Frycos
@frycos.bsky.social
Private account! Red teamer @codewhitesec. @frycos@infosec.exchange @frycos@X
A somewhat wild internal story from the last few weeks
Latest ≠ Greatest? A Retrospective Analysis of CVE-2025-59287 in Microsoft WSUS from our very own @mwulftange.bsky.social who loves converting n-days to 0-days code-white.com/blog/wsus-cv...
CODE WHITE | A Retrospective Analysis of CVE-2025-59287 in Microsoft WSUS
How the n-day research for a suspected vulnerability in Microsoft WSUS (CVE-2025-59287) led to the surprising discovery of a new `SoapFormatter` vulnerability added by the Patch Tuesday updates of Oct...
code-white.com
October 29, 2025 at 1:08 PM
A somewhat wild internal story from the last few weeks
Reposted by Frycos
Did you encounter the Supabase? Might wanna try my newest tooling or have a read about quickwins? There you go:
blog.m1tz.com/posts/2025/1...
blog.m1tz.com/posts/2025/1...
A Hands-On Edition: Will Supabase Be the Next Firebase (At Least in Terms of Security)?
It all started with my good colleague @schniggie who’s got my attention with an X post earlier that year. Until then I rarely heared of Supabase, but let us start from the scratch.
Firebase changed th...
blog.m1tz.com
October 7, 2025 at 8:01 PM
Did you encounter the Supabase? Might wanna try my newest tooling or have a read about quickwins? There you go:
blog.m1tz.com/posts/2025/1...
blog.m1tz.com/posts/2025/1...
On your way to @brucon! Are you interested in technical discussions or would you like to know what makes our company so unique? Just talk to us.
September 24, 2025 at 4:42 AM
On your way to @brucon! Are you interested in technical discussions or would you like to know what makes our company so unique? Just talk to us.
Tired of dull, standard interviews? Talk to Kurt. Also, a few of my colleagues and I will be attending BruCON next week. Feel free to come and talk to us.
CODE WHITE proudly presents #ULMageddon which is our newest applicants challenge at apply-if-you-can.com packaged as a metal festival. Have fun 🤘 and #applyIfYouCan
September 15, 2025 at 7:44 AM
Tired of dull, standard interviews? Talk to Kurt. Also, a few of my colleagues and I will be attending BruCON next week. Feel free to come and talk to us.
New AI-generated "technical" blog posts are stealing my time. 🤬
September 3, 2025 at 7:35 AM
New AI-generated "technical" blog posts are stealing my time. 🤬
Reposted by Frycos
Yes, there’s another phishing campaign contacting fediverse users to fill out a form to avoid being suspended or whatever. Stay calm and just report them and be sure to check the option to inform their home instance so the account gets suspended for everyone.
Also, please consider enabling […]
Also, please consider enabling […]
Original post on infosec.exchange
infosec.exchange
August 29, 2025 at 2:06 PM
Yes, there’s another phishing campaign contacting fediverse users to fill out a form to avoid being suspended or whatever. Stay calm and just report them and be sure to check the option to inform their home instance so the account gets suspended for everyone.
Also, please consider enabling […]
Also, please consider enabling […]
Reposted by Frycos
We always love a good challenge. That’s why we’re sponsoring the 10th FAUST CTF. Game on at 2025.faustctf.net
FAUST CTF 2025
| FAUST CTF 2025
FAUST CTF 2025 is an online attack-defense CTF competition run by FAUST, the CTF team of
Friedrich-Alexander University Erlangen-Nürnberg
2025.faustctf.net
August 28, 2025 at 12:22 PM
We always love a good challenge. That’s why we’re sponsoring the 10th FAUST CTF. Game on at 2025.faustctf.net
Reposted by Frycos
Today I have a more serious topic than usual, please consider reposting for reach:
My wife and I are urgently looking for a specialist in neuropediatrics or a similar field for our autistic child with a diagnosed, but not further specified, movement disorder [1/4]
My wife and I are urgently looking for a specialist in neuropediatrics or a similar field for our autistic child with a diagnosed, but not further specified, movement disorder [1/4]
August 19, 2025 at 8:34 AM
Today I have a more serious topic than usual, please consider reposting for reach:
My wife and I are urgently looking for a specialist in neuropediatrics or a similar field for our autistic child with a diagnosed, but not further specified, movement disorder [1/4]
My wife and I are urgently looking for a specialist in neuropediatrics or a similar field for our autistic child with a diagnosed, but not further specified, movement disorder [1/4]
Reposted by Frycos
We've added a new demo to NewRemotingTricks that makes deploying a MarshalByRefObject (e.g., WebClient) even easier: System.Lazy creates an instance of T on serialization, which is probably more likely to be allowed than a XAML gadget getting through. github.com/codewhitesec...
