We secure software with deep-dive audits, cutting-edge research, and in-depth trainings. https://bsky.app/profile/neodyme.iohttps://bsky.app/profile/neodyme.io/post/3mhs7m5y2tk2bNew blog post 🚨 We're diving deeper into a privilege escalation issue (CVE-2024-476) in Lenovo Display Control Center used across Windows enterprise environments. 👉 Read the full breakdown: https://neodyme.io/en/blog/lenovo_dcc_lpe_fwupdate/24 Mar 2026 09:01 +0000at://did:plc:gov5lfrt3wf5dbbperqns6hq/app.bsky.feed.post/3mhs7m5y2tk2bhttps://bsky.app/profile/neodyme.io/post/3mcf27igldc2cDrones are hot - their security is not. Here is how removed the NAND, dumped firmware, and reverse-engineered ECC on a consumer drone. Stay tuned for part 2! https://neodyme.io/de/blog/drone_hacking_part_1/14 Jan 2026 12:13 +0000at://did:plc:gov5lfrt3wf5dbbperqns6hq/app.bsky.feed.post/3mcf27igldc2chttps://bsky.app/profile/neodyme.io/post/3m3usj2xo3k2nAnother amazing #Pwn2Own in the books! 💪 Our team pulled off some great hacks: 🖨️ HP Printer — $20K / 2 MoP 🏠 Home Assistant — $15K / 3 MoP 🔌 Smart Plug — $20K / 2 MoP 📸 Canon — $10K / 2 MoP Total: $65K / 9 MoP So proud of what we achieved together! 🧠⚡23 Oct 2025 16:42 +0000at://did:plc:gov5lfrt3wf5dbbperqns6hq/app.bsky.feed.post/3m3usj2xo3k2nhttps://bsky.app/profile/neodyme.io/post/3m3udhaakm22nCheck out our new blog post on a research-driven look at software-only DRM. Explore how the Qiling emulation framework can be used to analyze Widevine and how Differential Fault Analysis (DFA) and emulation aid de-obfuscation. ▶️ Read more: https://neodyme.io/en/blog/widevine_l3/23 Oct 2025 12:12 +0000at://did:plc:gov5lfrt3wf5dbbperqns6hq/app.bsky.feed.post/3m3udhaakm22nhttps://bsky.app/profile/neodyme.io/post/3m3rwx3wpyk2nShout-out to our colleagues at #Pwn2Own in Cork: https://www.youtube.com/watch?v=e20DqdnaX5M22 Oct 2025 13:23 +0000at://did:plc:gov5lfrt3wf5dbbperqns6hq/app.bsky.feed.post/3m3rwx3wpyk2nhttps://bsky.app/profile/neodyme.io/post/3m3pe3iyrls2nWhile our colleagues hack live at #Pwn2Own in Cork, take a look at our newly published last year's writeup on our blog: We compromised a QNAP router to take over a networked Canon printer. ▶️ Read the findings and how we got there: https://neodyme.io/en/blog/pwn2own-2024_qhora/21 Oct 2025 12:40 +0000at://did:plc:gov5lfrt3wf5dbbperqns6hq/app.bsky.feed.post/3m3pe3iyrls2nhttps://bsky.app/profile/neodyme.io/post/3m3fmxzvaj22pHeading to #hack_lu? 🔐 Our colleague Felipe will discuss how partial emulation and DFA can be used to study a legacy version of Widevine L3, Google's software-based DRM. ➡️ Dive into the past to strengthen future DRM security. 🗓️ Oct 23 at 2:15pm 2025.hack.lu/agenda/ https://2025.hack.lu/agenda/17 Oct 2025 15:53 +0000at://did:plc:gov5lfrt3wf5dbbperqns6hq/app.bsky.feed.post/3m3fmxzvaj22phttps://bsky.app/profile/neodyme.io/post/3m25aqk67hs2y⚡️ Lenovo DCC contained an easy-to-exploit LPE: a weak ACL bug → local privilege escalation → full admin 🖥️👨‍💻 We break it down with reverse engineering, process tracing, & two exploit strategies. Read Part 1 of our deep dive: 👉 https://neodyme.io/de/blog/lenovo_dcc_lpe_logic/01 Oct 2025 14:28 +0000at://did:plc:gov5lfrt3wf5dbbperqns6hq/app.bsky.feed.post/3m25aqk67hs2yhttps://bsky.app/profile/neodyme.io/post/3lyxhfuelrk2f▶️ We built a proof-of-concept post-quantum FIDO authenticator. It's phishing- AND quantum-resistant. ✅️ Bonus: it even outperforms Google's prototype. 