CODE WHITE - FINEST HACKING
Intelligence Driven Security
Initial Assessment
Security Intelligence Service
About us
PUBLIC VULNERABILITY LIST
Multiple Vulnerabilities in NetSupport Manager
Reporting Web Service ReportingEvent SoapFormatter Deserialization in Windows Server Update Services (WSUS)
Mount Service Deserialization via NET Remoting Client in Backup & Replication
...
CAREERS
Challenge
Senior Red Teamer
Senior Penetration Tester
Vulnerability Intelligence Analyst
BLOG
A Retrospective Analysis of CVE-2025-59287 in Microsoft WSUS
Analyzing the Attack Surface of Ivanti's DSM
Teaching the Old .NET Remoting New Exploitation Tricks
...
>
CODE WHITE | Red Teaming & Attack Surface Management
>
Authors
>
Markus Wulftange
A Retrospective Analysis of CVE-2025-59287 in Microsoft WSUS
Teaching the Old .NET Remoting New Exploitation Tricks
Leaking ObjRefs to Exploit HTTP .NET Remoting
Exploiting ASP.NET TemplateParser — Part II: SharePoint (CVE-2023-33160)
Exploiting ASP.NET TemplateParser — Part I: Sitecore (CVE-2023-35813)
JMX Exploitation Revisited
Bypassing .NET Serialization Binders
.NET Remoting Revisited
RCE in Citrix ShareFile Storage Zones Controller (CVE-2021-22941) – A Walk-Through
Liferay Portal JSON Web Service RCE Vulnerabilities
Exploiting H2 Database with native libraries and JNI
Telerik Revisited
Poor RichFaces
AMF – Another Malicious Format
Compromised by Endpoint Protection: Legacy Edition
Java and Command Line Injections in Windows
Compromised by Endpoint Protection
Reading/Writing files with MSSQL's OPENROWSET
CVE-2015-0935: PHP Object Injection in Bomgar Remote Support Portal
$@|sh – Or: Getting a shell environment from Runtime.exec
