's Avatar

@k0lj4.bsky.social

15 Followers  |  145 Following  |  1 Posts  |  Joined: 14.11.2024  |  1.6872

Latest posts by k0lj4.bsky.social on Bluesky

Preview
Did You Train on My Voice? Exploring Privacy Risks in ASR This post explores a recent research paper on membership inference attacks targeting Automatic Speech Recognition (ASR) models. It breaks down how subtle signals like input perturbation and model loss...

Think your speech model is secure?
It might be quietly leaking what it was trained on.

In a new blog post, we explain membership inference attacks and why they matter for cyber security experts.
πŸ”— neodyme.io/en/blog/memb...

02.07.2025 14:03 β€” πŸ‘ 3    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
Your router might be a security nightmare: Tales from Pwn2Own Toronto 2022 Three years ago, Neodyme took aim the "SOHO Smashup" category at Pwn2Own Toronto 2022, targeting a Netgear RAX30 router and an HP M479fdw printer. We successfully gained remote code execution on both ...

πŸ† Throwback to #Pwn2Own Toronto 2022: "Routers are just Linux boxes with antennas." So we treated one like it. At #Pwn2Own 2022, we turned a Netgear RAX30 into a stepping stone for a full LAN pivot. Story: neodyme.io/en/blog/pwn2...

06.06.2025 16:08 β€” πŸ‘ 4    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Pwn2Own Ireland 2024: Canon imageCLASS MF656Cdw This blogpost starts a series about various exploits at Pwn2Own 2024 Ireland (Cork). This and the upcoming posts will detail our research methodology and journey in exploiting different devices. We st...

At #Pwn2Own Ireland 2024, we successfully targeted the SOHO Smashup category. πŸ–¨οΈ
Starting with a QNAP QHora-322 NAS, we pivoted to the Canon imageCLASS MF656Cdw - and ended up with shellcode execution.
Read the full vulnerability deep dive here πŸ‘‰ neodyme.io/en/blog/pwn2...

22.05.2025 11:06 β€” πŸ‘ 3    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
The Key to COMpromise - Downloading a SYSTEM shell, Part 3 In this series of blog posts, we cover how we could exploit five reputable security products to gain SYSTEM privileges with COM hijacking. If you've never heard of this, no worries. We introduce all r...

πŸ”Ž Digging deeper into COM hijacking!
In Part 3, we explore two new vulnerabilities:
πŸ—‘οΈ Webroot Endpoint Protect (CVE-2023-7241) – SYSTEM via arbitrary file deletion
πŸ“₯ Checkpoint Harmony (CVE-2024-24912) – SYSTEM via a file download primitive

Read more: neodyme.io/en/blog/com_...

12.02.2025 15:10 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Introducing HyperHook: A harnessing framework for Nyx In this post, we introduce HyperHook, a harnessing framework for snapshot-based fuzzing for user-space applications using Nyx. HyperHook simplifies guest-to-host communication and automates repetitive...

πŸͺIntroducing HyperHook! πŸͺ
A harnessing framework for snapshot-based #fuzzing using Nyx. βš’οΈ
HyperHook simplifies guest-to-host communication & automates repetitive tasks, making snapshot-fuzzing easier & more efficient!
πŸ”— Read more: neodyme.io/en/blog/hype...

05.02.2025 15:18 β€” πŸ‘ 3    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
Preview
The Key to COMpromise - Abusing a TOCTOU race to gain SYSTEM, Part 2 In this series of blog posts, we cover how we could exploit five reputable security products to gain SYSTEM privileges with COM hijacking. If you've never heard of this, no worries. We introduce all r...

πŸ”ŽPart 2 of our COM hijacking series is live!
This time, we discuss a vulnerability in AVG Internet Security, where we bypass an allow-list, disable self-protection, and exploit an update mechanism to escalate privileges to SYSTEM πŸš€πŸ’»
neodyme.io/en/blog/com_...

29.01.2025 15:17 β€” πŸ‘ 5    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
On Secure Boot, TPMs, SBAT, and downgrades -- Why Microsoft hasn't fixed BitLocker yet On Secure Boot, TPMs, SBAT and Downgrades -- Why Microsoft hasn't fixed BitLocker yet

From startups to large companies, we've seen this setup used by many corporate clients in the wild. Here's why this is so difficult to fix and Microsoft has not changed the exploitable default settings yet: neodyme.io/blog/bitlock...

