CODE WHITE | Unauthenticated RCE in NetSupport Manager - A Technical Deep Dive

NetSupport Manager is a remote control and support software that we find surprisingly often utilized in sensitive *Operational Technology (OT)* environments, such as production plant networks. Besides describing two 0-day vulnerabilities that we found in the client component of the software, we also walk you through an exploit odyssey to finally gain unauthenticated Remote Code Execution.

CODE WHITE - Applicants Challenge

Applicants Challenge! Face real-world vulns, earn trophies, First Bloods & epic swag!

CODE WHITE | A Retrospective Analysis of CVE-2025-59287 in Microsoft WSUS

How the n-day research for a suspected vulnerability in Microsoft WSUS (CVE-2025-59287) led to the surprising discovery of a new `SoapFormatter` vulnerability added by the Patch Tuesday updates of October 2025.

FAUST CTF 2025 | FAUST CTF 2025

FAUST CTF 2025 is an online attack-defense CTF competition run by FAUST, the CTF team of Friedrich-Alexander University Erlangen-Nürnberg

GitHub - codewhitesec/NewRemotingTricks: New exploitation tricks for hardened .NET Remoting servers

New exploitation tricks for hardened .NET Remoting servers - codewhitesec/NewRemotingTricks

CODE WHITE | Analyzing the Attack Surface of Ivanti's DSM

Ivanti's Desktop & Server Management (DSM) product is an old acquaintance that we have encountered in numerous red team and internal assessments. The main purpose of the product is the centralized distribution of software packages. In our blog post *Analyzing the Attack Surface of Ivanti's DSM* we take a look at the software from an attacker's perspective. We discuss common misconfigurations, uncover the technical details of two vulnerabilities we identified and provide recommendations to harden existing DSM environments.

Walkthrough 2023

CODE WHITE | Public Vulnerability List

Public list of vulnerabilities, found by CODE WHITE