Neodyme
@neodyme.io
We secure software with deep-dive audits, cutting-edge research, and in-depth trainings.
Another amazing #Pwn2Own in the books! 💪
Our team pulled off some great hacks:
🖨️ HP Printer — $20K / 2 MoP
🏠 Home Assistant — $15K / 3 MoP
🔌 Smart Plug — $20K / 2 MoP
📸 Canon — $10K / 2 MoP
Total: $65K / 9 MoP
So proud of what we achieved together! 🧠⚡
Our team pulled off some great hacks:
🖨️ HP Printer — $20K / 2 MoP
🏠 Home Assistant — $15K / 3 MoP
🔌 Smart Plug — $20K / 2 MoP
📸 Canon — $10K / 2 MoP
Total: $65K / 9 MoP
So proud of what we achieved together! 🧠⚡
October 23, 2025 at 4:42 PM
Another amazing #Pwn2Own in the books! 💪
Our team pulled off some great hacks:
🖨️ HP Printer — $20K / 2 MoP
🏠 Home Assistant — $15K / 3 MoP
🔌 Smart Plug — $20K / 2 MoP
📸 Canon — $10K / 2 MoP
Total: $65K / 9 MoP
So proud of what we achieved together! 🧠⚡
Our team pulled off some great hacks:
🖨️ HP Printer — $20K / 2 MoP
🏠 Home Assistant — $15K / 3 MoP
🔌 Smart Plug — $20K / 2 MoP
📸 Canon — $10K / 2 MoP
Total: $65K / 9 MoP
So proud of what we achieved together! 🧠⚡
Reposted by Neodyme
Verified! Team @neodyme.io used a single integer overflow to exploit the Canon imageCLASS MF654Cdw. Their unique bugs earns them $10,000 for the 8th round win and 2 Master of Pwn points. #Pwn2Own
October 23, 2025 at 1:56 PM
Verified! Team @neodyme.io used a single integer overflow to exploit the Canon imageCLASS MF654Cdw. Their unique bugs earns them $10,000 for the 8th round win and 2 Master of Pwn points. #Pwn2Own
Check out our new blog post on a research-driven look at software-only DRM. Explore how the Qiling emulation framework can be used to analyze Widevine and how Differential Fault Analysis (DFA) and emulation aid de-obfuscation.
▶️ Read more: neodyme.io/en/blog/wide...
▶️ Read more: neodyme.io/en/blog/wide...
Diving into the depths of Widevine L3
This post explores various approaches to attacking Widevine L3, a DRM system commonly used by streaming services. We analyzed the Android library and instrumented it dynamically to extract the keybox ...
neodyme.io
October 23, 2025 at 12:12 PM
Check out our new blog post on a research-driven look at software-only DRM. Explore how the Qiling emulation framework can be used to analyze Widevine and how Differential Fault Analysis (DFA) and emulation aid de-obfuscation.
▶️ Read more: neodyme.io/en/blog/wide...
▶️ Read more: neodyme.io/en/blog/wide...
Reposted by Neodyme
🖨️ Print victory! Team @neodyme.io just hacked the Canon imageCLASS MF654Cdw at #Pwn2Own. They head off to the disclosure room once more to provide the details of their exploit. #P2OIreland
October 23, 2025 at 11:36 AM
🖨️ Print victory! Team @neodyme.io just hacked the Canon imageCLASS MF654Cdw at #Pwn2Own. They head off to the disclosure room once more to provide the details of their exploit. #P2OIreland
Reposted by Neodyme
Confirmed! Team @neodyme.io used three bugs to exploit the Amazon Smart plug. In doing so, they earn themselves $20,000 and 2 Master of Pwn points. #Pwn2Own
October 22, 2025 at 5:15 PM
Confirmed! Team @neodyme.io used three bugs to exploit the Amazon Smart plug. In doing so, they earn themselves $20,000 and 2 Master of Pwn points. #Pwn2Own
Reposted by Neodyme
Success! We had a little configuration confusion, but Team Neodyme hopped for joy as their exploit of the Amazon Smart Plug was successful. Their attack went over Bluetooth & WiFI, so they used the RF enclosure. They head off to the disclosure room with details. #Pwn2Own
October 22, 2025 at 2:45 PM
Success! We had a little configuration confusion, but Team Neodyme hopped for joy as their exploit of the Amazon Smart Plug was successful. Their attack went over Bluetooth & WiFI, so they used the RF enclosure. They head off to the disclosure room with details. #Pwn2Own
Shout-out to our colleagues at #Pwn2Own in Cork: www.youtube.com/watch?v=e20D...
