codewhitesec.bsky.social
@codewhitesec.bsky.social
📤 65
📥 12
📝 10
Red Teaming. Security Research. Continuous Penetration Testing. Threat Intelligence.
Our 2024 applicants challenge is officially
#roasted
: the full BeanBeat × Maultaschenfabrikle walkthrough is now online. Unwrap the write-up at
apply-if-you-can.com/walkthrough/...
and revisit the hacks that escalated from cold brew to full breach.
loading . . .
CODE WHITE - Applicants Challenge
Applicants Challenge! Face real-world vulns, earn trophies, First Bloods & epic swag!
https://apply-if-you-can.com/walkthrough/2024
about 1 month ago
0
6
6
Latest ≠ Greatest? A Retrospective Analysis of CVE-2025-59287 in Microsoft WSUS from our very own
@mwulftange.bsky.social
who loves converting n-days to 0-days
code-white.com/blog/wsus-cv...
loading . . .
CODE WHITE | A Retrospective Analysis of CVE-2025-59287 in Microsoft WSUS
How the n-day research for a suspected vulnerability in Microsoft WSUS (CVE-2025-59287) led to the surprising discovery of a new `SoapFormatter` vulnerability added by the Patch Tuesday updates of Oct...
https://code-white.com/blog/wsus-cve-2025-59287-analysis/
3 months ago
0
8
7
CODE WHITE proudly presents
#ULMageddon
which is our newest applicants challenge at
apply-if-you-can.com
packaged as a metal festival. Have fun 🤘 and
#applyIfYouCan
4 months ago
0
6
8
We always love a good challenge. That’s why we’re sponsoring the 10th FAUST CTF. Game on at
2025.faustctf.net
loading . . .
FAUST CTF 2025 | FAUST CTF 2025
FAUST CTF 2025 is an online attack-defense CTF competition run by FAUST, the CTF team of Friedrich-Alexander University Erlangen-Nürnberg
https://2025.faustctf.net/
5 months ago
0
7
6
We've added a new demo to NewRemotingTricks that makes deploying a MarshalByRefObject (e.g., WebClient) even easier: System.Lazy<T> creates an instance of T on serialization, which is probably more likely to be allowed than a XAML gadget getting through.
github.com/codewhitesec...
loading . . .
GitHub - codewhitesec/NewRemotingTricks: New exploitation tricks for hardened .NET Remoting servers
New exploitation tricks for hardened .NET Remoting servers - codewhitesec/NewRemotingTricks
https://github.com/codewhitesec/NewRemotingTricks
5 months ago
0
4
5
We have reproduced "ToolShell", the unauthenticated exploit chain for CVE-2025-49706 + CVE-2025-49704 used by @_l0gg (on X) to pop SharePoint at
#Pwn2Own
Berlin 2025, it's really just one request! Kudos to
@mwulftange.bsky.social
6 months ago
1
4
7
Yes, we're beating a dead horse. But that horse still runs in corporate networks - and quietly gives attackers the keys to the kingdom. We're publishing what’s long been exploitable. Time to talk about it.
#DSM
#Ivanti
code-white.com/blog/ivanti-...
loading . . .
CODE WHITE | Analyzing the Attack Surface of Ivanti's DSM
Ivanti's Desktop & Server Management (DSM) product is an old acquaintance that we have encountered in numerous red team and internal assessments. The main purpose of the product is the centralized dis...
https://code-white.com/blog/ivanti-desktop-and-server-management/
8 months ago
0
8
9
reposted by
codewhitesec.bsky.social
Flomb
10 months ago
blog.flomb.net/posts/ingres...
loading . . .
Exploiting IngressNightmare: A Deep Dive
Wiz recently discovered an unauthenticated remote code execution (RCE) vulnerability in the Ingress NGINX admission controller. I found the exploit chain particularly intriguing and decided to recreat...
https://blog.flomb.net/posts/ingressnightmare/
0
5
3
Our crew members
@mwulftange.bsky.social
&
@frycos.bsky.social
discovered & responsibly disclosed several new RCE gadgets that bypass
#Veeam
's blacklist for CVE-2024-40711 & CVE-2025-23120 + further entry points after
@sinsinology.bsky.social
&
@chudypb.bsky.social
's blog. Replace BinaryFormatter!
10 months ago
0
9
8
Ever wondered how Kurts Maultaschenfabrikle got hacked in 2023? The full story, all technical details, out now ;-)
apply-if-you-can.com/walkthrough/...
loading . . .
Walkthrough 2023
https://apply-if-you-can.com/walkthrough/2023/
11 months ago
0
7
10
you reached the end!!
feeds!
log in
