| 2023-07-05 |
Blog moved to https://code-white.com/blog |
CODE WHITE |
|
| 2023-04-11 |
Java Exploitation Restrictions in Modern JDK Times |
Exploitation Technique ‧ Florian Hauser |
|
| 2023-03-20 |
JMX Exploitation Revisited |
Exploitation Technique ‧ Markus Wulftange |
|
| 2022-09-06 |
Attacks on Sysmon Revisited - SysmonEnte |
Unknown |
|
| 2022-06-28 |
Bypassing .NET Serialization Binders |
Exploitation Technique ‧ Markus Wulftange |
|
| 2022-01-27 |
.NET Remoting Revisited |
Exploitation Technique ‧ Markus Wulftange |
|
| 2021-09-21 |
RCE in Citrix ShareFile Storage Zones Controller (CVE-2021-22941) – A Walk-Through |
Vulnerability Details ‧ Markus Wulftange |
|
| 2021-06-11 |
About the Unsuccessful Quest for a Deserialization Gadget (or: How I found CVE-2021-21481) |
Unknown |
|
| 2020-07-14 |
Sophos XG - A Tale of the Unfortunate Re-engineering of an N-Day and the Lucky Find of a 0-Day |
Vulnerability Details ‧ Unknown |
|
| 2020-03-20 |
Liferay Portal JSON Web Service RCE Vulnerabilities |
Vulnerability Details ‧ Markus Wulftange |
|
| 2020-01-17 |
CVE-2019-19470: Rumble in the Pipe |
Exploitation Technique ‧ Florian Hauser |
|
| 2019-08-01 |
Exploiting H2 Database with native libraries and JNI |
Exploitation Technique ‧ Markus Wulftange |
|
| 2019-07-19 |
Heap-based AMSI bypass for MS Excel VBA and others |
Evasion ‧ Unknown |
|
| 2019-05-08 |
Telerik Revisited |
Exploitation Technique ‧ Markus Wulftange |
|
| 2019-05-08 |
LethalHTA - A new lateral movement technique using DCOM and HTA |
Lateral Movement ‧ Unknown |
|
| 2019-05-08 |
Marshalling to SYSTEM - An analysis of CVE-2018-0824 |
Unknown |
|
| 2019-05-08 |
Poor RichFaces |
Gadget ‧ Markus Wulftange |
|
| 2019-05-08 |
Exploiting Adobe ColdFusion before CVE-2017-3066 |
Unknown |
|
| 2019-05-08 |
Handcrafted Gadgets |
Unknown |
|
| 2019-05-08 |
SAP Customers: Make sure your SAPJVM is up to date! |
Unknown |
|
| 2019-05-08 |
AMF – Another Malicious Format |
Exploitation Technique ‧ Markus Wulftange |
|
| 2019-05-08 |
Return of the Rhino: An old gadget revisited |
Exploitation Technique ‧ CODE WHITE |
|
| 2019-05-08 |
Infiltrate 2016 Slidedeck: Java Deserialization Vulnerabilities |
CODE WHITE |
|
| 2019-05-08 |
Compromised by Endpoint Protection: Legacy Edition |
Vulnerability Details ‧ Markus Wulftange |
|
| 2019-05-08 |
Java and Command Line Injections in Windows |
Vulnerability Details ‧ Markus Wulftange |
|
| 2019-05-08 |
CVE-2015-3269: Apache Flex BlazeDS XXE Vulnerabilty |
Vulnerability Details ‧ CODE WHITE |
|
| 2019-05-08 |
Compromised by Endpoint Protection |
Vulnerability Details ‧ Markus Wulftange |
|
| 2019-05-08 |
Reading/Writing files with MSSQL's OPENROWSET |
Exploitation Technique ‧ Markus Wulftange |
|
| 2019-05-08 |
CVE-2015-2079: Arbitrary Command Execution in Usermin |
Vulnerability Details ‧ David Elze |
|
| 2019-05-08 |
CVE-2015-0935: PHP Object Injection in Bomgar Remote Support Portal |
Vulnerability Details ‧ Markus Wulftange |
|
| 2019-05-08 |
$@|sh – Or: Getting a shell environment from Runtime.exec |
Exploitation Technique ‧ Markus Wulftange |
|
| 2019-05-08 |
Exploiting the hidden Saxon XSLT Parser in Ektron CMS |
Vulnerability Details ‧ Unknown |
|
| 2019-05-08 |
How I could (i)pass your client security |
Vulnerability Details ‧ CODE WHITE |
|