From Pwn2Own Ireland 2025: NEODYME VS HP
YouTube video by Trend Zero Day Initiative
www.youtube.com
October 22, 2025 at 1:23 PM
Shout-out to our colleagues at #Pwn2Own in Cork: www.youtube.com/watch?v=e20D...
Reposted by Neodyme
📢 Confirmed: Team Neodyme used 2 bugs to exploit the Home Assistant Green, but only 1 was unique. They still earn $15,000 and 3 Master of Pwn points. #Pwn2Own
October 22, 2025 at 12:21 PM
📢 Confirmed: Team Neodyme used 2 bugs to exploit the Home Assistant Green, but only 1 was unique. They still earn $15,000 and 3 Master of Pwn points. #Pwn2Own
Reposted by Neodyme
🏠 Well that was quick. Team Neodyme needed only one second to demonstrate their exploit of the Home Automation Green. We know they took their time creating the exploit, but wasted no time showing it off. The head off to the disclosure room to dish the deets. #Pwn2Own
October 22, 2025 at 10:46 AM
🏠 Well that was quick. Team Neodyme needed only one second to demonstrate their exploit of the Home Automation Green. We know they took their time creating the exploit, but wasted no time showing it off. The head off to the disclosure room to dish the deets. #Pwn2Own
While our colleagues hack live at #Pwn2Own in Cork, take a look at our newly published last year's writeup on our blog: We compromised a QNAP router to take over a networked Canon printer.
▶️ Read the findings and how we got there: neodyme.io/en/blog/pwn2...
▶️ Read the findings and how we got there: neodyme.io/en/blog/pwn2...
Pwn2Own Ireland 2024: QNAP Qhora-322
In 2024, we competed as team Neodyme in the Pwn2Own Ireland contest, targeting the "SOHO Smashup" category and all available printers. For our entry, we focused on the QNAP QHora-322 router, successfu...
neodyme.io
October 21, 2025 at 12:41 PM
While our colleagues hack live at #Pwn2Own in Cork, take a look at our newly published last year's writeup on our blog: We compromised a QNAP router to take over a networked Canon printer.
▶️ Read the findings and how we got there: neodyme.io/en/blog/pwn2...
▶️ Read the findings and how we got there: neodyme.io/en/blog/pwn2...
Reposted by Neodyme
Our first confirmation of #Pwn2Own Ireland is in! Team Neodyme used a stack based buffer overflow to exploit the HP DeskJet 2855e. They earn $20,000 and 2 Master of Pwn points. #P2OIreland
October 21, 2025 at 9:21 AM
Our first confirmation of #Pwn2Own Ireland is in! Team Neodyme used a stack based buffer overflow to exploit the HP DeskJet 2855e. They earn $20,000 and 2 Master of Pwn points. #P2OIreland
Heading to #hack_lu? 🔐
Our colleague Felipe will discuss how partial emulation and DFA can be used to study a legacy version of Widevine L3, Google's software-based DRM.
➡️ Dive into the past to strengthen future DRM security.
🗓️ Oct 23 at 2:15pm
2025.hack.lu/agenda/
Our colleague Felipe will discuss how partial emulation and DFA can be used to study a legacy version of Widevine L3, Google's software-based DRM.
➡️ Dive into the past to strengthen future DRM security.
🗓️ Oct 23 at 2:15pm
2025.hack.lu/agenda/
Agenda
Agenda - Hack.lu and CTI summit 2025
2025.hack.lu
October 17, 2025 at 3:53 PM
Heading to #hack_lu? 🔐
Our colleague Felipe will discuss how partial emulation and DFA can be used to study a legacy version of Widevine L3, Google's software-based DRM.
➡️ Dive into the past to strengthen future DRM security.
🗓️ Oct 23 at 2:15pm
2025.hack.lu/agenda/
Our colleague Felipe will discuss how partial emulation and DFA can be used to study a legacy version of Widevine L3, Google's software-based DRM.
