codewhitesec.bsky.social
@codewhitesec.bsky.social
📤 69
📥 13
📝 12
Red Teaming. Security Research. Continuous Penetration Testing. Threat Intelligence.
Highly recommend the writeup from our
@fl0mb.bsky.social
and congrats on this well-deserved achievement!
add a skeleton here at some point
about 1 month ago
0
4
3
You like technical deep dives into binary exploitation and crazy heap wizardry? Then you'll like our blog post about unauth'ed RCE in NetSupport Manager aka CVE-2025-34164 & CVE-2025-34165
code-white.com/blog/2026-01...
loading . . .
CODE WHITE | Unauthenticated RCE in NetSupport Manager - A Technical Deep Dive
NetSupport Manager is a remote control and support software that we find surprisingly often utilized in sensitive *Operational Technology (OT)* environments, such as production plant networks. Besides...
https://code-white.com/blog/2026-01-nsm-rce/
about 2 months ago
0
7
10
Our 2024 applicants challenge is officially
#roasted
: the full BeanBeat × Maultaschenfabrikle walkthrough is now online. Unwrap the write-up at
apply-if-you-can.com/walkthrough/...
and revisit the hacks that escalated from cold brew to full breach.
loading . . .
CODE WHITE - Applicants Challenge
Applicants Challenge! Face real-world vulns, earn trophies, First Bloods & epic swag!
https://apply-if-you-can.com/walkthrough/2024
3 months ago
0
6
6
Latest ≠ Greatest? A Retrospective Analysis of CVE-2025-59287 in Microsoft WSUS from our very own
@mwulftange.bsky.social
who loves converting n-days to 0-days
code-white.com/blog/wsus-cv...
loading . . .
CODE WHITE | A Retrospective Analysis of CVE-2025-59287 in Microsoft WSUS
How the n-day research for a suspected vulnerability in Microsoft WSUS (CVE-2025-59287) led to the surprising discovery of a new `SoapFormatter` vulnerability added by the Patch Tuesday updates of Oct...
https://code-white.com/blog/wsus-cve-2025-59287-analysis/
5 months ago
0
8
7
CODE WHITE proudly presents
#ULMageddon
which is our newest applicants challenge at
apply-if-you-can.com
packaged as a metal festival. Have fun 🤘 and
#applyIfYouCan
6 months ago
0
6
8
We always love a good challenge. That’s why we’re sponsoring the 10th FAUST CTF. Game on at
2025.faustctf.net
loading . . .
FAUST CTF 2025 | FAUST CTF 2025
FAUST CTF 2025 is an online attack-defense CTF competition run by FAUST, the CTF team of Friedrich-Alexander University Erlangen-Nürnberg
https://2025.faustctf.net/
7 months ago
0
7
6
We've added a new demo to NewRemotingTricks that makes deploying a MarshalByRefObject (e.g., WebClient) even easier: System.Lazy<T> creates an instance of T on serialization, which is probably more likely to be allowed than a XAML gadget getting through.
github.com/codewhitesec...
loading . . .
GitHub - codewhitesec/NewRemotingTricks: New exploitation tricks for hardened .NET Remoting servers
New exploitation tricks for hardened .NET Remoting servers - codewhitesec/NewRemotingTricks
https://github.com/codewhitesec/NewRemotingTricks
8 months ago
0
4
5
We have reproduced "ToolShell", the unauthenticated exploit chain for CVE-2025-49706 + CVE-2025-49704 used by @_l0gg (on X) to pop SharePoint at
#Pwn2Own
Berlin 2025, it's really just one request! Kudos to
@mwulftange.bsky.social
8 months ago
1
4
6
Yes, we're beating a dead horse. But that horse still runs in corporate networks - and quietly gives attackers the keys to the kingdom. We're publishing what’s long been exploitable. Time to talk about it.
#DSM
#Ivanti
code-white.com/blog/ivanti-...
loading . . .
CODE WHITE | Analyzing the Attack Surface of Ivanti's DSM
Ivanti's Desktop & Server Management (DSM) product is an old acquaintance that we have encountered in numerous red team and internal assessments. The main purpose of the product is the centralized dis...
https://code-white.com/blog/ivanti-desktop-and-server-management/
10 months ago
0
8
9
reposted by
codewhitesec.bsky.social
Flomb
12 months ago
blog.flomb.net/posts/ingres...
loading . . .
Exploiting IngressNightmare: A Deep Dive
Wiz recently discovered an unauthenticated remote code execution (RCE) vulnerability in the Ingress NGINX admission controller. I found the exploit chain particularly intriguing and decided to recreat...
https://blog.flomb.net/posts/ingressnightmare/
0
5
3
Our crew members
@mwulftange.bsky.social
&
@frycos.bsky.social
discovered & responsibly disclosed several new RCE gadgets that bypass
#Veeam
's blacklist for CVE-2024-40711 & CVE-2025-23120 + further entry points after
@sinsinology.bsky.social
&
@chudypb.bsky.social
's blog. Replace BinaryFormatter!
12 months ago
0
9
8
Ever wondered how Kurts Maultaschenfabrikle got hacked in 2023? The full story, all technical details, out now ;-)
apply-if-you-can.com/walkthrough/...
loading . . .
Walkthrough 2023
https://apply-if-you-can.com/walkthrough/2023/
about 1 year ago
0
7
10
you reached the end!!
feeds!
log in
