@k0lj4.bsky.social
Reposted
Think your speech model is secure?
It might be quietly leaking what it was trained on.
In a new blog post, we explain membership inference attacks and why they matter for cyber security experts.
🔗 neodyme.io/en/blog/memb...
It might be quietly leaking what it was trained on.
In a new blog post, we explain membership inference attacks and why they matter for cyber security experts.
🔗 neodyme.io/en/blog/memb...
Did You Train on My Voice? Exploring Privacy Risks in ASR
This post explores a recent research paper on membership inference attacks targeting Automatic Speech Recognition (ASR) models. It breaks down how subtle signals like input perturbation and model loss...
neodyme.io
July 2, 2025 at 2:03 PM
Think your speech model is secure?
It might be quietly leaking what it was trained on.
In a new blog post, we explain membership inference attacks and why they matter for cyber security experts.
🔗 neodyme.io/en/blog/memb...
It might be quietly leaking what it was trained on.
In a new blog post, we explain membership inference attacks and why they matter for cyber security experts.
🔗 neodyme.io/en/blog/memb...
Reposted
🏆 Throwback to #Pwn2Own Toronto 2022: "Routers are just Linux boxes with antennas." So we treated one like it. At #Pwn2Own 2022, we turned a Netgear RAX30 into a stepping stone for a full LAN pivot. Story: neodyme.io/en/blog/pwn2...
Your router might be a security nightmare: Tales from Pwn2Own Toronto 2022
Three years ago, Neodyme took aim the "SOHO Smashup" category at Pwn2Own Toronto 2022, targeting a Netgear RAX30 router and an HP M479fdw printer. We successfully gained remote code execution on both ...
neodyme.io
June 6, 2025 at 4:08 PM
🏆 Throwback to #Pwn2Own Toronto 2022: "Routers are just Linux boxes with antennas." So we treated one like it. At #Pwn2Own 2022, we turned a Netgear RAX30 into a stepping stone for a full LAN pivot. Story: neodyme.io/en/blog/pwn2...
Reposted
At #Pwn2Own Ireland 2024, we successfully targeted the SOHO Smashup category. 🖨️
Starting with a QNAP QHora-322 NAS, we pivoted to the Canon imageCLASS MF656Cdw - and ended up with shellcode execution.
Read the full vulnerability deep dive here 👉 neodyme.io/en/blog/pwn2...
Starting with a QNAP QHora-322 NAS, we pivoted to the Canon imageCLASS MF656Cdw - and ended up with shellcode execution.
Read the full vulnerability deep dive here 👉 neodyme.io/en/blog/pwn2...
Pwn2Own Ireland 2024: Canon imageCLASS MF656Cdw
This blogpost starts a series about various exploits at Pwn2Own 2024 Ireland (Cork). This and the upcoming posts will detail our research methodology and journey in exploiting different devices. We st...
neodyme.io
May 22, 2025 at 11:06 AM
At #Pwn2Own Ireland 2024, we successfully targeted the SOHO Smashup category. 🖨️
Starting with a QNAP QHora-322 NAS, we pivoted to the Canon imageCLASS MF656Cdw - and ended up with shellcode execution.
Read the full vulnerability deep dive here 👉 neodyme.io/en/blog/pwn2...
Starting with a QNAP QHora-322 NAS, we pivoted to the Canon imageCLASS MF656Cdw - and ended up with shellcode execution.
Read the full vulnerability deep dive here 👉 neodyme.io/en/blog/pwn2...
Reposted
🔎 Digging deeper into COM hijacking!
In Part 3, we explore two new vulnerabilities:
🗑️ Webroot Endpoint Protect (CVE-2023-7241) – SYSTEM via arbitrary file deletion
📥 Checkpoint Harmony (CVE-2024-24912) – SYSTEM via a file download primitive
Read more: neodyme.io/en/blog/com_...
In Part 3, we explore two new vulnerabilities:
🗑️ Webroot Endpoint Protect (CVE-2023-7241) – SYSTEM via arbitrary file deletion
📥 Checkpoint Harmony (CVE-2024-24912) – SYSTEM via a file download primitive
Read more: neodyme.io/en/blog/com_...
The Key to COMpromise - Downloading a SYSTEM shell, Part 3
In this series of blog posts, we cover how we could exploit five reputable security products to gain SYSTEM privileges with COM hijacking. If you've never heard of this, no worries. We introduce all r...
neodyme.io
February 12, 2025 at 3:10 PM
🔎 Digging deeper into COM hijacking!
In Part 3, we explore two new vulnerabilities:
🗑️ Webroot Endpoint Protect (CVE-2023-7241) – SYSTEM via arbitrary file deletion
📥 Checkpoint Harmony (CVE-2024-24912) – SYSTEM via a file download primitive
Read more: neodyme.io/en/blog/com_...
