Yes, we're beating a dead horse. But that horse still runs in corporate networks - and quietly gives attackers the keys to the kingdom. We're publishing what’s long been exploitable. Time to talk about it. #DSM #Ivanti https://code-white.com/blog/ivanti-desktop-and-server-management/

I'm getting confused keeping count of them, but we're almost at the double-digit mark! 😅
From: @codewhitesec
https://infosec.exchange/@codewhitesec/114241026482611250

Our crew members @mwulftange & @frycos discovered & responsibly disclosed several new RCE gadgets that bypass #Veeam's blacklist for CVE-2024-40711 & CVE-2025-23120 as well as further entry points following @SinSinology & @chudypb 's blog. Don’t blacklist - replace BinaryFormatter.

Ever wondered how Kurts Maultaschenfabrikle got hacked in 2023? The full story, all technical details, out now ;-) https://apply-if-you-can.com/walkthrough/2023/

@screaminggoat @SophosXOps @frycos We went public with it on our vuln list back on 2024-09-04 after Veeam released their security bulletin. And we did a toot here https://infosec.exchange/@codewhitesec/113085720466301070 but, on purpose, did not release any technical details as these vulns tend to be exploited by threat actors very fast, unfortunately.

Using Telerik Reporting or Report Server? Patch now to fix 3 RCEs @mwulftange found (CVE-2024-8015, CVE-2024-8014, CVE-2024-8048). Telerik vulns have a history of being exploited by threat actors according to #CISA Details at https://code-white.com/public-vulnerability-list/

BeanBeat has been aquired by Kurts Maultaschenfabrikle! You don't know what that means? Head over to https://apply-if-you-can.com to find out in challenges that, without exception, stem from real-world vulns #uncompromisingRealism #finestHacking

Better patch your Veeam Backup & Replication servers! Full system takeover via CVE-2024-40711, discovered by our very own @frycos - no technical details from us this time because this might instantly be abused by ransomware gangs https://code-white.com/public-vulnerability-list/#unauthenticated-remote-code-execution-in-backup-replication

We've received insider information from a reliable source that Kurts Maultaschenfabrikle will be expanding and securing their IT in the coming weeks. So either act fast and get ahead on https://apply-if-you-can.com or wait for the new challenges. Or better yet, do both 🤓

Teaching the Old .NET Remoting New Exploitation Tricks – read how @mwulftange developed novel techniques to exploit Apache log4net's hardened .NET Remoting service: https://code-white.com/blog/teaching-the-old-net-remoting-new-exploitation-tricks/

Another product, another deserialization vulnerability, another RCE from @mwulftange: Patch your Telerik Report Server (CVE-2024-6327 & CVE-2024-6096) https://code-white.com/public-vulnerability-list/#unknowntyperesolver-insecure-type-resolution-in-report-server

My blog post about several findings in Dynamics 365 Business Central. I tried writing in a .NET primer style for code audit beginners.

https://frycos.github.io/vulns4free/2024/07/10/dynamics-ups-and-downs.html

Today, CODE WHITE turns 10 🥳 Over the past decade, we've hacked our way through 120+ large corporations' defenses, caused headaches for Blue Teams, and disclosed numerous 0days to vendors. From a few motivated hackers in 2014 to an established team of 50+ today, we continuously safeguard enterprise clients with our Security Intelligence Service and are proud to make a difference 💪 #FinestHacking #PWNage

Still interested in leaking & exploiting ObjRefs in .NET Remoting? Have fun with our test bench, example p(l)ayloads and exploit script over at https://github.com/codewhitesec/HttpRemotingObjRefLeak

Struggeling to get those precious certificates with #certipy and AD CS instances that do not support web enrollment and do not expose CertSvc via RPC? @qtc has you covered and added functionality to use DCOM instead of good old RPC #redteaming https://github.com/ly4k/Certipy/pull/201

The specter of .NET Remoting haunts unsuspecting ASP. NET applications even today, whispering valid ObjRefs to those who dare listen. Dive into our latest post to see how these apparitions can lead to remote code execution: https://code-white.com/blog/leaking-objrefs-to-exploit-http-dotnet-remoting/

We are nominated again for @PortSwigger's "Top 10 Web Hacking Techniques" and we're even in with two entries for 2023:

➡️ Java Exploitation Restrictions in Modern JDK Times
➡️ JMX Exploitation Revisited

✍️ Vote now: https://portswigger.net/polls/top-10-web-hacking-techniques-2023

We're pleased to announce that we donated a total of $29,500 from vulnerability disclosure rewards to charities this year. Thanks to all colleagues who made this possible and hacky christmas everybody!

Qubes-yubioath is another #QubesOS related helper to get those precious OTPs from your yubikey into your AppVM securely but dead easy. Brought to you by our very own @qtc

https://github.com/codewhitesec/qubes-yubioath

Our second blog post about ASP .NET TemplateParser exploitation is live: @mwulftange unveils how a novel bypass technique can be applied to get RCE in SharePoint Online & On-Premise (CVE-2023-33160)

https://code-white.com/blog/exploiting-asp.net-templateparser-part-2/