GitHub - codewhitesec/NewRemotingTricks: New exploitation tricks for hardened .NET Remoting servers
New exploitation tricks for hardened .NET Remoting servers - codewhitesec/NewRemotingTricks
github.com
August 5, 2025 at 3:11 PM
We've added a new demo to NewRemotingTricks that makes deploying a MarshalByRefObject (e.g., WebClient) even easier: System.Lazy creates an instance of T on serialization, which is probably more likely to be allowed than a XAML gadget getting through. github.com/codewhitesec...
Wow, I wrote with an author of a cool VR blog post yesterday. Just asked for some more explanations and maybe references. Tl;dr: he couldn’t explain or elaborate because exactly this part of the blog was written by GPT…
July 29, 2025 at 6:08 AM
Wow, I wrote with an author of a cool VR blog post yesterday. Just asked for some more explanations and maybe references. Tl;dr: he couldn’t explain or elaborate because exactly this part of the blog was written by GPT…
Reposted by Frycos
We have reproduced "ToolShell", the unauthenticated exploit chain for CVE-2025-49706 + CVE-2025-49704 used by @_l0gg (on X) to pop SharePoint at #Pwn2Own Berlin 2025, it's really just one request! Kudos to @mwulftange.bsky.social
July 14, 2025 at 1:00 PM
We have reproduced "ToolShell", the unauthenticated exploit chain for CVE-2025-49706 + CVE-2025-49704 used by @_l0gg (on X) to pop SharePoint at #Pwn2Own Berlin 2025, it's really just one request! Kudos to @mwulftange.bsky.social
A quick-and-dirty late night blog post on discovering an nday variant in Zyxel NWA50AX Pro devices
frycos.github.io/vulns4free/2...
frycos.github.io/vulns4free/2...
Zyxel NWA50AX Pro - Discovery of an Nday Variant
Today was an eventful day thanks to many interesting blog posts, e.g. from my friends at watchTowr. So I thought, why not publish a small quick-and-dirty blog post myself about a story from last week?...
frycos.github.io
June 17, 2025 at 9:12 PM
A quick-and-dirty late night blog post on discovering an nday variant in Zyxel NWA50AX Pro devices
frycos.github.io/vulns4free/2...
frycos.github.io/vulns4free/2...
Oh no, it's a variant of CVE-2024-29974...I accidentally found that a similar vuln affected Zyxel NWA50AX (Pro) and tested against devices (obviously) lacking the latest patches. This CVE was never publicly related to NWA50AX, though. Well, nice nday exercise then.
June 16, 2025 at 9:34 PM
Oh no, it's a variant of CVE-2024-29974...I accidentally found that a similar vuln affected Zyxel NWA50AX (Pro) and tested against devices (obviously) lacking the latest patches. This CVE was never publicly related to NWA50AX, though. Well, nice nday exercise then.
B03701066A0F762E75BAA67816EDB223F8681C9444C34E0B768DE518268025A0
Am I on vacation in the mountains? Yes. Do they have network equipment there? Yes. Can I refrain from doing VR? No.
You know the drill: disclosure and blog post planned. 😄
Am I on vacation in the mountains? Yes. Do they have network equipment there? Yes. Can I refrain from doing VR? No.
You know the drill: disclosure and blog post planned. 😄
June 14, 2025 at 5:53 AM
B03701066A0F762E75BAA67816EDB223F8681C9444C34E0B768DE518268025A0
Am I on vacation in the mountains? Yes. Do they have network equipment there? Yes. Can I refrain from doing VR? No.
You know the drill: disclosure and blog post planned. 😄
Am I on vacation in the mountains? Yes. Do they have network equipment there? Yes. Can I refrain from doing VR? No.
You know the drill: disclosure and blog post planned. 😄
Reposted by Frycos
Yes, we're beating a dead horse. But that horse still runs in corporate networks - and quietly gives attackers the keys to the kingdom. We're publishing what’s long been exploitable. Time to talk about it. #DSM #Ivanti code-white.com/blog/ivanti-...
CODE WHITE | Analyzing the Attack Surface of Ivanti's DSM
Ivanti's Desktop & Server Management (DSM) product is an old acquaintance that we have encountered in numerous red team and
internal assessments. The main purpose of the product is the centralized dis...
code-white.com
May 13, 2025 at 6:45 AM
Yes, we're beating a dead horse. But that horse still runs in corporate networks - and quietly gives attackers the keys to the kingdom. We're publishing what’s long been exploitable. Time to talk about it. #DSM #Ivanti code-white.com/blog/ivanti-...
