CODE WHITE GmbH
@codewhitesec
Red Teaming. Security Research. Continuous Penetration Testing. Threat Intelligence.
You might like
CODE WHITE proudly presents #ULMageddon which is our newest applicants challenge at apply-if-you-can.com packaged as a metal festival. Have fun 🤘 and #applyIfYouCan
Ten days left. The warm-up fades. Maultaschen were soft. Bean Beats were dark and burnt. But the beats of #ULMageddon will be brutal! #applyIfYouCan
We always love a good challenge. That’s why we’re sponsoring the 10th FAUST CTF. Game on at 2025.faustctf.net
We've added a new demo to NewRemotingTricks that makes deploying a MarshalByRefObject (e.g., WebClient) even easier: System.Lazy<T> creates an instance of T on serialization, which is probably more likely to be allowed than a XAML gadget getting through. github.com/codewhitesec/N…
Yes, we're beating a dead horse. But that horse still runs in corporate networks - and quietly gives attackers the keys to the kingdom. We're publishing what’s long been exploitable. Time to talk about it. #DSM #Ivanti code-white.com/blog/ivanti-de…
At @codewhitesec we have a red team style hacking challenge each year which is also a great way to practice/test/improve your skills ;)
Our crew members @mwulftange & @frycos discovered & responsibly disclosed several new RCE gadgets that bypass #Veeam's blacklist for CVE-2024-40711 & CVE-2025-23120 as well as further entry points following @SinSinology & @chudyPB's blog. Don’t blacklist, replace BinaryFormatter.
Ever wondered how Kurts Maultaschenfabrikle got hacked in 2023? The full story, all technical details, out now ;-) apply-if-you-can.com/walkthrough/20…
Using Telerik Reporting or Report Server? Patch now to fix 3 RCEs @mwulftange found (CVE-2024-8015, CVE-2024-8014, CVE-2024-8048). Telerik vulns have a history of being exploited by threat actors according to @CISACyber Details at code-white.com/public-vulnera…
BeanBeat has been aquired by Kurts Maultaschenfabrikle! You don't know what that means? Head over to apply-if-you-can.com to find out in challenges that, without exception, stem from real-world vulns #uncompromisingRealism #finestHacking
Think your #kubernetes or #kubelet API is secured with auth? Think again if you expose #tekton for which our crewmember @flomb_ has some nice writeup regarding RCE & proxy risks.
Published my write-up regarding two vulnerabilities in the Tekton Dashboard. blog.flomb.net/posts/tekton/
Better patch your Veeam Backup & Replication servers! Full system takeover via CVE-2024-40711, discovered by our very own @frycos - no technical details from us this time because this might instantly be abused by ransomware gangs code-white.com/public-vulnera…
We've received insider information from a reliable source that Kurts Maultaschenfabrikle will be expanding and securing their IT in the coming weeks. So either act fast and get ahead on apply-if-you-can.com or wait for the new challenges. Or better yet, do both 🤓
Teaching the Old .NET Remoting New Exploitation Tricks – read how @mwulftange developed novel techniques to exploit Apache log4net's hardened .NET Remoting service: code-white.com/blog/teaching-…
Another product, another deserialization vulnerability, another RCE from @mwulftange: Patch your Telerik Report Server (CVE-2024-6327 & CVE-2024-6096) code-white.com/public-vulnera…
Our CODE WHITE crew can see every day how frycos finds what he finds. Now you can too: an instructive insight into his thought process based on his RCE in MS Dynamics - well worth the read if you're into .NET exploitation
My blog post about several findings in Dynamics 365 Business Central. I tried writing in a .NET primer style for code audit beginners. frycos.github.io/vulns4free/202…
Today, CODE WHITE turns 10 🥳 Over the past decade, we've hacked our way through 120+ large corporations' defenses, caused headaches for Blue Teams and disclosed numerous 0days to vendors. Proudly grown from a few motivated hackers in 2014 to an established team of 50+ today 💪
United States Trends
- 1. Gabe Vincent 3,203 posts
- 2. #AEWDynamite 17.6K posts
- 3. Deport Harry Sisson 6,238 posts
- 4. #VSFashionShow 532K posts
- 5. Angel Reese 46.8K posts
- 6. #Blackhawks 1,917 posts
- 7. #stlblues 1,750 posts
- 8. tzuyu 215K posts
- 9. #youtubedown 16.1K posts
- 10. Hofer 1,735 posts
- 11. Deloitte 4,814 posts
- 12. Quen 29.8K posts
- 13. George Kirby 2,316 posts
- 14. Suarez 17.8K posts
- 15. jihyo 173K posts
- 16. Darby 5,067 posts
- 17. DuPont 1,469 posts
- 18. Nazar 6,438 posts
- 19. Victoria's Secret 523K posts
- 20. Birdman 4,791 posts
You might like
-
DirectoryRanger
@DirectoryRanger -
MDSec
@MDSecLabs -
SpecterOps
@SpecterOps -
frycos
@frycos -
Orange Tsai 🍊
@orange_8361 -
NCC Group Research & Technology
@NCCGroupInfosec -
Arseniy Sharoglazov
@_mohemiv -
PT SWARM
@ptswarm -
Lee Chagolla-Christensen
@tifkin_ -
Florian Hansemann
@CyberWarship -
Sean Metcalf
@PyroTek3 -
Marcello
@byt3bl33d3r -
Markus Wulftange
@mwulftange -
spotheplanet
@spotheplanet -
Adam Chester 🏴☠️
@_xpn_
Something went wrong.
Something went wrong.