CODE WHITE - FINEST HACKING
Intelligence Driven Security
Initial Assessment
Security Intelligence Service
About us
PUBLIC VULNERABILITY LIST
Unauthenticated Remote Code Execution via Deserialization of Untrusted Data in mediDOK
Multiple Vulnerabilities in GFI MailEssentials
Unauthenticated ServerSide TemplateInjection in Metazo
...
CAREERS
Challenge
Senior Red Teamer
Senior Penetration Tester
Vulnerability Intelligence Analyst
BLOG
Analyzing the Attack Surface of Ivanti's DSM
Teaching the Old .NET Remoting New Exploitation Tricks
Leaking ObjRefs to Exploit HTTP .NET Remoting
...
>
CODE WHITE | Red Teaming & Attack Surface Management
>
Tags
>
Vulnerability Details
Analyzing the Attack Surface of Ivanti's DSM
Leaking ObjRefs to Exploit HTTP .NET Remoting
From Blackbox .NET Remoting to Unauthenticated Remote Code Execution
Java Exploitation Restrictions in Modern JDK Times
Bypassing .NET Serialization Binders
RCE in Citrix ShareFile Storage Zones Controller (CVE-2021-22941) – A Walk-Through
Sophos XG - A Tale of the Unfortunate Re-engineering of an N-Day and the Lucky Find of a 0-Day
Liferay Portal JSON Web Service RCE Vulnerabilities
CVE-2019-19470: Rumble in the Pipe
Telerik Revisited
Poor RichFaces
AMF – Another Malicious Format
Compromised by Endpoint Protection: Legacy Edition
Java and Command Line Injections in Windows
CVE-2015-3269: Apache Flex BlazeDS XXE Vulnerabilty
Compromised by Endpoint Protection
CVE-2015-2079: Arbitrary Command Execution in Usermin
CVE-2015-0935: PHP Object Injection in Bomgar Remote Support Portal
Exploiting the hidden Saxon XSLT Parser in Ektron CMS
How I could (i)pass your client security
