Fortunately, humans still learn to walk first, even though the car has been invented.
2 months ago
1
0
0
0
Posts by Frycos
Highly recommend the writeup from our @fl0mb.bsky.social and congrats on this well-deserved achievement!
2 months ago
4
3
0
0
[RSS] [Blog] Unauthenticated RCE in NetSupport Manager - A Technical Deep Dive
code-white.com ->
CVE-2025-34164, CVE-2025-34165
Original->
2 months ago
2
2
0
0
Crazy work by my colleague Fabian. High impact target: one might be amazed at how widespread this product is in industrial networks.
2 months ago
3
2
0
0
Medical 🫣
4 months ago
0
0
0
0
In 2025 my colleague and me pwned several widespread medial devices. Check our vuln list for some impressions and get ready for cool blog posts and hopefully conference talks in 2026. 🤞🏻
code-white.com/public-vulne...
4 months ago
2
1
1
0
Our 2024 applicants challenge is officially #roasted: the full BeanBeat × Maultaschenfabrikle walkthrough is now online. Unwrap the write-up at apply-if-you-can.com/walkthrough/... and revisit the hacks that escalated from cold brew to full breach.
4 months ago
6
6
0
0
Advertisement
Just sayin‘ 🤷
5 months ago
4
2
0
0
A somewhat wild internal story from the last few weeks
5 months ago
0
0
0
0
Did you encounter the Supabase? Might wanna try my newest tooling or have a read about quickwins? There you go:
blog.m1tz.com/posts/2025/1...
6 months ago
2
1
0
0
On your way to @brucon! Are you interested in technical discussions or would you like to know what makes our company so unique? Just talk to us.
6 months ago
3
1
0
0
Tired of dull, standard interviews? Talk to Kurt. Also, a few of my colleagues and I will be attending BruCON next week. Feel free to come and talk to us.
7 months ago
6
1
0
0
New AI-generated "technical" blog posts are stealing my time. 🤬
7 months ago
2
0
0
0
Yes, there’s another phishing campaign contacting fediverse users to fill out a form to avoid being suspended or whatever. Stay calm and just report them and be sure to check the option to inform their home instance so the account gets suspended for everyone.
Also, please consider enabling […]
7 months ago
8
45
3
0
Advertisement
We always love a good challenge. That’s why we’re sponsoring the 10th FAUST CTF. Game on at 2025.faustctf.net
7 months ago
7
6
0
0
Today I have a more serious topic than usual, please consider reposting for reach:
My wife and I are urgently looking for a specialist in neuropediatrics or a similar field for our autistic child with a diagnosed, but not further specified, movement disorder [1/4]
8 months ago
4
23
1
0
We've added a new demo to NewRemotingTricks that makes deploying a MarshalByRefObject (e.g., WebClient) even easier: System.Lazy<T> creates an instance of T on serialization, which is probably more likely to be allowed than a XAML gadget getting through. github.com/codewhitesec...
8 months ago
4
4
0
1
Wow, I wrote with an author of a cool VR blog post yesterday. Just asked for some more explanations and maybe references. Tl;dr: he couldn’t explain or elaborate because exactly this part of the blog was written by GPT…
8 months ago
2
0
0
0
We have reproduced "ToolShell", the unauthenticated exploit chain for CVE-2025-49706 + CVE-2025-49704 used by @_l0gg (on X) to pop SharePoint at #Pwn2Own Berlin 2025, it's really just one request! Kudos to @mwulftange.bsky.social
9 months ago
4
5
1
1
A quick-and-dirty late night blog post on discovering an nday variant in Zyxel NWA50AX Pro devices
frycos.github.io/vulns4free/2...
10 months ago
3
2
0
0
Oh no, it's a variant of CVE-2024-29974...I accidentally found that a similar vuln affected Zyxel NWA50AX (Pro) and tested against devices (obviously) lacking the latest patches. This CVE was never publicly related to NWA50AX, though. Well, nice nday exercise then.
10 months ago
4
0
0
0
B03701066A0F762E75BAA67816EDB223F8681C9444C34E0B768DE518268025A0
Am I on vacation in the mountains? Yes. Do they have network equipment there? Yes. Can I refrain from doing VR? No.
You know the drill: disclosure and blog post planned. 😄
10 months ago
5
0
0
1
Yes, we're beating a dead horse. But that horse still runs in corporate networks - and quietly gives attackers the keys to the kingdom. We're publishing what’s long been exploitable. Time to talk about it. #DSM #Ivanti code-white.com/blog/ivanti-...
11 months ago
8
8
0
1
Advertisement
If you are in the US and upset at the AfD being subject to more surveillance now:
The bar to be declared "in conflict with the democratic order" is *very* high. It is literally the AfD definition of "Germanness" by your ancestry, declaring ppl of other ancestries inferior, that did it, justifiedly.
11 months ago
60
7
1
0
11 months ago
7
7
0
0
🧵 THREAD: A federal whistleblower just dropped one of the most disturbing cybersecurity disclosures I’ve ever read.
He's saying DOGE came in, data went out, and Russians started attempting logins with new valid DOGE passwords
Media's coverage wasn't detailed enough so I dug into his testimony:
1 year ago
13994
7345
328
1005
That sums up my week's vacation pretty well. And I have to say, I like it.
1 year ago
2
0
0
0