➡️ Dive into the past to strengthen future DRM security.
🗓️ Oct 23 at 2:15pm
2025.hack.lu/agenda/
⚡️ Lenovo DCC contained an easy-to-exploit LPE: a weak ACL bug → local privilege escalation → full admin 🖥️👨💻
We break it down with reverse engineering, process tracing, & two exploit strategies. Read Part 1 of our deep dive: 👉 neodyme.io/de/blog/leno...
We break it down with reverse engineering, process tracing, & two exploit strategies. Read Part 1 of our deep dive: 👉 neodyme.io/de/blog/leno...
Lenovo DCC: Part 1 - A simple ACL Exploit
The Lenovo Display Control Center (DCC), widely deployed in Windows enterprise environments, contained a critical local privilege escalation vulnerability enabling unauthorized elevation to administra...
neodyme.io
October 1, 2025 at 2:28 PM
⚡️ Lenovo DCC contained an easy-to-exploit LPE: a weak ACL bug → local privilege escalation → full admin 🖥️👨💻
We break it down with reverse engineering, process tracing, & two exploit strategies. Read Part 1 of our deep dive: 👉 neodyme.io/de/blog/leno...
We break it down with reverse engineering, process tracing, & two exploit strategies. Read Part 1 of our deep dive: 👉 neodyme.io/de/blog/leno...
▶️ We built a proof-of-concept post-quantum FIDO authenticator. It's phishing- AND quantum-resistant.
✅️ Bonus: it even outperforms Google's prototype. 👀
Full write-up here: neodyme.io/en/blog/pqc-...
✅️ Bonus: it even outperforms Google's prototype. 👀
Full write-up here: neodyme.io/en/blog/pqc-...
Building Our Own Post-Quantum FIDO Token
We have built our own FIDO2 token based on post-quantum crypto. Here is how.
neodyme.io
September 16, 2025 at 1:46 PM
▶️ We built a proof-of-concept post-quantum FIDO authenticator. It's phishing- AND quantum-resistant.
✅️ Bonus: it even outperforms Google's prototype. 👀
Full write-up here: neodyme.io/en/blog/pqc-...
✅️ Bonus: it even outperforms Google's prototype. 👀
Full write-up here: neodyme.io/en/blog/pqc-...
☀️ Teamwork doesn't just happen at the desk. This week, our crew is in Mallorca, building ideas, strengthening bonds, and enjoying some well-deserved sunshine together. 🌴
Great collaboration comes from trust, connection, and a shared good vibe ✨
Great collaboration comes from trust, connection, and a shared good vibe ✨
September 5, 2025 at 3:20 PM
☀️ Teamwork doesn't just happen at the desk. This week, our crew is in Mallorca, building ideas, strengthening bonds, and enjoying some well-deserved sunshine together. 🌴
Great collaboration comes from trust, connection, and a shared good vibe ✨
Great collaboration comes from trust, connection, and a shared good vibe ✨
Back from @blackhatevents.bsky.social & @defcon.bsky.social! 🎉
Our colleagues delivered insightful trainings on crypto hacking and binary exploitation and got amazing feedback from the crowd 🙌
Missed it? We offer tailored security trainings for companies too. Just reach out.
Our colleagues delivered insightful trainings on crypto hacking and binary exploitation and got amazing feedback from the crowd 🙌
Missed it? We offer tailored security trainings for companies too. Just reach out.
August 13, 2025 at 7:04 AM
Back from @blackhatevents.bsky.social & @defcon.bsky.social! 🎉
Our colleagues delivered insightful trainings on crypto hacking and binary exploitation and got amazing feedback from the crowd 🙌
Missed it? We offer tailored security trainings for companies too. Just reach out.
Our colleagues delivered insightful trainings on crypto hacking and binary exploitation and got amazing feedback from the crowd 🙌
Missed it? We offer tailored security trainings for companies too. Just reach out.
We reported a vulnerability in Parallels Client via the ZDI last year.
🔥 The issue (CVE-2025-6812) - now fixed: A privileged service searched for an OpenSSL config file in an unsecured location, enabling LPE.
➡️ Advisory here: neodyme.io/en/advisorie...