In Part 3, we explore two new vulnerabilities:
🗑️ Webroot Endpoint Protect (CVE-2023-7241) – SYSTEM via arbitrary file deletion
📥 Checkpoint Harmony (CVE-2024-24912) – SYSTEM via a file download primitive
Read more: neodyme.io/en/blog/com_...
Reposted
🪝Introducing HyperHook! 🪝
A harnessing framework for snapshot-based #fuzzing using Nyx. ⚒️
HyperHook simplifies guest-to-host communication & automates repetitive tasks, making snapshot-fuzzing easier & more efficient!
🔗 Read more: neodyme.io/en/blog/hype...
A harnessing framework for snapshot-based #fuzzing using Nyx. ⚒️
HyperHook simplifies guest-to-host communication & automates repetitive tasks, making snapshot-fuzzing easier & more efficient!
🔗 Read more: neodyme.io/en/blog/hype...
Introducing HyperHook: A harnessing framework for Nyx
In this post, we introduce HyperHook, a harnessing framework for snapshot-based fuzzing for user-space applications using Nyx. HyperHook simplifies guest-to-host communication and automates repetitive...
neodyme.io
February 5, 2025 at 3:18 PM
🪝Introducing HyperHook! 🪝
A harnessing framework for snapshot-based #fuzzing using Nyx. ⚒️
HyperHook simplifies guest-to-host communication & automates repetitive tasks, making snapshot-fuzzing easier & more efficient!
🔗 Read more: neodyme.io/en/blog/hype...
A harnessing framework for snapshot-based #fuzzing using Nyx. ⚒️
HyperHook simplifies guest-to-host communication & automates repetitive tasks, making snapshot-fuzzing easier & more efficient!
🔗 Read more: neodyme.io/en/blog/hype...
Reposted
🔎Part 2 of our COM hijacking series is live!
This time, we discuss a vulnerability in AVG Internet Security, where we bypass an allow-list, disable self-protection, and exploit an update mechanism to escalate privileges to SYSTEM 🚀💻
neodyme.io/en/blog/com_...
This time, we discuss a vulnerability in AVG Internet Security, where we bypass an allow-list, disable self-protection, and exploit an update mechanism to escalate privileges to SYSTEM 🚀💻
neodyme.io/en/blog/com_...
The Key to COMpromise - Abusing a TOCTOU race to gain SYSTEM, Part 2
In this series of blog posts, we cover how we could exploit five reputable security products to gain SYSTEM privileges with COM hijacking. If you've never heard of this, no worries. We introduce all r...
neodyme.io
January 29, 2025 at 3:17 PM
🔎Part 2 of our COM hijacking series is live!
This time, we discuss a vulnerability in AVG Internet Security, where we bypass an allow-list, disable self-protection, and exploit an update mechanism to escalate privileges to SYSTEM 🚀💻
neodyme.io/en/blog/com_...
This time, we discuss a vulnerability in AVG Internet Security, where we bypass an allow-list, disable self-protection, and exploit an update mechanism to escalate privileges to SYSTEM 🚀💻
neodyme.io/en/blog/com_...
Reposted
From startups to large companies, we've seen this setup used by many corporate clients in the wild. Here's why this is so difficult to fix and Microsoft has not changed the exploitable default settings yet: neodyme.io/blog/bitlock...
On Secure Boot, TPMs, SBAT, and downgrades -- Why Microsoft hasn't fixed BitLocker yet
On Secure Boot, TPMs, SBAT and Downgrades -- Why Microsoft hasn't fixed BitLocker yet
neodyme.io
January 17, 2025 at 2:20 PM
From startups to large companies, we've seen this setup used by many corporate clients in the wild. Here's why this is so difficult to fix and Microsoft has not changed the exploitable default settings yet: neodyme.io/blog/bitlock...
Reposted
Your laptop was stolen. It’s running Windows 11, fully up-to-date, device encryption (BitLocker) and Secure Boot enabled. Your data is safe, right? Think again! This software-only attack grabs your encryption key. Following up on our #38C3 talk: neodyme.io/blog/bitlock...
Windows BitLocker -- Screwed without a Screwdriver
Breaking up-to-date Windows 11 BitLocker encryption -- on-device but software-only
neodyme.io
January 17, 2025 at 2:01 PM
Your laptop was stolen. It’s running Windows 11, fully up-to-date, device encryption (BitLocker) and Secure Boot enabled. Your data is safe, right? Think again! This software-only attack grabs your encryption key. Following up on our #38C3 talk: neodyme.io/blog/bitlock...
Reposted
Following our #38c3 talk about exploiting security software for privilege escalation, we're excited to kick off a new blog series! 🎊
Check out our first blog post on our journey to 💥 exploit five reputable security products to gain privileges via COM hijacking: neodyme.io/blog/com_hij...
