My blog post on some vulns in GFI MailEssentials frycos.github.io/vulns4free/202…

CVE-2025-34489 GFI MailEssentials prior to version 21.8 is vulnerable to a local privilege escalation issue. A local attacker can escalate to NT Authority/SYSTEM by sending a crafte… cve.org/CVERecord?id=C…

CVE-2025-34490 GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity (XXE) issue. An authenticated and remote attacker can send crafted HTTP requests to r… cve.org/CVERecord?id=C…

CVE-2025-34491 GFI MailEssentials prior to version 21.8 is vulnerable to a .NET deserialization issue. A remote and authenticated attacker can execute arbitrary code by sending craf… cve.org/CVERecord?id=C…

"The Federal Office for the Protection of the Constitution finalized the designation after compiling a report exceeding 1,100 pages, which outlined extensive evidence of extremist activity within the party." I am sure our Secretary of State and acting National Security Adviser

Oh shit I missed the registration deadline for Off-By-One Conference ! Do I know anyone that can still get me a ticket?! I don't mind paying some penalty fee for being so lazy/late.. !!

Yes, we're beating a dead horse. But that horse still runs in corporate networks - and quietly gives attackers the keys to the kingdom. We're publishing what’s long been exploitable. Time to talk about it. #DSM #Ivanti code-white.com/blog/ivanti-de…

It's a shame too. Blue Team is infinitely more interesting. I have deep respect and admiration for people who do DFIR, SOC, and DEVSECOPS, etc. I've learned more from defensive approaches than I have offensive. Blue Team just isn't as "flashy".

B03701066A0F762E75BAA67816EDB223F8681C9444C34E0B768DE518268025A0 Am I on vacation in the mountains? Yes. Do they have network equipment there? Yes. Can I refrain from doing VR? No. You know the drill: disclosure and blog post planned. 😄

Oh no, it's a variant of CVE-2024-29974...I accidentally found that a similar vuln affected Zyxel NWA50AX (Pro) and tested against devices (obviously) lacking the latest patches. This CVE was never publicly related to NWA50AX, though. Well, nice nday exercise then.

And domain-level RCE in Veeam B&R fixed today (CVE-2025-23121). My first (and hopefully not last) CVE, where I'm credited together with CODE WHITE GmbH 😎

A quick-and-dirty late night blog post on discovering an nday variant in Zyxel NWA50AX Pro devices frycos.github.io/vulns4free/202…

File system redirection has long been a tool for attackers seeking privilege escalation. RedirectionGuard, a new Windows mitigation, is designed to block malicious junction-based redirection by default, strengthening system security. Key Features of RedirectionGuard: •Blocks

Take care of yourselves VRs and do not underestimate this topic.

Guess what? So far 7 people have signed up✊for this 1 day .NET Exploitation workshop where we learn about .NET deserialization basics and write some exploits, if you know any students let them know

We have reproduced "ToolShell", the unauthenticated exploit chain for CVE-2025-49706 + CVE-2025-49704 used by Khoa Dinh to pop SharePoint at #Pwn2Own Berlin 2025, it's really just one request! Kudos to Markus Wulftange

What a coincidence somebody “found” this… x.com/frycos/status/…

I’m not gonna attend this year. For the rest of you, happy partying with ⁦Security Response⁩

Wow, I wrote with an author of a cool VR blog post yesterday. Just asked for some more explanations and maybe references. Tl;dr: he couldn’t explain or elaborate because exactly this part of the blog was written by GPT…

We've added a new demo to NewRemotingTricks that makes deploying a MarshalByRefObject (e.g., WebClient) even easier: System.Lazy<T> creates an instance of T on serialization, which is probably more likely to be allowed than a XAML gadget getting through. github.com/codewhitesec/N…