Atredis Partners

proof-of-concept/cve-2025-36632 at main · atredispartners/proof-of-concept Proof of concepts and other snippets. Contribute to atredispartners/proof-of-concept development by creating an account on GitHub.

On a recent engagement, we exploited a previously disclosed privilege escalation bug in Tenable's Nessus Agent. No public PoC was available, so we made one; check it out here github.com/atredispartn...

Atredis identified a vulnerability in the way Rapid7's Nexpose was generating passwords to protect its Java KeyStore which is used to encrypt saved credentials. This vulnerability was reported to Rapid7 and a patch is being rolled out today! Check out the details here: github.com/atredispartn...

General Graboids: Worms and Remote Code Execution in Command & Conquer — Atredis Partners [this work was conducted collaboratively by Bryan Alexander and Jordan Whitehead] This post details several vulnerabilities discovered in the popular online game Command & Conquer: Generals. We…

Command & Conquer'd: worming RCEs through a classic multiplayer game. Check out the full writeup from our @districtcon.bsky.social Junkyard submission here:
www.atredis.com/blog/2026/1/...
By @droner.bsky.social and @jordan9001.bsky.social

#Security #modding #rce

Last week, hardware. This week, firmware! Sam is back with a deep dive into his LiDAR Detector and demos a couple prototypes! www.atredis.com/blog/2025/12...

Say Cheese, Computer!

Designing a Sensor for Passive Detection of iPhone TrueDepth LiDAR

www.atredis.com/blog/2025/11/20/designing-a-passive-lidar-detection-sensor

Drawbot: Let’s Hack Something Cute! — Atredis Partners The Target A few months ago I realized I was overdue for a fun, quirky hardware project. Every so often I like to see what new and interesting electronic children's toys are out there. When looking,…

Let's Hack Something Cute! A Reverse Engineering Journey into the Drawbot with Jessie www.atredis.com/blog/2025/9/...

Build Cyber

In case you missed it, be sure to watch Atredian Matt Burch's (@emptynebuli.bsky.social) #HackSpaceCon talk, Where's the Money: Defeating ATM Disk Encryption! buff.ly/RqUmthH

Where’s the Money - Supplemental Findings — Atredis Partners While creating the content for my DefCon 32 talk, Where’s the Money: Defeating ATM Disk Encryption, I observed two additional vulnerabilities that had been overlooked in the heat of the research.…

Check out our latest blog from Matt Burch (@emptynebuli.bsky.social ) detailing new supplemental findings from his DefCon32 talk Where's the Money: Defeating ATM Disk Encryption: www.atredis.com/blog/2025/8/26/24nrgne4dqbwjxyip7txn8ep6zj057

Exploiting the Tesla Wall connector from its charge port connector An interesting attack surface Over the past few years, Synacktiv has been analyzing Tesla vehicles for the Pwn2Own competition.

ICYMI, @synacktiv.com's Pwn2Own walkthrough, exploiting a Tesla Wall via the charging port is a good Friday read.

After a firmware downgrade, they found a debug shell via the access point used during setup, ultimately using this to gain EIP.

www.synacktiv.com/en/publicati...

Uncovering Privilege Escalation Bugs in Lenovo Vantage — Atredis Partners Atredis Partners is an advanced security services and research consulting firm.

We recently identified a number of privilege escalation vulnerabilities in Lenovo Vantage on Windows; check out our latest blog for a technical deep dive www.atredis.com/blog/2025/7/...

Be sure to watch Matt Burch's (@emptynebuli.bsky.social) @CypherCon.bsky.social talk, Where's the Money: Defeating ATM Disk Encryption! buff.ly/wWaSlle

A Peek into an In-Game Ad Client — Atredis Partners A little bit ago I re-installed the racing game Trackmania, and I noticed I got product ads displayed at me in-game alongside the racetrack. Where were those coming from?

Where do the Ads in Trackmania come from? In-game ads and reverse engineering tips in this mini-post from Jordan
www.atredis.com/blog/2025/5/...

Sam wanted to answer the question "can you 3D print pogo pin harnesses?" So, he ran some experiments this week to find out.

