Neodyme Profile Banner
Neodyme Profile
Neodyme

@Neodyme

Followers
5K
Following
369
Media
78
Statuses
338

We secure software with deep-dive audits, cutting-edge research, and in-depth trainings. Secure your solana program with Riverguard @ https://t.co/VmxVHzx2U2 🏞️💂

Germany
Joined August 2021
Don't wanna be here? Send us removal request.
@Neodyme
Neodyme
2 years
Introducing Riverguard 🏞️💂. A new security tool for Solana program deployers. 🧵.
Tweet media one
13
71
95
@Neodyme
Neodyme
7 hours
We reported a vulnerability in Parallels Client via @thezdi last year. 🔥 The issue (CVE-2025-6812) - now fixed: A privileged service searched for an OpenSSL config file in an unsecured location, enabling LPE. ➡️ Advisory here: .☂️ Patch your systems!.
neodyme.io
The AppServer service installed with Parallel Client searches for an OpenSSL config file in an unsecured location, which allowed low privileged users to escalate their privileges.
0
5
12
@Neodyme
Neodyme
15 days
🔧✨ On our company retreat this week, we're diving into hardware and protocol hacking: fingerprint sensors, smart locks, drones and Bluetooth speakers. A great mix of hands-on research, creative exploration, and team bonding over board games!🎲
Tweet media one
0
1
8
@Neodyme
Neodyme
16 days
We now have all the puzzle pieces to understand how the exploit worked. In GMX's contract structure, the normal flow of a position increase is as follows:.The Position Manager is called by the keeper and triggers the position increase in the orderbook and vault. It then updates.
0
0
1
@Neodyme
Neodyme
16 days
3. Complicated cache design:. Another component in GMX, the GlpManager, is responsible for minting or burning pool shares in the form of GLP tokens. To accurately price these tokens, it has to track profits from shorts which the protocol has generated but not yet realized. This.
1
0
1
@Neodyme
Neodyme
16 days
2. Loose access restriction:. The vault's increasePosition instruction, which allows an increase in short positions, is only allowed when "leverage is enabled". This is a global flag that the Position Manager sets to true before calling the vault, and back to false after.
1
0
1
@Neodyme
Neodyme
16 days
Let's start with 1, the control flow hijack:. Users can register the intent to decrease their position with GMX. The actual execution of this is done by a "keeper", an off-chain bot that is the only one that can directly modify positions. In this case, the attacker caused the.
1
0
3
@Neodyme
Neodyme
16 days
The vulnerability is a combination of three things:.1. During payout of collateral when decreasing a position, control flow can be hijacked. 2. Loose access restriction on a keeper-only instruction, allowing the attacker to call into an internal instruction. 3. Complicated cache.
1
0
3
@Neodyme
Neodyme
22 days
🎤At 4pm today at the "Festival der Zukunft", our colleagues dive into:."Black Hat, White Hat, Cyberwar - Modern Attacks and Defense". From hacking-as-a-service to cyberwarfare, discover how attacks are evolving and what it means for digital defense. 🕵️‍♀️ Don't miss it!.
0
0
1
@Neodyme
Neodyme
23 days
Think your speech model is secure?.It might be quietly leaking what it was trained on. In a new blog post, we explain membership inference attacks and why they matter for cyber security experts. 🔗
Tweet card summary image
neodyme.io
This post explores a recent research paper on membership inference attacks targeting Automatic Speech Recognition (ASR) models. It breaks down how subtle signals like input perturbation and model...
0
3
8
@Neodyme
Neodyme
1 month
Meet our colleagues at the "Festival der Zukunft" at @DeutschesMuseum in Munich. Don't miss our talk on July 3 at 4pm! .Check it out here:
Tweet media one
Tweet media two
0
1
6
@Neodyme