👀 Full write-up here: https://neodyme.io/en/blog/pqc-fido/16 Sep 2025 13:46 +0000at://did:plc:gov5lfrt3wf5dbbperqns6hq/app.bsky.feed.post/3lyxhfuelrk2fhttps://bsky.app/profile/neodyme.io/post/3ly3xjwscic2s☀️ Teamwork doesn't just happen at the desk. This week, our crew is in Mallorca, building ideas, strengthening bonds, and enjoying some well-deserved sunshine together. 🌴 Great collaboration comes from trust, connection, and a shared good vibe ✨05 Sep 2025 15:20 +0000at://did:plc:gov5lfrt3wf5dbbperqns6hq/app.bsky.feed.post/3ly3xjwscic2shttps://bsky.app/profile/neodyme.io/post/3lwbb4qlsz22cBack from @blackhatevents.bsky.social & @defcon.bsky.social! 🎉 Our colleagues delivered insightful trainings on crypto hacking and binary exploitation and got amazing feedback from the crowd 🙌 Missed it? We offer tailored security trainings for companies too. Just reach out.13 Aug 2025 07:04 +0000at://did:plc:gov5lfrt3wf5dbbperqns6hq/app.bsky.feed.post/3lwbb4qlsz22chttps://bsky.app/profile/neodyme.io/post/3lurorz42sk2nWe reported a vulnerability in Parallels Client via the ZDI last year. 🔥 The issue (CVE-2025-6812) - now fixed: A privileged service searched for an OpenSSL config file in an unsecured location, enabling LPE. ➡️ Advisory here: https://neodyme.io/en/advisories/cve-2025-6812/ ☂️ Patch your systems!25 Jul 2025 09:01 +0000at://did:plc:gov5lfrt3wf5dbbperqns6hq/app.bsky.feed.post/3lurorz42sk2nhttps://bsky.app/profile/neodyme.io/post/3ltm3kppjvs2t🔧✨ On our company retreat this week, we're diving into hardware and protocol hacking: fingerprint sensors, smart locks, drones and Bluetooth speakers. A great mix of hands-on research, creative exploration, and team bonding over board games! 🎲10 Jul 2025 10:08 +0000at://did:plc:gov5lfrt3wf5dbbperqns6hq/app.bsky.feed.post/3ltm3kppjvs2thttps://bsky.app/profile/neodyme.io/post/3lt2aeuimgs2a🎤At 4pm today at the "Festival der Zukunft", our colleagues dive into: "Black Hat, White Hat, Cyberwar - Modern Attacks and Defense" From hacking-as-a-service to cyberwarfare, discover how attacks are evolving and what it means for digital defense. 🕵️‍♀️ Don't miss it!03 Jul 2025 07:47 +0000at://did:plc:gov5lfrt3wf5dbbperqns6hq/app.bsky.feed.post/3lt2aeuimgs2ahttps://bsky.app/profile/neodyme.io/post/3lsyex535bc2nThink your speech model is secure? It might be quietly leaking what it was trained on. In a new blog post, we explain membership inference attacks and why they matter for cyber security experts. 