Drones are hot - their security is not.
Here is how removed the NAND, dumped firmware, and reverse-engineered ECC on a consumer drone. Stay tuned for part 2!
neodyme.io/de/blog/dron...
Thanks to @thezdi.bsky.social for hosting yet another well-run and inspiring Pwn2Own edition!
Another amazing #Pwn2Own in the books! πͺ
Our team pulled off some great hacks:
π¨οΈ HP Printer β $20K / 2 MoP
π Home Assistant β $15K / 3 MoP
π Smart Plug β $20K / 2 MoP
πΈ Canon β $10K / 2 MoP
Total: $65K / 9 MoP
So proud of what we achieved together! π§ β‘
Verified! Team @neodyme.io used a single integer overflow to exploit the Canon imageCLASS MF654Cdw. Their unique bugs earns them $10,000 for the 8th round win and 2 Master of Pwn points. #Pwn2Own
Check out our new blog post on a research-driven look at software-only DRM. Explore how the Qiling emulation framework can be used to analyze Widevine and how Differential Fault Analysis (DFA) and emulation aid de-obfuscation.
βΆοΈ Read more: neodyme.io/en/blog/wide...
π¨οΈ Print victory! Team @neodyme.io just hacked the Canon imageCLASS MF654Cdw at #Pwn2Own. They head off to the disclosure room once more to provide the details of their exploit. #P2OIreland
Confirmed! Team @neodyme.io used three bugs to exploit the Amazon Smart plug. In doing so, they earn themselves $20,000 and 2 Master of Pwn points. #Pwn2Own
Success! We had a little configuration confusion, but Team Neodyme hopped for joy as their exploit of the Amazon Smart Plug was successful. Their attack went over Bluetooth & WiFI, so they used the RF enclosure. They head off to the disclosure room with details. #Pwn2Own
Shout-out to our colleagues at #Pwn2Own in Cork: www.youtube.com/watch?v=e20D...
π’ Confirmed: Team Neodyme used 2 bugs to exploit the Home Assistant Green, but only 1 was unique. They still earn $15,000 and 3 Master of Pwn points. #Pwn2Own
π Well that was quick. Team Neodyme needed only one second to demonstrate their exploit of the Home Automation Green. We know they took their time creating the exploit, but wasted no time showing it off. The head off to the disclosure room to dish the deets. #Pwn2Own
While our colleagues hack live at #Pwn2Own in Cork, take a look at our newly published last year's writeup on our blog: We compromised a QNAP router to take over a networked Canon printer.
βΆοΈ Read the findings and how we got there: neodyme.io/en/blog/pwn2...
Our first confirmation of #Pwn2Own Ireland is in! Team Neodyme used a stack based buffer overflow to exploit the HP DeskJet 2855e. They earn $20,000 and 2 Master of Pwn points. #P2OIreland
Heading to #hack_lu? π
Our colleague Felipe will discuss how partial emulation and DFA can be used to study a legacy version of Widevine L3, Google's software-based DRM.
β‘οΈ Dive into the past to strengthen future DRM security.
ποΈ Oct 23 at 2:15pm
2025.hack.lu/agenda/
β‘οΈ Lenovo DCC contained an easy-to-exploit LPE: a weak ACL bug β local privilege escalation β full admin π₯οΈπ¨βπ»
We break it down with reverse engineering, process tracing, & two exploit strategies. Read Part 1 of our deep dive: π neodyme.io/de/blog/leno...
βΆοΈ We built a proof-of-concept post-quantum FIDO authenticator. It's phishing- AND quantum-resistant.
β
οΈ Bonus: it even outperforms Google's prototype. π
Full write-up here: neodyme.io/en/blog/pqc-...
βοΈ Teamwork doesn't just happen at the desk. This week, our crew is in Mallorca, building ideas, strengthening bonds, and enjoying some well-deserved sunshine together. π΄
Great collaboration comes from trust, connection, and a shared good vibe β¨
Back from @blackhatevents.bsky.social & @defcon.bsky.social! π
Our colleagues delivered insightful trainings on crypto hacking and binary exploitation and got amazing feedback from the crowd π
Missed it? We offer tailored security trainings for companies too. Just reach out.
We reported a vulnerability in Parallels Client via the ZDI last year.
π₯ The issue (CVE-2025-6812) - now fixed: A privileged service searched for an OpenSSL config file in an unsecured location, enabling LPE.
β‘οΈ Advisory here: neodyme.io/en/advisorie...
βοΈ Patch your systems!
π§β¨ On our company retreat this week, we're diving into hardware and protocol hacking: fingerprint sensors, smart locks, drones and Bluetooth speakers. A great mix of hands-on research, creative exploration, and team bonding over board games! π²
π€At 4pm today at the "Festival der Zukunft", our colleagues dive into:
"Black Hat, White Hat, Cyberwar - Modern Attacks and Defense"
From hacking-as-a-service to cyberwarfare, discover how attacks are evolving and what it means for digital defense.
π΅οΈββοΈ Don't miss it!
Think your speech model is secure?
It might be quietly leaking what it was trained on.
In a new blog post, we explain membership inference attacks and why they matter for cyber security experts.
π neodyme.io/en/blog/memb...
Meet our colleagues at the "Festival der Zukunft" at Deutsches Museum in Munich. Don't miss our talk on July 3 at 4pm!
Check it out here: www.1e9.community/festival-der...
π Throwback to #Pwn2Own Toronto 2022: "Routers are just Linux boxes with antennas." So we treated one like it. At #Pwn2Own 2022, we turned a Netgear RAX30 into a stepping stone for a full LAN pivot. Story: neodyme.io/en/blog/pwn2...
Part 3 of our Riverguard series is out!
We're looking under the hood at the "fuzzcases" Riverguard uses to catch real-world bugs in Solana smart contracts.
Still shocked how often some of these pop up.
Check it out π neodyme.io/en/blog/rive...
Once again this year, a few colleagues couldnβt resist jumping into the HTB CTF to take on experts from around the world. π»
A great challenge with a wide range of categories.
The result: 1st place in π©πͺ and top 3 in πͺπΊ.
At #Pwn2Own Ireland 2024, we successfully targeted the SOHO Smashup category. π¨οΈ
Starting with a QNAP QHora-322 NAS, we pivoted to the Canon imageCLASS MF656Cdw - and ended up with shellcode execution.
Read the full vulnerability deep dive here π neodyme.io/en/blog/pwn2...
Day 2 at OffensiveCon has just started and our colleagues Kolja Grassmann and Alain RΓΆdel are right in the middle of it! π₯
Can't wait to hear the insights they bring back from some of the sharpest minds in offensive security. If you're there too, make sure to say hi!
From iframes and file reads to full RCE. π₯
We found an HTML-to-PDF API allowing file reads and SSRF - then chained it into remote code execution via a Chromium 62 WebView exploit.
π Read the full write-up here: neodyme.io/en/blog/html...
