Ever wanted to transfer a file quick and easy from A to B and have a few features at hand like self-signed certificate, basic auth, ... Then checkout my repository at github.com/patrickhener/g… and be sure to leave a star if you use and like it.

Today, CODE WHITE turns 10 🥳 Over the past decade, we've hacked our way through 120+ large corporations' defenses, caused headaches for Blue Teams and disclosed numerous 0days to vendors. Proudly grown from a few motivated hackers in 2014 to an established team of 50+ today 💪

Another product, another deserialization vulnerability, another RCE from Markus Wulftange: Patch your Telerik Report Server (CVE-2024-6327 & CVE-2024-6096) code-white.com/public-vulnera…

Have you used goshs.de before? No? Then give it a try. Now it is even easier to install. If you are using kali linux, from now on you can just "apt install goshs" 😃 Go ahead and try it. Don't forget to leave a ⭐️ on github.com/patrickhener/g… if you like it.

Blogpost coming soon!

Better patch your Veeam Backup & Replication servers! Full system takeover via CVE-2024-40711, discovered by our very own frycos - no technical details from us this time because this might instantly be abused by ransomware gangs code-white.com/public-vulnera…

BeanBeat has been aquired by Kurts Maultaschenfabrikle! You don't know what that means? Head over to apply-if-you-can.com to find out in challenges that, without exception, stem from real-world vulns #uncompromisingRealism #finestHacking

Ever wondered how Kurts Maultaschenfabrikle got hacked in 2023? The full story, all technical details, out now ;-) apply-if-you-can.com/walkthrough/20…

Our crew members Markus Wulftange & frycos discovered & responsibly disclosed several new RCE gadgets that bypass #Veeam's blacklist for CVE-2024-40711 & CVE-2025-23120 as well as further entry points following SinSinology & Piotr Bazydło's blog. Don’t blacklist, replace BinaryFormatter.

Swissky Goshs github.com/patrickhener/G… is currently my favorite Updog alternative

Check out goshs. This project is awesome! 🔥🔥🔥🔥 Think of simpleHTTP server from python, but now with file listing, file upload, a temporary clipboard for sharing anything from your victim machine. It even has a cool interface, and dark mode 😎 github.com/patrickhener/g…

Yes, we're beating a dead horse. But that horse still runs in corporate networks - and quietly gives attackers the keys to the kingdom. We're publishing what’s long been exploitable. Time to talk about it. #DSM #Ivanti code-white.com/blog/ivanti-de…

Here is a short writeup for my recently discovered CVE: hesec.de/posts/cve-2025…

goshs: A simplehttpserver written in go, enhanced with features. producthunt.com/products/goshs… via @producthunt

reddit.com/r/ooni/comment… Ooni Could use some help here.

I once again did it. Hack The Box accepted my box submission for an insane Linux box. Be sure to play it and have some fun. I am looking forward to feedback. Cheers ✌🏼

Be sure to check out cobblestone. My first ever "insane" rated box.

Ten days left. The warm-up fades. Maultaschen were soft. Bean Beats were dark and burnt. But the beats of #ULMageddon will be brutal! #applyIfYouCan

Just sayin‘ 🤷

Justin Elze big fan of goshs for this type of stuff github.com/patrickhener/g…