Neodyme
@Neodyme
Followers
5K
Following
352
Statuses
315
We secure software with deep-dive audits, cutting-edge research, and in-depth trainings. Secure your solana program with Riverguard @ https://t.co/VmxVHzx2U2 ๐๏ธ๐
Germany
Joined August 2021
Introducing Riverguard ๐๏ธ๐ A new security tool for Solana program deployers... ๐งต
13
71
90
๐Part 2 of our COM hijacking series is live! This time, we discuss a vulnerability in AVG Internet Security, where we bypass an allow-list, disable self-protection, and exploit an update mechanism to escalate privileges to SYSTEM ๐๐ป
1
15
46
We made it to the news... ๐ฐ
Windows LPE (@MrAle_98), CLR OPSEC (@passthehashbrwn), WinRM BOFs (@falconforceteam), Bitlocker bypass (@Neodyme), and more!
2
0
5
From startups to large companies, we've seen this setup used by many corporate clients in the wild. Here's why this is so difficult to fix and Microsoft has not changed the exploitable default settings yet:
0
1
9
Following our #38c3 talk about exploiting security software for privilege escalation, we're excited to kick off a new blog series! ๐ Check out our first blog post on our journey to ๐ฅ exploit five reputable security products to gain privileges via COM hijacking:
1
22
74
Want to support independent research like this? Consider delegating to our validator. Your support helps us keep delivering top-quality insights without compromise:
0
0
11
๐ฅWhen security software itself becomes a target! ๐ฅ Learn how we've uncovered critical vulnerabilities in Wazuh, turning a powerful security tool into an unexpected attack vector. ๐ Read more about the findings:
0
7
12
While some of our colleagues were at the #itsaexpo in Nuremberg, our team who traveled to Cork successfully completed the #SOHOSmashup category at #Pwn2Own! We've responsibly disclosed the vulnerabilities we found. Big thanks to @thezdi for organizing this amazing event!
Our final SOHO Smashup of Day 2 ends with a partial collision. Neodyme (@Neodyme) used 4 bugs, including a stack-based buffer overflow, in their successful demonstration, but 1 bug had previously been used in the contest. They earn $21,875 and 8.75 Master of Pwn points. #Pwn2Own
1
0
9
gg, this should fit nicely into our new office ๐จ๏ธ We'll be looking to complete the set tomorrow by attacking Lexmark CX331adwe at 3pm in the printers category and QNAP QHora-322 and Canon imageCLASS MF656Cdw at 5pm in the SOHO category. See you there!
Confirmed! Team Neodyme (@Neodyme) used a stack-based buffer overflow to exploit the HP Color LaserJet Pro MFP 3301fdw printer. The earn $20,000 and 2 Master of Pwn points. #Pwn2Own #P2OIreland
3
5
25
We audited @UNCX_token's liquidity lockers toward the end of Q2 2024 -- and we're happy to celebrate their launch! We can confirm that their audit completed without a single finding above low severity -- an uncommon feat. Their dedication to securing their programs is unmatched ๐ซก
Our Liquidity Lockers are now live on @solana, offering enhanced security and verifiable open-source integration for projects. Lock liquidity on @RaydiumProtocol to protect token value, minimize volatility, and increase investor confidence. All accounts are decentralized, immutable, and secure. Secure your SOL project now! ๐
0
3
13