localo
@_localo_
Followers
387
Following
125
Media
13
Statuses
81
RT @Neodyme: At #Pwn2Own Ireland 2024, we successfully targeted the SOHO Smashup category. 🖨️.Starting with a QNAP QHora-322 NAS, we pivote….
neodyme.io
This blogpost starts a series about various exploits at Pwn2Own 2024 Ireland (Cork). This and the upcoming posts will detail our research methodology and journey in exploiting different devices. We...
0
15
0
RT @Neodyme: From iframes and file reads to full RCE. 🔥. We found an HTML-to-PDF API allowing file reads and SSRF - then chained it into re….
neodyme.io
In a recent engagement, we found an HTML to PDF converter API endpoint that allowed us to list local directories and files on a remote server. One of the PDF files we created, revealed that the...
0
29
0
Here is a nix reversing challenge I created for this year's @C_S_C_G have fun :).
The Cyber Security Challenge Germany 2025 has started! 🎉.The competition runs from March 1 - 18:00 CET to May 1 - 18:00 CEST. We're excited to announce that we are inviting the top 6 DACH players in the EARTH category to the @DHM_ctf!.Participate now at:
0
0
5
RT @disconnect3d_pl: Pwndbg 2025.01 is out! It adds official LLDB support including support for macOS and Mach-O binaries, improved perform….
github.com
This release features LLDB support, improved performance, bug fixes and enhanced embedded systems experience. Pwndbg can now run on macOS (both Intel & Apple Silicon) and allows for debugging M...
0
48
0
Last year @stacksmashing presented the pico-sniffer, this year Thomas ( demonstrates a software-only attack that would make breaking Bitlocker even easier!.
infosec.exchange
0 Posts, 0 Following, 1 Follower · Security Researcher @neodyme.io
From startups to large companies, we've seen this setup used by many corporate clients in the wild. Here's why this is so difficult to fix and Microsoft has not changed the exploitable default settings yet:.
0
3
12
RT @Neodyme: 💥When security software itself becomes a target! 💥.Learn how we've uncovered critical vulnerabilities in Wazuh, turning a powe….
neodyme.io
Explore the hidden risks within security software as we dive into vulnerabilities of Wazuh, a popular EDR solution. This post reveals how even trusted tools can become targets, highlighting the...
0
7
0
Huge shout-out to @_Staubfinger and @0x4d5aC for pulling off this beauty! 🥳 🎉 The router chain is especially nice, watch out for some nice Blogpost once the bugs are fixed over at 👀.
neodyme.io
Make security your strength. We help secure software with deep-dive audits, cutting-edge research, and trainings that propel your team to the next level.
Our final SOHO Smashup of Day 2 ends with a partial collision. Neodyme (@Neodyme) used 4 bugs, including a stack-based buffer overflow, in their successful demonstration, but 1 bug had previously been used in the contest. They earn $21,875 and 8.75 Master of Pwn points. #Pwn2Own
0
3
28
This has been my first time writing an exploit for a printer, it was quite a fun challenge! Huge thanks to @thezdi for hosting the competition and @HP for the challenge.
Confirmed! Team Neodyme (@Neodyme) used a stack-based buffer overflow to exploit the HP Color LaserJet Pro MFP 3301fdw printer. The earn $20,000 and 2 Master of Pwn points. #Pwn2Own #P2OIreland
1
0
55
Btw are there any alternatives to TraceGraph, it's a bit slow for large traces.
0
0
0
Here's a Python snippet I wrote this weekend to help with a drm analysis that generates TraceGraph databases with Qiling. This can be useful in general to think about obfuscated code at a higher level, maybe it's useful for someone else too.
1
0
3
RT @allesctf: What is ALLES!? Some of our members will be interviewed by the @c3voc in a few minutes, it will be streamed live at https://t….
0
3
0
Looks like I am officially a game dev now 😎 @0x4d5aC @D_K_Dev and I've been working on this for way too long, hope it pays off. Also thanks to all beta testers from @C_S_C_G.Apart from that I also wrote a web challenge, check it out, it's just a few lines of code.
The #CCCamp CTF is starting up this Wednesday at 12 PM CEST, we planned some great challenges and even game hacking! Whether you're a CTF beginner or an expert we have challenges for you. You can find more info here #ctf #hackersummercamp
0
1
8
Playing CTF with @0rganizers and @Sauercl0ud in Las Vegas, our food team is amazing, they even managed to get Club Mate!
0
0
20