localo Profile
localo

@_localo_

Followers
386
Following
125
Media
13
Statuses
81

I play ctf @allesctf

Joined March 2019
Don't wanna be here? Send us removal request.
@_localo_
localo
3 months
RT @Neodyme: From iframes and file reads to full RCE. 🔥. We found an HTML-to-PDF API allowing file reads and SSRF - then chained it into re….
Tweet card summary image
neodyme.io
In a recent engagement, we found an HTML to PDF converter API endpoint that allowed us to list local directories and files on a remote server. One of the PDF files we created, revealed that the...
0
29
0
@_localo_
localo
5 months
RT @_manfp: If you're a security researcher and in Germany, consider signing . Decriminalizing research might not b….
0
12
0
@_localo_
localo
5 months
Here is a nix reversing challenge I created for this year's @C_S_C_G have fun :).
@C_S_C_G
CSCG
5 months
The Cyber Security Challenge Germany 2025 has started! 🎉.The competition runs from March 1 - 18:00 CET to May 1 - 18:00 CEST. We're excited to announce that we are inviting the top 6 DACH players in the EARTH category to the @DHM_ctf!.Participate now at:
0
0
4
@_localo_
localo
6 months
Last year @stacksmashing presented the pico-sniffer, this year Thomas ( demonstrates a software-only attack that would make breaking Bitlocker even easier!.
Tweet card summary image
infosec.exchange
0 Posts, 0 Following, 1 Follower · Security Researcher @neodyme.io
@Neodyme
Neodyme
6 months
From startups to large companies, we've seen this setup used by many corporate clients in the wild. Here's why this is so difficult to fix and Microsoft has not changed the exploitable default settings yet:.
Tweet media one
0
3
12
@_localo_
localo
7 months
RT @Neodyme: ND people are @ #38c3 in Hamburg, Germany. Be sure to check out our two talks about LPEs in AV/EDR Products (Saturday, 4 PM YE….
0
4
0
@_localo_
localo
8 months
RT @Neodyme: 💥When security software itself becomes a target! 💥.Learn how we've uncovered critical vulnerabilities in Wazuh, turning a powe….
Tweet card summary image
neodyme.io
Explore the hidden risks within security software as we dive into vulnerabilities of Wazuh, a popular EDR solution. This post reveals how even trusted tools can become targets, highlighting the...
0
7
0
@_localo_
localo
9 months
Amazing work from @D_K_Dev he dumped all the devices we needed for #Pwn2Own this year and got us initial access to all of them! If you struggled on the AeoTec Smart Home Hub, make sure to check this out! 👀.
@D_K_Dev
D_K
9 months
After a great #Pwn2Own with @Neodyme , I would like to share some insights I gained when working with the AeoTec Smart Home Hub. We did not manage to find any bugs in time but dumping the firmware was a great lesson. So, let’s tell you the story of how I approached this target.
0
0
11
@_localo_
localo
9 months
Huge shout-out to @_Staubfinger and @0x4d5aC for pulling off this beauty! 🥳 🎉 The router chain is especially nice, watch out for some nice Blogpost once the bugs are fixed over at 👀.
Tweet card summary image
neodyme.io
Make security your strength. We help secure software with deep-dive audits, cutting-edge research, and trainings that propel your team to the next level.
@thezdi
Trend Zero Day Initiative
9 months
Our final SOHO Smashup of Day 2 ends with a partial collision. Neodyme (@Neodyme) used 4 bugs, including a stack-based buffer overflow, in their successful demonstration, but 1 bug had previously been used in the contest. They earn $21,875 and 8.75 Master of Pwn points. #Pwn2Own
Tweet media one
0
3
28
@_localo_
localo
9 months
This has been my first time writing an exploit for a printer, it was quite a fun challenge! Huge thanks to @thezdi for hosting the competition and @HP for the challenge.
@thezdi
Trend Zero Day Initiative
9 months
Confirmed! Team Neodyme (@Neodyme) used a stack-based buffer overflow to exploit the HP Color LaserJet Pro MFP 3301fdw printer. The earn $20,000 and 2 Master of Pwn points. #Pwn2Own #P2OIreland
1
0
55
@_localo_
localo
1 year
RT @_mixy1: Just had a really bad day today :(. Even though I finished 1st in the national cybersec qualifiers which supposedly auto qualif….
0
7
0
@_localo_
localo
1 year
Btw are there any alternatives to TraceGraph, it's a bit slow for large traces.
0
0
0
@_localo_
localo
1 year
Here's a Python snippet I wrote this weekend to help with a drm analysis that generates TraceGraph databases with Qiling. This can be useful in general to think about obfuscated code at a higher level, maybe it's useful for someone else too.
Tweet media one
1
0
3
@_localo_
localo
1 year
RT @C_S_C_G: Only four days left until the start of the #CSCG2024 on the 1st of March. In this year the competition will last for two month….
0
15
0
@_localo_
localo
2 years
RT @fluxfingers: The game is on! You have 48h to prove your luck 👉
Tweet media one
0
9
0
@_localo_
localo
2 years
RT @C_S_C_G: 🇩🇪 | Today, the @BSI_Bund hosted Germany's #ECSC team. These talented youngsters proved their skills during CSCG and will re….
0
4
0
@_localo_
localo
2 years
RT @allesctf: What is ALLES!? Some of our members will be interviewed by the @c3voc in a few minutes, it will be streamed live at https://t….
0
3
0
@_localo_
localo
2 years
Looks like I am officially a game dev now 😎 @0x4d5aC @D_K_Dev and I've been working on this for way too long, hope it pays off. Also thanks to all beta testers from @C_S_C_G.Apart from that I also wrote a web challenge, check it out, it's just a few lines of code.
@allesctf
ALLES
2 years
The #CCCamp CTF is starting up this Wednesday at 12 PM CEST, we planned some great challenges and even game hacking! Whether you're a CTF beginner or an expert we have challenges for you. You can find more info here #ctf #hackersummercamp
Tweet media one
0
1
8
@_localo_
localo
2 years
Playing CTF with @0rganizers and @Sauercl0ud in Las Vegas, our food team is amazing, they even managed to get Club Mate!
Tweet media one
0
0
20