☂️ Patch your systems!
🔥 The issue (CVE-2025-6812) - now fixed: A privileged service searched for an OpenSSL config file in an unsecured location, enabling LPE.
➡️ Advisory here: neodyme.io/en/advisorie...
☂️ Patch your systems!
CVE-2025-6812 ‒ Parallels Client Local Privilege Escalation Vulnerability
The AppServer service installed with Parallel Client searches for an OpenSSL config file in an unsecured location, which allowed low privileged users to escalate their privileges.
neodyme.io
July 25, 2025 at 9:01 AM
We reported a vulnerability in Parallels Client via the ZDI last year.
🔥 The issue (CVE-2025-6812) - now fixed: A privileged service searched for an OpenSSL config file in an unsecured location, enabling LPE.
➡️ Advisory here: neodyme.io/en/advisorie...
☂️ Patch your systems!
🔥 The issue (CVE-2025-6812) - now fixed: A privileged service searched for an OpenSSL config file in an unsecured location, enabling LPE.
➡️ Advisory here: neodyme.io/en/advisorie...
☂️ Patch your systems!
🔧✨ On our company retreat this week, we're diving into hardware and protocol hacking: fingerprint sensors, smart locks, drones and Bluetooth speakers. A great mix of hands-on research, creative exploration, and team bonding over board games! 🎲
July 10, 2025 at 10:08 AM
🔧✨ On our company retreat this week, we're diving into hardware and protocol hacking: fingerprint sensors, smart locks, drones and Bluetooth speakers. A great mix of hands-on research, creative exploration, and team bonding over board games! 🎲
🎤At 4pm today at the "Festival der Zukunft", our colleagues dive into:
"Black Hat, White Hat, Cyberwar - Modern Attacks and Defense"
From hacking-as-a-service to cyberwarfare, discover how attacks are evolving and what it means for digital defense.
🕵️♀️ Don't miss it!
"Black Hat, White Hat, Cyberwar - Modern Attacks and Defense"
From hacking-as-a-service to cyberwarfare, discover how attacks are evolving and what it means for digital defense.
🕵️♀️ Don't miss it!
July 3, 2025 at 7:47 AM
🎤At 4pm today at the "Festival der Zukunft", our colleagues dive into:
"Black Hat, White Hat, Cyberwar - Modern Attacks and Defense"
From hacking-as-a-service to cyberwarfare, discover how attacks are evolving and what it means for digital defense.
🕵️♀️ Don't miss it!
"Black Hat, White Hat, Cyberwar - Modern Attacks and Defense"
From hacking-as-a-service to cyberwarfare, discover how attacks are evolving and what it means for digital defense.
🕵️♀️ Don't miss it!
Think your speech model is secure?
It might be quietly leaking what it was trained on.
In a new blog post, we explain membership inference attacks and why they matter for cyber security experts.
🔗 neodyme.io/en/blog/memb...
It might be quietly leaking what it was trained on.
In a new blog post, we explain membership inference attacks and why they matter for cyber security experts.
🔗 neodyme.io/en/blog/memb...
Did You Train on My Voice? Exploring Privacy Risks in ASR
This post explores a recent research paper on membership inference attacks targeting Automatic Speech Recognition (ASR) models. It breaks down how subtle signals like input perturbation and model loss...
neodyme.io
July 2, 2025 at 2:03 PM
Think your speech model is secure?
It might be quietly leaking what it was trained on.
In a new blog post, we explain membership inference attacks and why they matter for cyber security experts.
🔗 neodyme.io/en/blog/memb...
It might be quietly leaking what it was trained on.
In a new blog post, we explain membership inference attacks and why they matter for cyber security experts.
🔗 neodyme.io/en/blog/memb...
Meet our colleagues at the "Festival der Zukunft" at Deutsches Museum in Munich. Don't miss our talk on July 3 at 4pm!
Check it out here: www.1e9.community/festival-der...
Check it out here: www.1e9.community/festival-der...
June 23, 2025 at 10:40 AM
Meet our colleagues at the "Festival der Zukunft" at Deutsches Museum in Munich. Don't miss our talk on July 3 at 4pm!
Check it out here: www.1e9.community/festival-der...
Check it out here: www.1e9.community/festival-der...