🔗 https://neodyme.io/en/blog/membership_inference/02 Jul 2025 14:03 +0000at://did:plc:gov5lfrt3wf5dbbperqns6hq/app.bsky.feed.post/3lsyex535bc2nhttps://bsky.app/profile/neodyme.io/post/3lsbfeomb6c2nMeet our colleagues at the "Festival der Zukunft" at Deutsches Museum in Munich. Don't miss our talk on July 3 at 4pm! Check it out here: https://www.1e9.community/festival-der-zukunft/programm/2025/black-hat-white-hat-cyberwar-the-dark-side-of-the-net23 Jun 2025 10:39 +0000at://did:plc:gov5lfrt3wf5dbbperqns6hq/app.bsky.feed.post/3lsbfeomb6c2nhttps://bsky.app/profile/neodyme.io/post/3lqx7syzya22y🏆 Throwback to #Pwn2Own Toronto 2022: "Routers are just Linux boxes with antennas." So we treated one like it. At #Pwn2Own 2022, we turned a Netgear RAX30 into a stepping stone for a full LAN pivot. Story: https://neodyme.io/en/blog/pwn2own-2022_router_rce/06 Jun 2025 16:08 +0000at://did:plc:gov5lfrt3wf5dbbperqns6hq/app.bsky.feed.post/3lqx7syzya22yhttps://bsky.app/profile/neodyme.io/post/3lqaiklstpc2nPart 3 of our Riverguard series is out! We're looking under the hood at the "fuzzcases" Riverguard uses to catch real-world bugs in Solana smart contracts. Still shocked how often some of these pop up. Check it out 👉 https://neodyme.io/en/blog/riverguard_3_fuzzcases/28 May 2025 15:13 +0000at://did:plc:gov5lfrt3wf5dbbperqns6hq/app.bsky.feed.post/3lqaiklstpc2nhttps://bsky.app/profile/neodyme.io/post/3lq7zagau3c2nOnce again this year, a few colleagues couldn’t resist jumping into the HTB CTF to take on experts from around the world. 💻 A great challenge with a wide range of categories. The result: 1st place in 🇩🇪 and top 3 in 🇪🇺.28 May 2025 10:39 +0000at://did:plc:gov5lfrt3wf5dbbperqns6hq/app.bsky.feed.post/3lq7zagau3c2nhttps://bsky.app/profile/neodyme.io/post/3lpqxxdumu22fAt #Pwn2Own Ireland 2024, we successfully targeted the SOHO Smashup category. 🖨️ Starting with a QNAP QHora-322 NAS, we pivoted to the Canon imageCLASS MF656Cdw - and ended up with shellcode execution. Read the full vulnerability deep dive here 👉 https://neodyme.io/en/blog/pwn2own-2024_canon_rce/22 May 2025 11:06 +0000at://did:plc:gov5lfrt3wf5dbbperqns6hq/app.bsky.feed.post/3lpqxxdumu22fhttps://bsky.app/profile/neodyme.io/post/3lpe5xlvcks2iDay 2 at OffensiveCon has just started and our colleagues Kolja Grassmann and Alain Rödel are right in the middle of it! 🔥 Can't wait to hear the insights they bring back from some of the sharpest minds in offensive security. If you're there too, make sure to say hi!17 May 2025 08:49 +0000at://did:plc:gov5lfrt3wf5dbbperqns6hq/app.bsky.feed.post/3lpe5xlvcks2ihttps://bsky.app/profile/neodyme.io/post/3lo6ogbgxns2nFrom iframes and file reads to full RCE. 🔥 We found an HTML-to-PDF API allowing file reads and SSRF - then chained it into remote code execution via a Chromium 62 WebView exploit. 👉 Read the full write-up here: https://neodyme.io/en/blog/html_renderer_to_rce/02 May 2025 11:03 +0000at://did:plc:gov5lfrt3wf5dbbperqns6hq/app.bsky.feed.post/3lo6ogbgxns2nhttps://bsky.app/profile/neodyme.io/post/3lnwsexnods2bInterested in learning about Windows exploitation? This August, join us in Las Vegas for an intensive, hands-on 4-day DEFCON training: Binary Exploitation on Windows, led by Felipe and Kolja! 🗓️ When: August 9–12, 2025 📍 Where: Las Vegas Convention Center29 Apr 2025 07:52 +0000at://did:plc:gov5lfrt3wf5dbbperqns6hq/app.bsky.feed.post/3lnwsexnods2b