CODE WHITE GmbH
@codewhitesec
Red Teaming. Security Research. Continuous Penetration Testing. Threat Intelligence.
Może Ci się spodobać
Latest ≠ Greatest? A Retrospective Analysis of CVE-2025-59287 in Microsoft WSUS from our very own @mwulftange who loves converting n-days to 0-days code-white.com/blog/wsus-cve-…
CODE WHITE proudly presents #ULMageddon which is our newest applicants challenge at apply-if-you-can.com packaged as a metal festival. Have fun 🤘 and #applyIfYouCan
Ten days left. The warm-up fades. Maultaschen were soft. Bean Beats were dark and burnt. But the beats of #ULMageddon will be brutal! #applyIfYouCan
We always love a good challenge. That’s why we’re sponsoring the 10th FAUST CTF. Game on at 2025.faustctf.net
We've added a new demo to NewRemotingTricks that makes deploying a MarshalByRefObject (e.g., WebClient) even easier: System.Lazy<T> creates an instance of T on serialization, which is probably more likely to be allowed than a XAML gadget getting through. github.com/codewhitesec/N…
github.com
GitHub - codewhitesec/NewRemotingTricks: New exploitation tricks for hardened .NET Remoting servers
New exploitation tricks for hardened .NET Remoting servers - codewhitesec/NewRemotingTricks
Yes, we're beating a dead horse. But that horse still runs in corporate networks - and quietly gives attackers the keys to the kingdom. We're publishing what’s long been exploitable. Time to talk about it. #DSM #Ivanti code-white.com/blog/ivanti-de…
At @codewhitesec we have a red team style hacking challenge each year which is also a great way to practice/test/improve your skills ;)
Our crew members @mwulftange & @frycos discovered & responsibly disclosed several new RCE gadgets that bypass #Veeam's blacklist for CVE-2024-40711 & CVE-2025-23120 as well as further entry points following @SinSinology & @chudyPB's blog. Don’t blacklist, replace BinaryFormatter.
Ever wondered how Kurts Maultaschenfabrikle got hacked in 2023? The full story, all technical details, out now ;-) apply-if-you-can.com/walkthrough/20…
Using Telerik Reporting or Report Server? Patch now to fix 3 RCEs @mwulftange found (CVE-2024-8015, CVE-2024-8014, CVE-2024-8048). Telerik vulns have a history of being exploited by threat actors according to @CISACyber Details at code-white.com/public-vulnera…
BeanBeat has been aquired by Kurts Maultaschenfabrikle! You don't know what that means? Head over to apply-if-you-can.com to find out in challenges that, without exception, stem from real-world vulns #uncompromisingRealism #finestHacking
Think your #kubernetes or #kubelet API is secured with auth? Think again if you expose #tekton for which our crewmember @flomb_ has some nice writeup regarding RCE & proxy risks.
Published my write-up regarding two vulnerabilities in the Tekton Dashboard. blog.flomb.net/posts/tekton/
Better patch your Veeam Backup & Replication servers! Full system takeover via CVE-2024-40711, discovered by our very own @frycos - no technical details from us this time because this might instantly be abused by ransomware gangs code-white.com/public-vulnera…
We've received insider information from a reliable source that Kurts Maultaschenfabrikle will be expanding and securing their IT in the coming weeks. So either act fast and get ahead on apply-if-you-can.com or wait for the new challenges. Or better yet, do both 🤓
Teaching the Old .NET Remoting New Exploitation Tricks – read how @mwulftange developed novel techniques to exploit Apache log4net's hardened .NET Remoting service: code-white.com/blog/teaching-…
Another product, another deserialization vulnerability, another RCE from @mwulftange: Patch your Telerik Report Server (CVE-2024-6327 & CVE-2024-6096) code-white.com/public-vulnera…
Our CODE WHITE crew can see every day how frycos finds what he finds. Now you can too: an instructive insight into his thought process based on his RCE in MS Dynamics - well worth the read if you're into .NET exploitation
My blog post about several findings in Dynamics 365 Business Central. I tried writing in a .NET primer style for code audit beginners. frycos.github.io/vulns4free/202…
United States Trendy
- 1. Cowboys 68.4K posts
- 2. Nick Smith 13.3K posts
- 3. Cardinals 30.5K posts
- 4. Kawhi 4,210 posts
- 5. #WWERaw 61K posts
- 6. #LakeShow 3,426 posts
- 7. Jerry 45.5K posts
- 8. Kyler 8,352 posts
- 9. Blazers 7,793 posts
- 10. Logan Paul 10K posts
- 11. No Luka 3,521 posts
- 12. Jonathan Bailey 20.2K posts
- 13. Jacoby Brissett 5,533 posts
- 14. Pickens 6,670 posts
- 15. Cuomo 173K posts
- 16. Valka 4,707 posts
- 17. Koa Peat 6,244 posts
- 18. Javonte 4,325 posts
- 19. AJ Dybantsa 1,718 posts
- 20. Bronny 15.1K posts
Może Ci się spodobać
-
offensivecon
@offensive_con -
DirectoryRanger
@DirectoryRanger -
MDSec
@MDSecLabs -
SpecterOps
@SpecterOps -
frycos
@frycos -
Orange Tsai 🍊
@orange_8361 -
Arseniy Sharoglazov
@_mohemiv -
PT SWARM
@ptswarm -
Lee Chagolla-Christensen
@tifkin_ -
Florian Hansemann
@CyberWarship -
Sean Metcalf
@PyroTek3 -
Marcello
@byt3bl33d3r -
Markus Wulftange
@mwulftange -
spotheplanet
@spotheplanet -
Adam Chester 🏴☠️
@_xpn_
Something went wrong.
Something went wrong.