You like technical deep dives into binary exploitation and crazy heap wizardry? Then you'll like our blog post about unauth'ed RCE in NetSupport Manager aka CVE-2025-34164 & CVE-2025-34165 code-white.com/blog/2026-01...
NetSupport Manager is a remote control and support software that we find surprisingly often utilized in sensitive *Operational Technology (OT)* environments, such as production plant networks. Besides...
code-white.com
codewhitesec.bsky.social
Our 2024 applicants challenge is officially #roasted: the full BeanBeat × Maultaschenfabrikle walkthrough is now online. Unwrap the write-up at apply-if-you-can.com/walkthrough/... and revisit the hacks that escalated from cold brew to full breach.
Highly recommend the writeup from our @fl0mb.bsky.social and congrats on this well-deserved achievement!
Applicants Challenge! Face real-world vulns, earn trophies, First Bloods & epic swag!
We always love a good challenge. That’s why we’re sponsoring the 10th FAUST CTF. Game on at 2025.faustctf.net
To clarify: we did not discover these bugs - all credit goes to @_l0gg (on X). We diffed the patches, quickly built a working exploit internally (and identified another auth bypass afterwards)
We have reproduced "ToolShell", the unauthenticated exploit chain for CVE-2025-49706 + CVE-2025-49704 used by @_l0gg (on X) to pop SharePoint at #Pwn2Own Berlin 2025, it's really just one request! Kudos to @mwulftange.bsky.social
Latest ≠ Greatest? A Retrospective Analysis of CVE-2025-59287 in Microsoft WSUS from our very own @mwulftange.bsky.social who loves converting n-days to 0-days code-white.com/blog/wsus-cv...
