CODE WHITE - FINEST HACKING
Intelligence Driven Security
Initial Assessment
Security Intelligence Service
About us
PUBLIC VULNERABILITY LIST
SequenceExternalizable Arbitrary Deserialization in WebLogic Server
EntityDataSource Insecure Type Resolution in Telerik Report Server
EntityDataSource Insecure Type Resolution in Telerik Reporting
...
CAREERS
Challenge
Pentester / Redteamer
Vulnerability Intelligence Analyst
BLOG
Teaching the Old .NET Remoting New Exploitation Tricks
Leaking ObjRefs to Exploit HTTP .NET Remoting
Exploiting ASP.NET TemplateParser — Part II: SharePoint (CVE-2023-33160)
...
>
CODE WHITE - Finest Hacking
>
Authors
>
Kai Ullrich
About the Unsuccessful Quest for a Deserialization Gadget (or: How I found CVE-2021-21481)
Handcrafted Gadgets
SAP Customers: Make sure your SAPJVM is up-to-date!