Neodyme

@[email protected]
70 Followers
3 Following
42 Posts
NeodymeMar 24

New blog post 🚨

We're diving deeper into a privilege escalation issue (CVE-2024-4762) in Lenovo Display Control Center used across Windows enterprise environments.

👉 Read the full breakdown: https://neodyme.io/en/blog/lenovo_dcc_lpe_fwupdate/

Lenovo DCC: Part 2 - Trusted IPC and a Malicious Firmware Update

The [Lenovo Display Control Center](https://support.lenovo.com/de/de/downloads/ds547223-lenovo-display-control-center-thinkcolor), commonly deployed in Windows enterprise environments, could be used for local privilege escalation. In the first part of this series, we have presented two ways how to gain local administrative access. In this post, we dive into IPC communication and how to exploit trusted IPC communication from a low privileged service process to get admin privileges in a different way.

NeodymeJan 28
TrendAI Zero Day InitiativeJan 21
Confirmed! Neodyme AG (@neodyme) used a stack based buffer overflow to get a root shell on the Alpine iLX-F511, earning $20,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto
NeodymeJan 28
TrendAI Zero Day InitiativeJan 22
Confirmed! Neodyme AG (@neodyme) exploited a buffer overflow vulnerability (CWE‑120) in Round 3 to achieve privileged code execution on the Sony XAV‑9500ES, earning $10,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto
NeodymeJan 14
Drones are hot - their security is not.
Here is how we removed the NAND, dumped firmware, and reverse-engineered ECC on a consumer drone. Stay tuned for part 2!
https://neodyme.io/de/blog/drone_hacking_part_1/
Drone Hacking Part 1: Dumping Firmware and Bruteforcing ECC

Desoldering a drone's flash chip and reconstructing the firmware from broken data.

Show threadNeodymeOct 23
Thanks to @thezdi for hosting yet another well-run and inspiring Pwn2Own edition!
NeodymeOct 23
Another amazing #Pwn2Own in the books! 💪
Our team pulled off some great hacks:
🖨️ HP Printer — $20K / 2 MoP
🏠 Home Assistant — $15K / 3 MoP
🔌 Smart Plug — $20K / 2 MoP
📸 Canon — $10K / 2 MoP
Total: $65K / 9 MoP
So proud of what we achieved together! 🧠⚡
NeodymeOct 23
Check out our new blog post on a research-driven look at software-only DRM. Explore how the Qiling emulation framework can be used to analyze Widevine and how Differential Fault Analysis (DFA) and emulation aid de-obfuscation.
▶️ Read more: https://neodyme.io/en/blog/widevine_l3/
Diving into the depths of Widevine L3

This post explores various approaches to attacking Widevine L3, a DRM system commonly used by streaming services. We analyzed the Android library and instrumented it dynamically to extract the keybox before finally deobfuscating it.

NeodymeOct 23
TrendAI Zero Day InitiativeOct 23
🖨️ Print victory! Team @neodyme just hacked the Canon imageCLASS MF654Cdw at #Pwn2Own. They head off to the disclosure room once more to provide the details of their exploit. #P2OIreland
NeodymeOct 22
TrendAI Zero Day InitiativeOct 22
Confirmed! Team @neodyme used three bugs to exploit the Amazon Smart plug. In doing so, they earn themselves $20,000 and 2 Master of Pwn points. #Pwn2Own
NeodymeOct 22
TrendAI Zero Day InitiativeOct 22
Success! We had a little configuration confusion, but Team Neodyme hopped for joy as their exploit of the Amazon Smart Plug was successful. Their attack went over Bluetooth & WiFI, so they used the RF enclosure. They head off to the disclosure room with details. #Pwn2Own