niph

CODE WHITE | A Retrospective Analysis of CVE-2025-59287 in Microsoft WSUS How the n-day research for a suspected vulnerability in Microsoft WSUS (CVE-2025-59287) led to the surprising discovery of a new `SoapFormatter` vulnerability added by the Patch Tuesday updates of Oct...

Latest ≠ Greatest? A Retrospective Analysis of CVE-2025-59287 in Microsoft WSUS from our very own @mwulftange.bsky.social who loves converting n-days to 0-days code-white.com/blog/wsus-cv...

ULMageddon Logo

CODE WHITE proudly presents #ULMageddon which is our newest applicants challenge at apply-if-you-can.com packaged as a metal festival. Have fun 🤘 and #applyIfYouCan

pagedout.institute ← we've just released Paged Out! zine Issue #7
pagedout.institute/download/Pag... ← direct link
lulu.com/search?page=... ← prints for zine collectors
pagedout.institute/download/Pag... ← issue wallpaper
Enjoy!

Please please please share to spread the news - thank you!

On your way to @brucon! Are you interested in technical discussions or would you like to know what makes our company so unique? Just talk to us.

GitHub - ZephrFish/pyLDAPGui: Python based GUI for browsing LDAP Python based GUI for browsing LDAP. Contribute to ZephrFish/pyLDAPGui development by creating an account on GitHub.

Made a thing, mucking about with python and a LDAP browser concept to ingest straight into BloodHound but also just a nice alternative to ADExplorer with fewer LDAP queries, simple LDAP browser using PyQt as a GUI and neo4j-driver to ingest into BH. github.com/ZephrFish/py... #bloodhound #redteam

Tech startup idea: instead of starting your car with your key, you get in, turn on the display panel, enter your password, get your phone out, open the authenticator app, enter your pin, enter the timed passcode, then open the start menu, then helpdesk, then "request engine start", then submit a tic

FAUST CTF 2025 | FAUST CTF 2025 FAUST CTF 2025 is an online attack-defense CTF competition run by FAUST, the CTF team of Friedrich-Alexander University Erlangen-Nürnberg

We always love a good challenge. That’s why we’re sponsoring the 10th FAUST CTF. Game on at 2025.faustctf.net

The table of contents for Phrack 72 from phrack.org

At long last - Phrack 72 has been released online for your reading pleasure!

Check it out: phrack.org

GitHub - codewhitesec/NewRemotingTricks: New exploitation tricks for hardened .NET Remoting servers New exploitation tricks for hardened .NET Remoting servers - codewhitesec/NewRemotingTricks

We've added a new demo to NewRemotingTricks that makes deploying a MarshalByRefObject (e.g., WebClient) even easier: System.Lazy<T> creates an instance of T on serialization, which is probably more likely to be allowed than a XAML gadget getting through. github.com/codewhitesec...

We have reproduced "ToolShell", the unauthenticated exploit chain for CVE-2025-49706 + CVE-2025-49704 used by @_l0gg (on X) to pop SharePoint at #Pwn2Own Berlin 2025, it's really just one request! Kudos to @mwulftange.bsky.social

Tomorrow's a new month. Is your AWS bill ready?

Yes, we're beating a dead horse. But that horse still runs in corporate networks - and quietly gives attackers the keys to the kingdom. We're publishing what’s long been exploitable. Time to talk about it. #DSM #Ivanti code-white.com/blog/ivanti-...

My blog post on some vulns in GFI MailEssentials

frycos.github.io/vulns4free/2...

Ash?

My oven is a pretty standard thing but it has this feature called "rapid preheat" where it will run both the broil and the bake elements together until it's within 50° of your target.

This feature is approximately 700X more useful and interesting than having it connected to the internet.

GitHub - decoder-it/KrbRelayEx-RPC Contribute to decoder-it/KrbRelayEx-RPC development by creating an account on GitHub.

KrbRelayEx-RPC tool is out! 🎉
Intercepts ISystemActivator requests, extracts Kerberos AP-REQ & dynamic port bindings and relays the AP-REQ to access SMB shares or HTTP ADCS, all fully transparent to the victim ;)
github.com/decoder-it/K...

This is huge!!! We can now see the impact a policy would have had historically without ingesting sign in logs to Azure Monitor 🤯

There's a new Preview on CA policies that provides insights on a per-policy basis, and the way they implemented this is so elegant and fast. I love it! :)

Attacks against AD CS are de rigueur these days, but sometimes a working attack doesn’t work somewhere else, and the inscrutable error messages are no help. Jacques replicated the most infuriating and explains what’s happening under the hood in this post: sensepost.com/blog/2025/di...

Ever wondered how Kurts Maultaschenfabrikle got hacked in 2023? The full story, all technical details, out now ;-) apply-if-you-can.com/walkthrough/...

Today, I’m reminded that those who experience imposter syndrome likely shouldn’t, and those who don’t, probably should.

Ironically, the self-awareness that fuels imposter syndrome is often the very thing that ensures you’re not an imposter at all.

After an embargo of 8 months, we are glad to finally share our USENIX Security '25 paper! We found more than 4 MILLION vulnerable tunneling servers by scanning the Internet.

These vulnerable servers can be abused as proxies to launch DDoS attacks and possibly to access internal networks.

Not sure if it’s cause Im sitting in my bubble but seems a lot more research about COM is done these days

I wrote a PoC for the recent Ivanti Connect Secure stack buffer overflow, CVE-2025-0282, based on the exploitation strategy watchTowr published, along with an assessment of exploitability given the lack of a suitable info leak to break ASLR: attackerkb.com/assessments/...

ADFS — Living in the Legacy of DRS It’s no secret that Microsoft have been trying to move customers away from ADFS for a while. Short of slapping a “deprecated” label on it…

Achievement unlocked, my first blog with SpecterOps 🤗 This post looks at ADFS OAuth2 support, Device Registration, Enterprise PRT, and a brain dump of things that I didn’t want to leave sat on Notion. buff.ly/4j41VQU

(please re-post for reach - thank you!)
Learned a cool new Linux trick? Know an interesting quirk in a network protocol? Or have something else to share?

Write a 1-page article for the #6 issue of Paged Out! :)
pagedout.institute?page=cfp.php

Soft deadline is Feb 1st.

Ok, this is awesome… 😎 Doom as a captcha, in the browser (using wasm.)

doom-captcha.vercel.app

I was once criticized because I had my wifi password written (postit) on my router.

Me: Look, if there is someone looking at the underside of my router, in my locked basement storage room with access only internal to the house, the problem I need to address is not that they have access to my wifi.

GitHub - CCob/DRSAT: Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domain joined machies Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domain joined machies - CCob/DRSAT

Sorry folks, I had to remove the Disconnected GPO project from GitHub... but never fear, it has returned as Disconnected RSAT since it now supports the Certificate Authority and Certificate Templates snap-ins in addition to Group Policy support.
github.com/CCob/DRSAT