Did you encounter the Supabase? Might wanna try my newest tooling or have a read about quickwins? There you go:
blog.m1tz.com/posts/2025/1...

Tired of dull, standard interviews? Talk to Kurt. Also, a few of my colleagues and I will be attending BruCON next week. Feel free to come and talk to us.

Nice one! But see also blog.m1tz.com/posts/2025/0...
I covered some more misconfigurations targeting Firebase.

We've added a new demo to NewRemotingTricks that makes deploying a MarshalByRefObject (e.g., WebClient) even easier: System.Lazy creates an instance of T on serialization, which is probably more likely to be allowed than a XAML gadget getting through. github.com/codewhitesec...

Stumbled upon your next Firebase target? You might want to take a closer look at this.

blog.m1tz.com/posts/2025/0...

Yes, we're beating a dead horse. But that horse still runs in corporate networks - and quietly gives attackers the keys to the kingdom. We're publishing what’s long been exploitable. Time to talk about it. #DSM #Ivanti code-white.com/blog/ivanti-...

My blog post on some vulns in GFI MailEssentials

frycos.github.io/vulns4free/2...

I do have quite a backlog of blog posts, so let's start with this one 😎

Our crew members @mwulftange.bsky.social & @frycos.bsky.social discovered & responsibly disclosed several new RCE gadgets that bypass #Veeam 's blacklist for CVE-2024-40711 & CVE-2025-23120 + further entry points after @sinsinology.bsky.social & @chudypb.bsky.social 's blog. Replace BinaryFormatter!

Sexy

Most of you know about Telerik or DevExpress but ever heard of Syncfusion as another big global player? I found some interesting vulnerabilities in it, fixed in version v27.1.55. Unfortunately, Syncfusion still tries to understand CVE assignments 😅

Another live hacking event with the #kaeferjaeger . This time with #Intigriti in Heidelberg and the awesome target #Allegro . Had a great time and found a couple of bugs. #lhe #bughunting #bugbounty