Check out our first blog post on our journey to 💥 exploit five reputable security products to gain privileges via COM hijacking: neodyme.io/blog/com_hij...
The Key to COMpromise - Pwning AVs and EDRs by Hijacking COM Interfaces, Part 1
In this series of blog posts, we cover how we could exploit five reputable security products to gain SYSTEM privileges with COM hijacking. If you've never heard of this, no worries. We introduce all r...
neodyme.io
January 15, 2025 at 3:11 PM
Following our #38c3 talk about exploiting security software for privilege escalation, we're excited to kick off a new blog series! 🎊
Check out our first blog post on our journey to 💥 exploit five reputable security products to gain privileges via COM hijacking: neodyme.io/blog/com_hij...
Check out our first blog post on our journey to 💥 exploit five reputable security products to gain privileges via COM hijacking: neodyme.io/blog/com_hij...
Reposted
Slides for our talk "The Key to COMpromise" (AV/EDR privilege escalation) are on GitHub.
If you want to discuss this stuff, you can find @k0lj4.bsky.social or me at the CTF area of #38c3
github.com/0x4d5a-ctf/3...
If you want to discuss this stuff, you can find @k0lj4.bsky.social or me at the CTF area of #38c3
github.com/0x4d5a-ctf/3...
GitHub - 0x4d5a-ctf/38c3_com_talk: Slides for COM Hijacking AV/EDR Talk on 38c3
Slides for COM Hijacking AV/EDR Talk on 38c3. Contribute to 0x4d5a-ctf/38c3_com_talk development by creating an account on GitHub.
github.com
December 28, 2024 at 5:32 PM
Slides for our talk "The Key to COMpromise" (AV/EDR privilege escalation) are on GitHub.
If you want to discuss this stuff, you can find @k0lj4.bsky.social or me at the CTF area of #38c3
github.com/0x4d5a-ctf/3...
If you want to discuss this stuff, you can find @k0lj4.bsky.social or me at the CTF area of #38c3
github.com/0x4d5a-ctf/3...
Reposted
ND people are @ #38C3 in Hamburg, Germany. Be sure to check out our two talks about LPEs in AV/EDR Products (Saturday, 4 PM YELL) and a not yet mitigated Bitlocker Flaw! (Saturday, 7:15 PM HUFF)
December 27, 2024 at 5:51 PM
ND people are @ #38C3 in Hamburg, Germany. Be sure to check out our two talks about LPEs in AV/EDR Products (Saturday, 4 PM YELL) and a not yet mitigated Bitlocker Flaw! (Saturday, 7:15 PM HUFF)
Reposted
💥When security software itself becomes a target! 💥
Learn how we've uncovered critical vulnerabilities in Wazuh, turning a powerful security tool into an unexpected attack vector.
👉 Read more about the findings:
neodyme.io/en/blog/wazu...
Learn how we've uncovered critical vulnerabilities in Wazuh, turning a powerful security tool into an unexpected attack vector.
👉 Read more about the findings:
neodyme.io/en/blog/wazu...
From Guardian to Gateway: The Hidden Risks of EDR Vulnerabilities
Explore the hidden risks within security software as we dive into vulnerabilities of Wazuh, a popular EDR solution.
This post reveals how even trusted tools can become targets, highlighting the import...
neodyme.io
November 29, 2024 at 11:11 AM
💥When security software itself becomes a target! 💥
Learn how we've uncovered critical vulnerabilities in Wazuh, turning a powerful security tool into an unexpected attack vector.
👉 Read more about the findings:
neodyme.io/en/blog/wazu...
Learn how we've uncovered critical vulnerabilities in Wazuh, turning a powerful security tool into an unexpected attack vector.
👉 Read more about the findings:
neodyme.io/en/blog/wazu...
Reposted
Just published a blog post about some critical vulnerabilities I discovered in Wazuh last year! The post covers details on how I found these vulnerabilities and highlights why security tools like EDRs can themselves become valuable targets for attackers.
#infosec
neodyme.io/en/blog/wazu...
#infosec
neodyme.io/en/blog/wazu...
From Guardian to Gateway: The Hidden Risks of EDR Vulnerabilities
Explore the hidden risks within security software as we dive into vulnerabilities of Wazuh, a popular EDR solution.
This post reveals how even trusted tools can become targets, highlighting the import...
neodyme.io
November 22, 2024 at 4:52 PM
Just published a blog post about some critical vulnerabilities I discovered in Wazuh last year! The post covers details on how I found these vulnerabilities and highlights why security tools like EDRs can themselves become valuable targets for attackers.
#infosec
neodyme.io/en/blog/wazu...
#infosec
neodyme.io/en/blog/wazu...