🏆 Throwback to #Pwn2Own Toronto 2022: "Routers are just Linux boxes with antennas." So we treated one like it. At #Pwn2Own 2022, we turned a Netgear RAX30 into a stepping stone for a full LAN pivot. Story: neodyme.io/en/blog/pwn2...
Your router might be a security nightmare: Tales from Pwn2Own Toronto 2022
Three years ago, Neodyme took aim the "SOHO Smashup" category at Pwn2Own Toronto 2022, targeting a Netgear RAX30 router and an HP M479fdw printer. We successfully gained remote code execution on both ...
neodyme.io
June 6, 2025 at 4:08 PM
🏆 Throwback to #Pwn2Own Toronto 2022: "Routers are just Linux boxes with antennas." So we treated one like it. At #Pwn2Own 2022, we turned a Netgear RAX30 into a stepping stone for a full LAN pivot. Story: neodyme.io/en/blog/pwn2...
Part 3 of our Riverguard series is out!
We're looking under the hood at the "fuzzcases" Riverguard uses to catch real-world bugs in Solana smart contracts.
Still shocked how often some of these pop up.
Check it out 👉 neodyme.io/en/blog/rive...
We're looking under the hood at the "fuzzcases" Riverguard uses to catch real-world bugs in Solana smart contracts.
Still shocked how often some of these pop up.
Check it out 👉 neodyme.io/en/blog/rive...
Riverguard: Mutation Rules for Finding Vulnerabilities
Riverguard, the first line of defense for all Solana contracts
neodyme.io
May 28, 2025 at 3:13 PM
Part 3 of our Riverguard series is out!
We're looking under the hood at the "fuzzcases" Riverguard uses to catch real-world bugs in Solana smart contracts.
Still shocked how often some of these pop up.
Check it out 👉 neodyme.io/en/blog/rive...
We're looking under the hood at the "fuzzcases" Riverguard uses to catch real-world bugs in Solana smart contracts.
Still shocked how often some of these pop up.
Check it out 👉 neodyme.io/en/blog/rive...
Once again this year, a few colleagues couldn’t resist jumping into the HTB CTF to take on experts from around the world. 💻
A great challenge with a wide range of categories.
The result: 1st place in 🇩🇪 and top 3 in 🇪🇺.
A great challenge with a wide range of categories.
The result: 1st place in 🇩🇪 and top 3 in 🇪🇺.
May 28, 2025 at 10:39 AM
Once again this year, a few colleagues couldn’t resist jumping into the HTB CTF to take on experts from around the world. 💻
A great challenge with a wide range of categories.
The result: 1st place in 🇩🇪 and top 3 in 🇪🇺.
A great challenge with a wide range of categories.
The result: 1st place in 🇩🇪 and top 3 in 🇪🇺.
At #Pwn2Own Ireland 2024, we successfully targeted the SOHO Smashup category. 🖨️
Starting with a QNAP QHora-322 NAS, we pivoted to the Canon imageCLASS MF656Cdw - and ended up with shellcode execution.
Read the full vulnerability deep dive here 👉 neodyme.io/en/blog/pwn2...
Starting with a QNAP QHora-322 NAS, we pivoted to the Canon imageCLASS MF656Cdw - and ended up with shellcode execution.
Read the full vulnerability deep dive here 👉 neodyme.io/en/blog/pwn2...
Pwn2Own Ireland 2024: Canon imageCLASS MF656Cdw
This blogpost starts a series about various exploits at Pwn2Own 2024 Ireland (Cork). This and the upcoming posts will detail our research methodology and journey in exploiting different devices. We st...
neodyme.io
May 22, 2025 at 11:06 AM
At #Pwn2Own Ireland 2024, we successfully targeted the SOHO Smashup category. 🖨️
Starting with a QNAP QHora-322 NAS, we pivoted to the Canon imageCLASS MF656Cdw - and ended up with shellcode execution.
Read the full vulnerability deep dive here 👉 neodyme.io/en/blog/pwn2...
Starting with a QNAP QHora-322 NAS, we pivoted to the Canon imageCLASS MF656Cdw - and ended up with shellcode execution.
Read the full vulnerability deep dive here 👉 neodyme.io/en/blog/pwn2...