CODE WHITE GmbH
@codewhitesec
Red Teaming. Security Research. Continuous Penetration Testing. Threat Intelligence.
คุณอาจชื่นชอบ
Latest ≠ Greatest? A Retrospective Analysis of CVE-2025-59287 in Microsoft WSUS from our very own @mwulftange who loves converting n-days to 0-days code-white.com/blog/wsus-cve-…
CODE WHITE proudly presents #ULMageddon which is our newest applicants challenge at apply-if-you-can.com packaged as a metal festival. Have fun 🤘 and #applyIfYouCan
Ten days left. The warm-up fades. Maultaschen were soft. Bean Beats were dark and burnt. But the beats of #ULMageddon will be brutal! #applyIfYouCan
We always love a good challenge. That’s why we’re sponsoring the 10th FAUST CTF. Game on at 2025.faustctf.net
We've added a new demo to NewRemotingTricks that makes deploying a MarshalByRefObject (e.g., WebClient) even easier: System.Lazy<T> creates an instance of T on serialization, which is probably more likely to be allowed than a XAML gadget getting through. github.com/codewhitesec/N…
Yes, we're beating a dead horse. But that horse still runs in corporate networks - and quietly gives attackers the keys to the kingdom. We're publishing what’s long been exploitable. Time to talk about it. #DSM #Ivanti code-white.com/blog/ivanti-de…
At @codewhitesec we have a red team style hacking challenge each year which is also a great way to practice/test/improve your skills ;)
Our crew members @mwulftange & @frycos discovered & responsibly disclosed several new RCE gadgets that bypass #Veeam's blacklist for CVE-2024-40711 & CVE-2025-23120 as well as further entry points following @SinSinology & @chudyPB's blog. Don’t blacklist, replace BinaryFormatter.
Ever wondered how Kurts Maultaschenfabrikle got hacked in 2023? The full story, all technical details, out now ;-) apply-if-you-can.com/walkthrough/20…
Using Telerik Reporting or Report Server? Patch now to fix 3 RCEs @mwulftange found (CVE-2024-8015, CVE-2024-8014, CVE-2024-8048). Telerik vulns have a history of being exploited by threat actors according to @CISACyber Details at code-white.com/public-vulnera…
BeanBeat has been aquired by Kurts Maultaschenfabrikle! You don't know what that means? Head over to apply-if-you-can.com to find out in challenges that, without exception, stem from real-world vulns #uncompromisingRealism #finestHacking
Think your #kubernetes or #kubelet API is secured with auth? Think again if you expose #tekton for which our crewmember @flomb_ has some nice writeup regarding RCE & proxy risks.
Published my write-up regarding two vulnerabilities in the Tekton Dashboard. blog.flomb.net/posts/tekton/
Better patch your Veeam Backup & Replication servers! Full system takeover via CVE-2024-40711, discovered by our very own @frycos - no technical details from us this time because this might instantly be abused by ransomware gangs code-white.com/public-vulnera…
We've received insider information from a reliable source that Kurts Maultaschenfabrikle will be expanding and securing their IT in the coming weeks. So either act fast and get ahead on apply-if-you-can.com or wait for the new challenges. Or better yet, do both 🤓
Teaching the Old .NET Remoting New Exploitation Tricks – read how @mwulftange developed novel techniques to exploit Apache log4net's hardened .NET Remoting service: code-white.com/blog/teaching-…
Another product, another deserialization vulnerability, another RCE from @mwulftange: Patch your Telerik Report Server (CVE-2024-6327 & CVE-2024-6096) code-white.com/public-vulnera…
Our CODE WHITE crew can see every day how frycos finds what he finds. Now you can too: an instructive insight into his thought process based on his RCE in MS Dynamics - well worth the read if you're into .NET exploitation
My blog post about several findings in Dynamics 365 Business Central. I tried writing in a .NET primer style for code audit beginners. frycos.github.io/vulns4free/202…
United States เทรนด์
- 1. Happy Halloween 1.64M posts
- 2. YouTube TV 68.7K posts
- 3. ESPN 64K posts
- 4. Hulu 21.3K posts
- 5. #SwapSilently 2,077 posts
- 6. YTTV 1,183 posts
- 7. #FanCashDropPromotion N/A
- 8. Trick or Treat 382K posts
- 9. Parker Washington N/A
- 10. Fubo 2,188 posts
- 11. Chris Grier 2,330 posts
- 12. Travis Hunter 1,838 posts
- 13. Dearborn 10.5K posts
- 14. Reformation Day 3,390 posts
- 15. #FridayVibes 4,550 posts
- 16. #FursuitFriday 11.7K posts
- 17. #SpookySeason 7,024 posts
- 18. Sling 2,943 posts
- 19. Happy Birthday Mama V N/A
- 20. DirecTV 1,052 posts
คุณอาจชื่นชอบ
-
offensivecon
@offensive_con -
DirectoryRanger
@DirectoryRanger -
MDSec
@MDSecLabs -
SpecterOps
@SpecterOps -
frycos
@frycos -
Orange Tsai 🍊
@orange_8361 -
NCC Group Research & Technology
@NCCGroupInfosec -
Arseniy Sharoglazov
@_mohemiv -
PT SWARM
@ptswarm -
Lee Chagolla-Christensen
@tifkin_ -
Florian Hansemann
@CyberWarship -
Sean Metcalf
@PyroTek3 -
Marcello
@byt3bl33d3r -
Markus Wulftange
@mwulftange -
spotheplanet
@spotheplanet
Something went wrong.
Something went wrong.