We decided to revisit an old research problem with some new LLM powered tooling. Check out our latest blog post to see how we approached this research, and the new Java deserialization gadget chains it discovered in just two days! www.atredis.com/blog/2026/3/12/findings-gadgets-like-its-2026
Atredis
- 13 Followers
- 0 Following
- 23 Posts
Atredis is a 100% worker-owned team of world-class security researchers and consultants. We do risk-centric, research-driven security testing and consulting. https://atredis.com
On a recent engagement, we exploited a previously disclosed privilege escalation bug in Tenable's Nessus Agent. No public PoC was available, so we made one; check it out here https://github.com/atredispartners/proof-of-concept/tree/main/cve-2025-36632
Atredis identified a vulnerability in the way Rapid7's Nexpose was generating passwords to protect its Java KeyStore which is used to encrypt saved credentials. This vulnerability was reported to Rapid7 and a patch is being rolled out today! Check out the details here: https://github.com/atredispartners/advisories/blob/master/2026/ATREDIS-2026-0002.md
Command & Conquer'd: worming RCEs through a classic multiplayer game. Check out the full writeup from our @DistrictCon Junkyard submission here:
https://www.atredis.com/blog/2026/1/26/generals
By @drone and @jordan9001
General Graboids: Worms and Remote Code Execution in Command & Conquer — Atredis Partners
[this work was conducted collaboratively by Bryan Alexander and Jordan Whitehead] This post details several vulnerabilities discovered in the online game Command & Conquer: Generals. We recently presented some of this work at an information security conference and this post contains techni
Last week, hardware. This week, firmware! Sam is back with a deep dive into his LiDAR Detector and demos a couple prototypes! https://www.atredis.com/blog/2025/12/1/designing-a-passive-lidar-detector-device-firmware
Say Cheese, Computer!
Designing a Sensor for Passive Detection of iPhone TrueDepth LiDAR
www.atredis.com/blog/2025/11/20/designing-a-passive-lidar-detection-sensor
Let's Hack Something Cute! A Reverse Engineering Journey into the Drawbot with Jessie https://www.atredis.com/blog/2025/9/30/drawbot-lets-hack-something-cute
Drawbot: Let’s Hack Something Cute! — Atredis Partners
The Target A few months ago I realized I was overdue for a fun, quirky hardware project. Every so often I like to see what new and interesting electronic children's toys are out there. When looking, I keep in mind the potential attack surface, typically preferring toys with companion mobile apps, w
In case you missed it, be sure to watch Atredian Matt Burch's (@emptynebuli) #HackSpaceCon talk, Where's the Money: Defeating ATM Disk Encryption! https://buff.ly/RqUmthH
Check out our latest blog from Matt Burch (@emptynebuli) detailing new supplemental findings from his DefCon32 talk Where's the Money: Defeating ATM Disk Encryption: https://www.atredis.com/blog/2025/8/26/24nrgne4dqbwjxyip7txn8ep6zj057
We recently identified a number of privilege escalation vulnerabilities in Lenovo Vantage on Windows; check out our latest blog for a technical deep dive https://www.atredis.com/blog/2025/7/7/uncovering-privilege-escalation-bugs-in-lenovo-vantage