Reposted by Frycos
If you are in the US and upset at the AfD being subject to more surveillance now:
The bar to be declared "in conflict with the democratic order" is *very* high. It is literally the AfD definition of "Germanness" by your ancestry, declaring ppl of other ancestries inferior, that did it, justifiedly.
The bar to be declared "in conflict with the democratic order" is *very* high. It is literally the AfD definition of "Germanness" by your ancestry, declaring ppl of other ancestries inferior, that did it, justifiedly.
May 3, 2025 at 7:22 AM
If you are in the US and upset at the AfD being subject to more surveillance now:
The bar to be declared "in conflict with the democratic order" is *very* high. It is literally the AfD definition of "Germanness" by your ancestry, declaring ppl of other ancestries inferior, that did it, justifiedly.
The bar to be declared "in conflict with the democratic order" is *very* high. It is literally the AfD definition of "Germanness" by your ancestry, declaring ppl of other ancestries inferior, that did it, justifiedly.
Reposted by Frycos
🧵 THREAD: A federal whistleblower just dropped one of the most disturbing cybersecurity disclosures I’ve ever read.
He's saying DOGE came in, data went out, and Russians started attempting logins with new valid DOGE passwords
Media's coverage wasn't detailed enough so I dug into his testimony:
He's saying DOGE came in, data went out, and Russians started attempting logins with new valid DOGE passwords
Media's coverage wasn't detailed enough so I dug into his testimony:
April 18, 2025 at 12:10 AM
🧵 THREAD: A federal whistleblower just dropped one of the most disturbing cybersecurity disclosures I’ve ever read.
He's saying DOGE came in, data went out, and Russians started attempting logins with new valid DOGE passwords
Media's coverage wasn't detailed enough so I dug into his testimony:
He's saying DOGE came in, data went out, and Russians started attempting logins with new valid DOGE passwords
Media's coverage wasn't detailed enough so I dug into his testimony:
That sums up my week's vacation pretty well. And I have to say, I like it.
April 16, 2025 at 8:46 PM
That sums up my week's vacation pretty well. And I have to say, I like it.
Reposted by Frycos
We have just published our AttackerKB @rapid7.com Analysis of CVE-2025-22457, an unauthenticated stack based buffer overflow in Ivanti Connect Secure. Difficult to exploit due to severe character restrictions, we detail our full RCE technique here: attackerkb.com/topics/0ybGQ...
CVE-2025-22457 | AttackerKB
On April 3, 2025, Ivanti published an advisory for CVE-2025-22457, an unauthenticated remote code execution vulnerability due to a stack based buffer overflow.…
attackerkb.com
April 10, 2025 at 6:19 PM
We have just published our AttackerKB @rapid7.com Analysis of CVE-2025-22457, an unauthenticated stack based buffer overflow in Ivanti Connect Secure. Difficult to exploit due to severe character restrictions, we detail our full RCE technique here: attackerkb.com/topics/0ybGQ...
Reposted by Frycos
This was a pretty cool online course by @voidstarsec I can recommend.
March 30, 2025 at 8:36 AM
This was a pretty cool online course by @voidstarsec I can recommend.
Reposted by Frycos
Our crew members @mwulftange.bsky.social & @frycos.bsky.social discovered & responsibly disclosed several new RCE gadgets that bypass #Veeam 's blacklist for CVE-2024-40711 & CVE-2025-23120 + further entry points after @sinsinology.bsky.social & @chudypb.bsky.social 's blog. Replace BinaryFormatter!
March 28, 2025 at 4:35 PM
Our crew members @mwulftange.bsky.social & @frycos.bsky.social discovered & responsibly disclosed several new RCE gadgets that bypass #Veeam 's blacklist for CVE-2024-40711 & CVE-2025-23120 + further entry points after @sinsinology.bsky.social & @chudypb.bsky.social 's blog. Replace BinaryFormatter!
If you think code audits are driving you to the brink of insanity, try hardware hacking...
March 12, 2025 at 10:21 PM
If you think code audits are driving you to the brink of insanity, try hardware hacking...
Reposted by Frycos
Ever wondered how Kurts Maultaschenfabrikle got hacked in 2023? The full story, all technical details, out now ;-) apply-if-you-can.com/walkthrough/...
Walkthrough 2023
apply-if-you-can.com
February 21, 2025 at 10:31 AM
Ever wondered how Kurts Maultaschenfabrikle got hacked in 2023? The full story, all technical details, out now ;-) apply-if-you-can.com/walkthrough/...