🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

The specter of .NET Remoting haunts unsuspecting ASP. NET applications even today, whispering valid ObjRefs to those who dare listen. Dive into our latest post to see how these apparitions can lead to remote code execution: code-white.com/blog/leaking-o…

Struggeling to get those precious certificates with #certipy and AD CS instances that do not support web enrollment and do not expose CertSvc via RPC? Tobias Neitzel has you covered and added functionality to use DCOM instead of good old RPC #redteaming github.com/ly4k/Certipy/p…

Still interested in leaking & exploiting ObjRefs in .NET Remoting? Have fun with our test bench, example p(l)ayloads and exploit script over at github.com/codewhitesec/H…

After reassessment by Security Response, this is now tracked as CVE-2024-29059.

Today, CODE WHITE turns 10 🥳 Over the past decade, we've hacked our way through 120+ large corporations' defenses, caused headaches for Blue Teams and disclosed numerous 0days to vendors. Proudly grown from a few motivated hackers in 2014 to an established team of 50+ today 💪

Our CODE WHITE crew can see every day how frycos finds what he finds. Now you can too: an instructive insight into his thought process based on his RCE in MS Dynamics - well worth the read if you're into .NET exploitation

Another product, another deserialization vulnerability, another RCE from Markus Wulftange: Patch your Telerik Report Server (CVE-2024-6327 & CVE-2024-6096) code-white.com/public-vulnera…

Teaching the Old .NET Remoting New Exploitation Tricks – read how Markus Wulftange developed novel techniques to exploit Apache log4net's hardened .NET Remoting service: code-white.com/blog/teaching-…

We've received insider information from a reliable source that Kurts Maultaschenfabrikle will be expanding and securing their IT in the coming weeks. So either act fast and get ahead on apply-if-you-can.com or wait for the new challenges. Or better yet, do both 🤓

Better patch your Veeam Backup & Replication servers! Full system takeover via CVE-2024-40711, discovered by our very own frycos - no technical details from us this time because this might instantly be abused by ransomware gangs code-white.com/public-vulnera…

Think your #kubernetes or #kubelet API is secured with auth? Think again if you expose #tekton for which our crewmember flomb - @fl0mb.bsky.social has some nice writeup regarding RCE & proxy risks.

BeanBeat has been aquired by Kurts Maultaschenfabrikle! You don't know what that means? Head over to apply-if-you-can.com to find out in challenges that, without exception, stem from real-world vulns #uncompromisingRealism #finestHacking

Using Telerik Reporting or Report Server? Patch now to fix 3 RCEs Markus Wulftange found (CVE-2024-8015, CVE-2024-8014, CVE-2024-8048). Telerik vulns have a history of being exploited by threat actors according to CISA Cyber Details at code-white.com/public-vulnera…

I hacked Bean Beat and also Kurt's Maultaschenfabrikle again! Was Domain Admin for many weeks and eventually #roasted their virtualization infra 🤪 Thanks for the swag and for the challenges CODE WHITE GmbH and dhn! 👍 Looking forward to next year's #aiyc. #roasted #pwned

Ever wondered how Kurts Maultaschenfabrikle got hacked in 2023? The full story, all technical details, out now ;-) apply-if-you-can.com/walkthrough/20…

Our crew members Markus Wulftange & frycos discovered & responsibly disclosed several new RCE gadgets that bypass #Veeam's blacklist for CVE-2024-40711 & CVE-2025-23120 as well as further entry points following SinSinology & Piotr Bazydło's blog. Don’t blacklist, replace BinaryFormatter.

blog.flomb.net/posts/ingressn…

At CODE WHITE GmbH we have a red team style hacking challenge each year which is also a great way to practice/test/improve your skills ;)

Yes, we're beating a dead horse. But that horse still runs in corporate networks - and quietly gives attackers the keys to the kingdom. We're publishing what’s long been exploitable. Time to talk about it. #DSM #Ivanti code-white.com/blog/ivanti-de…