可能会喜欢
CODE WHITE proudly presents #ULMageddon which is our newest applicants challenge at apply-if-you-can.com packaged as a metal festival. Have fun 🤘 and #applyIfYouCan
Ten days left. The warm-up fades. Maultaschen were soft. Bean Beats were dark and burnt. But the beats of #ULMageddon will be brutal! #applyIfYouCan
We always love a good challenge. That’s why we’re sponsoring the 10th FAUST CTF. Game on at 2025.faustctf.net
We've added a new demo to NewRemotingTricks that makes deploying a MarshalByRefObject (e.g., WebClient) even easier: System.Lazy<T> creates an instance of T on serialization, which is probably more likely to be allowed than a XAML gadget getting through. github.com/codewhitesec/N…
Yes, we're beating a dead horse. But that horse still runs in corporate networks - and quietly gives attackers the keys to the kingdom. We're publishing what’s long been exploitable. Time to talk about it. #DSM #Ivanti code-white.com/blog/ivanti-de…
At @codewhitesec we have a red team style hacking challenge each year which is also a great way to practice/test/improve your skills ;)
Our crew members @mwulftange & @frycos discovered & responsibly disclosed several new RCE gadgets that bypass #Veeam's blacklist for CVE-2024-40711 & CVE-2025-23120 as well as further entry points following @SinSinology & @chudyPB's blog. Don’t blacklist, replace BinaryFormatter.
Ever wondered how Kurts Maultaschenfabrikle got hacked in 2023? The full story, all technical details, out now ;-) apply-if-you-can.com/walkthrough/20…
Using Telerik Reporting or Report Server? Patch now to fix 3 RCEs @mwulftange found (CVE-2024-8015, CVE-2024-8014, CVE-2024-8048). Telerik vulns have a history of being exploited by threat actors according to @CISACyber Details at code-white.com/public-vulnera…
BeanBeat has been aquired by Kurts Maultaschenfabrikle! You don't know what that means? Head over to apply-if-you-can.com to find out in challenges that, without exception, stem from real-world vulns #uncompromisingRealism #finestHacking
Think your #kubernetes or #kubelet API is secured with auth? Think again if you expose #tekton for which our crewmember @flomb_ has some nice writeup regarding RCE & proxy risks.
Published my write-up regarding two vulnerabilities in the Tekton Dashboard. blog.flomb.net/posts/tekton/
Better patch your Veeam Backup & Replication servers! Full system takeover via CVE-2024-40711, discovered by our very own @frycos - no technical details from us this time because this might instantly be abused by ransomware gangs code-white.com/public-vulnera…
We've received insider information from a reliable source that Kurts Maultaschenfabrikle will be expanding and securing their IT in the coming weeks. So either act fast and get ahead on apply-if-you-can.com or wait for the new challenges. Or better yet, do both 🤓
Teaching the Old .NET Remoting New Exploitation Tricks – read how @mwulftange developed novel techniques to exploit Apache log4net's hardened .NET Remoting service: code-white.com/blog/teaching-…
Another product, another deserialization vulnerability, another RCE from @mwulftange: Patch your Telerik Report Server (CVE-2024-6327 & CVE-2024-6096) code-white.com/public-vulnera…
Our CODE WHITE crew can see every day how frycos finds what he finds. Now you can too: an instructive insight into his thought process based on his RCE in MS Dynamics - well worth the read if you're into .NET exploitation
My blog post about several findings in Dynamics 365 Business Central. I tried writing in a .NET primer style for code audit beginners. frycos.github.io/vulns4free/202…
Today, CODE WHITE turns 10 🥳 Over the past decade, we've hacked our way through 120+ large corporations' defenses, caused headaches for Blue Teams and disclosed numerous 0days to vendors. Proudly grown from a few motivated hackers in 2014 to an established team of 50+ today 💪
United States 趋势
- 1. D’Angelo 286K posts
- 2. Young Republicans 14K posts
- 3. Pentagon 107K posts
- 4. #PortfolioDay 16.4K posts
- 5. Brown Sugar 20.7K posts
- 6. Politico 166K posts
- 7. Big 12 13.3K posts
- 8. Drew Struzan 28.5K posts
- 9. Scream 5 N/A
- 10. Black Messiah 10.8K posts
- 11. David Bell N/A
- 12. Presidential Medal of Freedom 59.6K posts
- 13. Soybeans 5,228 posts
- 14. Milei 264K posts
- 15. Venables 3,653 posts
- 16. Merino 14.8K posts
- 17. World Cup 337K posts
- 18. Nick Mangold N/A
- 19. Voodoo 21.6K posts
- 20. Baldwin 21K posts
你可能会喜欢
-
DirectoryRanger
@DirectoryRanger -
MDSec
@MDSecLabs -
SpecterOps
@SpecterOps -
frycos
@frycos -
Orange Tsai 🍊
@orange_8361 -
NCC Group Research & Technology
@NCCGroupInfosec -
Arseniy Sharoglazov
@_mohemiv -
PT SWARM
@ptswarm -
Lee Chagolla-Christensen
@tifkin_ -
Florian Hansemann
@CyberWarship -
Sean Metcalf
@PyroTek3 -
Marcello
@byt3bl33d3r -
Markus Wulftange
@mwulftange -
spotheplanet
@spotheplanet -
Adam Chester 🏴☠️
@_xpn_
Something went wrong.
Something went wrong.