[ZDI-23-755|CVE-2023-32175] (0Day) VIPRE Antivirus Plus Link Following Local Privilege Escalation Vulnerability (CVSS 7.8; Credit: dhn) zerodayinitiative.com/advisories/ZDI…

That picture also described my journey back in 2019 :D. Congratz @gerr_re

A detailed two part video showing how we found a DNS parsing vulnerability and wrote a remote root exploit for it🤌 Part 1: Finding the vulnerability via "fuzzing" and reverse engineering with Ghidra 👾 youtube.com/watch?v=xWoQ-E… Part 2: Understanding vulnerability constraints and

The return of Kurts Maultaschenfabrikle: have fun with our all new applicants challenge at apply-if-you-can.com #CTF

Thank you CODE WHITE GmbH for the interesting challenges and the great swag pack 😎 #Maultaschenfabrikle

Participated in CODE WHITE GmbH's challenge "Kurts Maultaschenfabrikle" for the first time, thanks for this amazing CTF and the swag box! And yes, the logo on the bottle light's up :p #maultaschenfabrikle #ctf

Sometimes, the Certsrv endpoint of a CA is configured to run on TCP port 443. Worth checking for ESC8 even though the most common reason for binding the endpoint to 443 is EPA. Certipy's check was only on TCP port 80; the PR will include both ports. github.com/ly4k/Certipy/p…

Today, CODE WHITE turns 10 🥳 Over the past decade, we've hacked our way through 120+ large corporations' defenses, caused headaches for Blue Teams and disclosed numerous 0days to vendors. Proudly grown from a few motivated hackers in 2014 to an established team of 50+ today 💪

We've received insider information from a reliable source that Kurts Maultaschenfabrikle will be expanding and securing their IT in the coming weeks. So either act fast and get ahead on apply-if-you-can.com or wait for the new challenges. Or better yet, do both 🤓

First part which covers the bug and finishes off with code allowing us for a controlled overflow in the Paged Pool is up: 3sjay.github.io/2024/09/08/Win…

Finally, the second part of the blog post where we go from Windows Paged Pool Overflow to SYSTEM shell starting from Low Integrity 3sjay.github.io/2024/09/20/Win… have a great weekend everyone ;)

BeanBeat has been aquired by Kurts Maultaschenfabrikle! You don't know what that means? Head over to apply-if-you-can.com to find out in challenges that, without exception, stem from real-world vulns #uncompromisingRealism #finestHacking

The time has come to move to the next platform 😅 -- 0xdhn.bsky.social

Ever wondered how Kurts Maultaschenfabrikle got hacked in 2023? The full story, all technical details, out now ;-) apply-if-you-can.com/walkthrough/20…

My blog post on some vulns in GFI MailEssentials frycos.github.io/vulns4free/202…

Yes, we're beating a dead horse. But that horse still runs in corporate networks - and quietly gives attackers the keys to the kingdom. We're publishing what’s long been exploitable. Time to talk about it. #DSM #Ivanti code-white.com/blog/ivanti-de…

Ten days left. The warm-up fades. Maultaschen were soft. Bean Beats were dark and burnt. But the beats of #ULMageddon will be brutal! #applyIfYouCan

CODE WHITE proudly presents #ULMageddon which is our newest applicants challenge at apply-if-you-can.com packaged as a metal festival. Have fun 🤘 and #applyIfYouCan

Latest ≠ Greatest? A Retrospective Analysis of CVE-2025-59287 in Microsoft WSUS from our very own Markus Wulftange who loves converting n-days to 0-days code-white.com/blog/wsus-cve-…

Just sayin‘ 🤷