m1tz's Avatar

m1tz

@m1tzzz

Web Security Expert | Bug Hunter | Käferjäger

736
Followers 135
Following 5
Posts 14.11.2024
Joined
Posts Following

Latest posts by m1tz @m1tzzz

Preview
CODE WHITE | Unauthenticated RCE in NetSupport Manager - A Technical Deep Dive NetSupport Manager is a remote control and support software that we find surprisingly often utilized in sensitive *Operational Technology (OT)* environments, such as production plant networks. Besides...

You like technical deep dives into binary exploitation and crazy heap wizardry? Then you'll like our blog post about unauth'ed RCE in NetSupport Manager aka CVE-2025-34164 & CVE-2025-34165 code-white.com/blog/2026-01...

23.01.2026 12:28 👍 7 🔁 9 💬 0 📌 1
Post image

Just sayin‘ 🤷

15.11.2025 08:57 👍 4 🔁 2 💬 0 📌 0
Preview
CODE WHITE | A Retrospective Analysis of CVE-2025-59287 in Microsoft WSUS How the n-day research for a suspected vulnerability in Microsoft WSUS (CVE-2025-59287) led to the surprising discovery of a new `SoapFormatter` vulnerability added by the Patch Tuesday updates of Oct...

Latest ≠ Greatest? A Retrospective Analysis of CVE-2025-59287 in Microsoft WSUS from our very own @mwulftange.bsky.social who loves converting n-days to 0-days code-white.com/blog/wsus-cv...

29.10.2025 13:05 👍 8 🔁 6 💬 0 📌 1
A Hands-On Edition: Will Supabase Be the Next Firebase (At Least in Terms of Security)? It all started with my good colleague @schniggie who’s got my attention with an X post earlier that year. Until then I rarely heared of Supabase, but let us start from the scratch. Firebase changed th...

Did you encounter the Supabase? Might wanna try my newest tooling or have a read about quickwins? There you go:
blog.m1tz.com/posts/2025/1...

07.10.2025 20:01 👍 2 🔁 1 💬 0 📌 0

Tired of dull, standard interviews? Talk to Kurt. Also, a few of my colleagues and I will be attending BruCON next week. Feel free to come and talk to us.

15.09.2025 07:44 👍 6 🔁 1 💬 0 📌 0
Hacking Firebase Projects: Enumeration and Common Misconfigurations After encountering multiple Firebase-related security issues through professional assessments at work and bug bounty hunting, I felt it was important to bring more visibility to the security implicati...

Nice one! But see also blog.m1tz.com/posts/2025/0...
I covered some more misconfigurations targeting Firebase.

13.08.2025 06:50 👍 2 🔁 0 💬 0 📌 0
Preview
GitHub - codewhitesec/NewRemotingTricks: New exploitation tricks for hardened .NET Remoting servers New exploitation tricks for hardened .NET Remoting servers - codewhitesec/NewRemotingTricks

We've added a new demo to NewRemotingTricks that makes deploying a MarshalByRefObject (e.g., WebClient) even easier: System.Lazy<T> creates an instance of T on serialization, which is probably more likely to be allowed than a XAML gadget getting through. github.com/codewhitesec...

05.08.2025 15:11 👍 4 🔁 4 💬 0 📌 1
Hacking Firebase Projects: Enumeration and Common Misconfigurations After encountering multiple Firebase-related security issues through professional assessments at work and bug bounty hunting, I felt it was important to bring more visibility to the security implicati...

Stumbled upon your next Firebase target? You might want to take a closer look at this.

blog.m1tz.com/posts/2025/0...

18.07.2025 21:30 👍 2 🔁 0 💬 0 📌 0
CODE WHITE | Analyzing the Attack Surface of Ivanti's DSM Ivanti's Desktop & Server Management (DSM) product is an old acquaintance that we have encountered in numerous red team and internal assessments. The main purpose of the product is the centralized dis...

Yes, we're beating a dead horse. But that horse still runs in corporate networks - and quietly gives attackers the keys to the kingdom. We're publishing what’s long been exploitable. Time to talk about it. #DSM #Ivanti code-white.com/blog/ivanti-...

13.05.2025 06:45 👍 8 🔁 8 💬 0 📌 1
GFI MailEssentials - Yet Another .NET Target What is this product GFI MailEssentials all about? We’re living the future, right? So let’s ask the GFI AI.

My blog post on some vulns in GFI MailEssentials

frycos.github.io/vulns4free/2...

28.04.2025 17:34 👍 7 🔁 7 💬 0 📌 0

I do have quite a backlog of blog posts, so let's start with this one 😎

10.04.2025 14:54 👍 10 🔁 2 💬 0 📌 0

Our crew members @mwulftange.bsky.social & @frycos.bsky.social discovered & responsibly disclosed several new RCE gadgets that bypass #Veeam 's blacklist for CVE-2024-40711 & CVE-2025-23120 + further entry points after @sinsinology.bsky.social & @chudypb.bsky.social 's blog. Replace BinaryFormatter!

28.03.2025 16:35 👍 9 🔁 6 💬 0 📌 2

Sexy

05.01.2025 13:31 👍 1 🔁 0 💬 0 📌 0
Post image

Most of you know about Telerik or DevExpress but ever heard of Syncfusion as another big global player? I found some interesting vulnerabilities in it, fixed in version v27.1.55. Unfortunately, Syncfusion still tries to understand CVE assignments 😅

02.12.2024 08:46 👍 9 🔁 4 💬 0 📌 1
Post image

Another live hacking event with the #kaeferjaeger . This time with #Intigriti in Heidelberg and the awesome target #Allegro . Had a great time and found a couple of bugs. #lhe #bughunting #bugbounty

24.11.2024 10:25 👍 10 🔁 0 💬 0 📌 1