Check out the blog post and grab the models to try for yourself!

buff.ly/xWcWE5W

#pogopin #probe #3dprinting #atredis

In case you missed it. Don't miss @emptynebuli.bsky.social presenting at #HackSpaceCon in Cape Canaveral on May 14th! 💰 🚀

buff.ly/tRaisC8

BSides Buffalo 2025 Mobile app & schedule website

Don’t miss Atredian Bill Carver talking about Ransomware Readiness @bsidesbuffalo.bsky.social - Hope to see you there on June 7th!

Don't miss @emptynebuli.bsky.social presenting at #HackSpaceCon in Cape Canaveral on May 14th! 💰 🚀 No ticket? No Problem! 👀 We have a few extra 👀 Reply to the post and we will hook you up!

buff.ly/tRaisC8

Sam @bespokebugs.bsky.social wanted to answer the question "can you 3D print pogo pin harnesses?" So, he ran some experiments this week to find out.

Check out the blog post and grab the models to try for yourself!

atredis.squarespace.com/blog/2025/4/...

#pogopin #probe #3dprinting #atredis

Don't miss Atredian Matt Burch (@emptynebuli.bsky.social) presenting "Where's the Money: Defeating ATM Disk Encryption" at #HackSpaceCon!

buff.ly/zHBii72

Be sure to watch Chris's @districtcon.bsky.social talk, DaBootZone: Breaking the DA1469x Boot ROM!

buff.ly/Xw3Hhpi

In case you missed it, happening this week:

Catch Atredian Matt Burch's talk about ATM Hacking on April 4th @cyphercon.bsky.social
buff.ly/If1XTou

BSides Buffalo (@bsidesbuffalo.bsky.social) Excited to announce our latest Gold Sponsor for the 2025 conference, first-time sponsors Atredis! Atredis Partners is industry-leading, research-driven consulting, offering services in penetration…

Proud to be a sponsor of @BsidesBuffalo.bsky.social! Hope to see you there on June 7th!

Don't miss Atredian Matt Burch (@emptynebuli.bsky.social) on April 4th, talking about ATM Hacking on the Circle stage @cyphercon.bsky.social! cyphercon.com/portfolio/wh...

Node is a loader — Atredis Partners Atredis Partners is an advanced security services and research consulting firm.

In case you missed it:

@tomprogramming.bsky.social explores creating and hijacking Node.js DLLs with
@ziglang.bsky.social in the latest blog post!

buff.ly/D1s2iF3

Advisory Blog Series: HIPAA Security Rule Updates — Atredis Partners As you may have already heard, the HIPAA Security Rule is undergoing a much-needed update. We wanted to discuss what Covered Entities and Business Associates - now referred to as “Regulated Entities”…

In case you missed it:

Want to learn more about the upcoming changes to the HIPAA Security Rule?

Our Risk and Advisory team gives a rundown of the proposed changes here:

This is why we started this company in the first place, and it always feels soooo good to hear it from folks.

Thank you for making our day @cyberdude83.bsky.social.🥲

advisories/ATREDIS-2025-0001.md at master · atredispartners/advisories Atredis Partners Security Advisories. Contribute to atredispartners/advisories development by creating an account on GitHub.

We recently discovered a local privilege escalation in Kolide; it impacts Kolide >= 1.5.3, < 1.12.3 on Windows machines. Check out our full disclosure here

Node is a loader — Atredis Partners Atredis Partners is an advanced security services and research consulting firm.

@tomprogramming.bsky.social explores creating and hijacking Node.js DLLs with
@ziglang.bsky.social in the latest blog post!

buff.ly/D1s2iF3

In case you missed it:

Catch Atredian Matt Burch's talk about ATM Hacking on April 4th @cyphercon.bsky.social
buff.ly/If1XTou

dabootzone_districtcon.pdf

Catch Chris' talk DaBootZone: Breaking the DA1469x BootROM @districtcon.bsky.social !

Stream: https://buff.ly/4bcOsmj
Slides: https://buff.ly/4gT3bDW
Info: https://buff.ly/4gT3dM4