17.01.2025 14:20 β€” πŸ‘ 3    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
Windows BitLocker -- Screwed without a Screwdriver Breaking up-to-date Windows 11 BitLocker encryption -- on-device but software-only

Your laptop was stolen. It’s running Windows 11, fully up-to-date, device encryption (BitLocker) and Secure Boot enabled. Your data is safe, right? Think again! This software-only attack grabs your encryption key. Following up on our #38C3 talk: neodyme.io/blog/bitlock...

17.01.2025 14:00 β€” πŸ‘ 4    πŸ” 2    πŸ’¬ 1    πŸ“Œ 1
Preview
The Key to COMpromise - Pwning AVs and EDRs by Hijacking COM Interfaces, Part 1 In this series of blog posts, we cover how we could exploit five reputable security products to gain SYSTEM privileges with COM hijacking. If you've never heard of this, no worries. We introduce all r...

Following our #38c3 talk about exploiting security software for privilege escalation, we're excited to kick off a new blog series! 🎊
Check out our first blog post on our journey to πŸ’₯ exploit five reputable security products to gain privileges via COM hijacking: neodyme.io/blog/com_hij...

15.01.2025 15:11 β€” πŸ‘ 5    πŸ” 5    πŸ’¬ 0    πŸ“Œ 0
Ghost in the PPL Part 1: BYOVDLL In this series of blog posts, I will explore yet another avenue for bypassing LSA Protection in Userland. I will also detail the biggest challenges I faced while developing a proof-of-concept, and dis...

I agree this will just make it a bit harder, but is by no means a proper fix for the underlying issue. There are probably different ways to inject code and I think vulnerable signed DLLs (itm4n.github.io/ghost-in-the...) might also be an option but I have not looked into it further.

29.12.2024 09:31 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
GitHub - 0x4d5a-ctf/38c3_com_talk: Slides for COM Hijacking AV/EDR Talk on 38c3 Slides for COM Hijacking AV/EDR Talk on 38c3. Contribute to 0x4d5a-ctf/38c3_com_talk development by creating an account on GitHub.

Slides for our talk "The Key to COMpromise" (AV/EDR privilege escalation) are on GitHub.

If you want to discuss this stuff, you can find @k0lj4.bsky.social or me at the CTF area of #38c3

github.com/0x4d5a-ctf/3...

28.12.2024 17:32 β€” πŸ‘ 6    πŸ” 4    πŸ’¬ 0    πŸ“Œ 0
Post image

ND people are @ #38C3 in Hamburg, Germany. Be sure to check out our two talks about LPEs in AV/EDR Products (Saturday, 4 PM YELL) and a not yet mitigated Bitlocker Flaw! (Saturday, 7:15 PM HUFF)

27.12.2024 17:51 β€” πŸ‘ 2    πŸ” 3    πŸ’¬ 1    πŸ“Œ 1
Preview
From Guardian to Gateway: The Hidden Risks of EDR Vulnerabilities Explore the hidden risks within security software as we dive into vulnerabilities of Wazuh, a popular EDR solution. This post reveals how even trusted tools can become targets, highlighting the import...

πŸ’₯When security software itself becomes a target! πŸ’₯
Learn how we've uncovered critical vulnerabilities in Wazuh, turning a powerful security tool into an unexpected attack vector.
πŸ‘‰ Read more about the findings:
neodyme.io/en/blog/wazu...

29.11.2024 11:11 β€” πŸ‘ 2    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
From Guardian to Gateway: The Hidden Risks of EDR Vulnerabilities Explore the hidden risks within security software as we dive into vulnerabilities of Wazuh, a popular EDR solution. This post reveals how even trusted tools can become targets, highlighting the import...

Just published a blog post about some critical vulnerabilities I discovered in Wazuh last year! The post covers details on how I found these vulnerabilities and highlights why security tools like EDRs can themselves become valuable targets for attackers.
#infosec

neodyme.io/en/blog/wazu...

22.11.2024 16:52 β€” πŸ‘ 8    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0

@k0lj4 is following 19 prominent accounts