Neodyme
1 month
Cybersecurity needs more than tech, it needs people who care. ❤️.That's why Neodyme is committed to supporting Nachwuchsförderung IT-Sicherheit e.V. not just financially, but with time, energy, and heart from our team.
@DHM_ctf
Deutsche Hacking Meisterschaft
1 month
Congratulations to the winners of the German Hacking Championship 2025:.1️⃣ Team KuK Hofhackerei.2️⃣ Team Organizers.3️⃣ Team Boomers :-).Incredible work by all teams: 33 hours of pure teamwork, and tech brilliance. 👏
Tweet media one
0
1
3
@Neodyme
Neodyme
1 month
We're thrilled that Nachwuchsförderung IT-Sicherheit is organizing the @DHM_ctf 2025! 🇩🇪🧠.It's a fantastic event for the next generation of cybersecurity minds, we can't wait to see what they bring to the challenge! 💙.
@DHM_ctf
Deutsche Hacking Meisterschaft
1 month
💥 It’s ON! The German Hacking Championship 2025 kicks off now. Top teams from across Germany and beyond are tackling tough challenges in this 33-hour CTF marathon. 🧠💻. Best of luck to all teams! 🛡️
Tweet media one
0
0
2
@Neodyme
Neodyme
2 months
🏆 Throwback to Pwn2Own Toronto 2022: "Routers are just Linux boxes with antennas." So we treated one like it. At #Pwn2Own 2022, we turned a Netgear RAX30 into a stepping stone for a full LAN pivot. Story:
Tweet card summary image
neodyme.io
Three years ago, Neodyme took aim the "SOHO Smashup" category at Pwn2Own Toronto 2022, targeting a Netgear RAX30 router and an HP M479fdw printer. We successfully gained remote code execution on both...
0
6
28
@Neodyme
Neodyme
2 months
Part 3 of our Riverguard series is out! .We're looking under the hood at the "fuzzcases" Riverguard uses to catch real-world bugs in Solana smart contracts. Still shocked how often some of these pop up. Check it out 👉
Tweet card summary image
neodyme.io
Riverguard, the first line of defense for all Solana contracts
0
6
8
@Neodyme
Neodyme
2 months
Once again this year, a few colleagues couldn’t resist jumping into the HTB CTF to take on experts from around the world. 💻.A great challenge with a wide range of categories. The result: 1st place in 🇩🇪 and top 3 in 🇪🇺.
Tweet media one
1
3
7
@Neodyme
Neodyme
2 months
At #Pwn2Own Ireland 2024, we successfully targeted the SOHO Smashup category. 🖨️.Starting with a QNAP QHora-322 NAS, we pivoted to the Canon imageCLASS MF656Cdw - and ended up with shellcode execution. Read the full vulnerability deep dive here 👉
Tweet card summary image
neodyme.io
This blogpost starts a series about various exploits at Pwn2Own 2024 Ireland (Cork). This and the upcoming posts will detail our research methodology and journey in exploiting different devices. We...
2
15
67
@Neodyme
Neodyme
2 months
Day 2 at @offensive_con has just started and our colleagues Kolja Grassmann and Alain Rödel are right in the middle of it! 🔥.Can't wait to hear the insights they bring back from some of the sharpest minds in offensive security. If you're there too, make sure to say hi!
Tweet media one
0
4
22
@Neodyme
Neodyme
3 months
From iframes and file reads to full RCE. 🔥. We found an HTML-to-PDF API allowing file reads and SSRF - then chained it into remote code execution via a Chromium 62 WebView exploit. 👉 Read the full write-up here:
neodyme.io
In a recent engagement, we found an HTML to PDF converter API endpoint that allowed us to list local directories and files on a remote server. One of the PDF files we created, revealed that the...
1
29
74
@Neodyme
Neodyme
3 months
Sign up here:
0
0
0
@Neodyme
Neodyme
3 months
Interested in learning about Windows exploitation?. This August, join us in Las Vegas for an intensive, hands-on 4-day DEFCON training:.Binary Exploitation on Windows, led by Felipe and Kolja!. 🗓️ When: August 9–12, 2025.📍 Where: Las Vegas Convention Center
Tweet media one
1
5
8