13 Photos and videos
Drones are hot - their security is not.
Here is how removed the NAND, dumped firmware, and reverse-engineered ECC on a consumer drone. Stay tuned for part 2!
neodyme.io/de/blog/drone_hac…
2
14
20
1,393
Excited to present my research @hack_lu while not much new, I learned a ton. Never done AES fault injection before, always nice to have a real-world example to work on.
Check out our new blog post on a research-driven look at software-only DRM. Explore how the Qiling emulation framework can be used to analyze Widevine and how Differential Fault Analysis (DFA) and emulation aid de-obfuscation.
▶️ Read more: neodyme.io/en/blog/widevine_…
1
2
534
This exploit chain is really nice, I'm already looking forward to a future blog post about it :)
22 Oct 2025
4
292
localo retweeted
23 Oct 2025
🖨️ Print victory! Team @Neodyme just hacked the @CanonUSA imageCLASS MF654Cdw at #Pwn2Own. They head off to the disclosure room once more to provide the details of their exploit. #P2OIreland
3
6
4,166
While our colleagues hack live at #Pwn2Own in Cork, take a look at our newly published last year's writeup on our blog: We compromised a QNAP router to take over a networked Canon printer.
▶️ Read the findings and how we got there: neodyme.io/en/blog/pwn2own-2…
1
5
12
886
This exploit was a lot of teamwork at Neodyme. @D_K_Dev dumped the flash, I built the tooling for reversing and wrote the exploit, @0x4d5aC spotted the bug, and Daniel, Florian, and Justin presented the whole thing on stage! I'm super happy that everything worked out in the end.
21 Oct 2025
Our first confirmation of #Pwn2Own Ireland is in! @Neodyme used a stack based buffer overflow to exploit the HP DeskJet 2855e. They earn $20,000 and 2 Master of Pwn points. #P2OIreland
5
160
At #Pwn2Own Ireland 2024, we successfully targeted the SOHO Smashup category. 🖨️
Starting with a QNAP QHora-322 NAS, we pivoted to the Canon imageCLASS MF656Cdw - and ended up with shellcode execution.
Read the full vulnerability deep dive here 👉 neodyme.io/en/blog/pwn2own-2…
2
17
72
4,991
From iframes and file reads to full RCE. 🔥
We found an HTML-to-PDF API allowing file reads and SSRF - then chained it into remote code execution via a Chromium 62 WebView exploit.
👉 Read the full write-up here: neodyme.io/en/blog/html_rend…
1
28
69
6,347
localo retweeted
8 Mar 2025
If you're a security researcher and in Germany, consider signing cysec-reform.jetzt/ . Decriminalizing research might not be the top political priority right now, but it's still important!
2
12
77
12,187
Here is a nix reversing challenge I created for this year's @C_S_C_G have fun :)
play.cscg.live/tasks/crackme…
The Cyber Security Challenge Germany 2025 has started! 🎉
The competition runs from March 1 - 18:00 CET to May 1 - 18:00 CEST.
We're excited to announce that we are inviting the top 6 DACH players in the EARTH category to the @DHM_ctf!
Participate now at: play.cscg.live/
3
452
localo retweeted
20 Jan 2025
Pwndbg 2025.01 is out! It adds official LLDB support including support for macOS and Mach-O binaries, improved performance, enhanced embedded debugging & many more!
Also, want to support us or buy us a coffee? See our GH sponsors: github.com/sponsors/pwndbg
github.com/pwndbg/pwndbg/rel…
48
184
24,843
Last year @stacksmashing presented the pico-sniffer, this year Thomas (infosec.exchange/@tlambertz) demonstrates a software-only attack that would make breaking Bitlocker even easier!
From startups to large companies, we've seen this setup used by many corporate clients in the wild. Here's why this is so difficult to fix and Microsoft has not changed the exploitable default settings yet:
neodyme.io/blog/bitlocker_wh…
3
12
5,334
💥When security software itself becomes a target! 💥
Learn how we've uncovered critical vulnerabilities in Wazuh, turning a powerful security tool into an unexpected attack vector.
👉 Read more about the findings: neodyme.io/en/blog/wazuh_rce…
7
13
1,444
Huge shout-out to @_Staubfinger and @0x4d5aC for pulling off this beauty! 🥳 🎉 The router chain is especially nice, watch out for some nice Blogpost once the bugs are fixed over at blog.neodyme.io 👀
23 Oct 2024
Our final SOHO Smashup of Day 2 ends with a partial collision. Neodyme (@Neodyme) used 4 bugs, including a stack-based buffer overflow, in their successful demonstration, but 1 bug had previously been used in the contest. They earn $21,875 and 8.75 Master of Pwn points. #Pwn2Own
3
29
6,811
This has been my first time writing an exploit for a printer, it was quite a fun challenge! Huge thanks to @thezdi for hosting the competition and @HP for the challenge.
22 Oct 2024
Confirmed! Team Neodyme (@Neodyme) used a stack-based buffer overflow to exploit the HP Color LaserJet Pro MFP 3301fdw printer. The earn $20,000 and 2 Master of Pwn points. #Pwn2Own #P2OIreland
1
53
3,163
localo retweeted
9 Jul 2024
Just had a really bad day today :(
Even though I finished 1st in the national cybersec qualifiers which supposedly auto qualifies me for the finals in Turin, the authorities told us that we won't be able to go to Turin to represent Malta in the European Cybersecurity Challenge.
7
6
68
10,263