@mr_phrazer Nice, I'm testing it out right now. Do you plan to add remote support for Ghidra servers? From my experience its quite a hassle to export the ghidra project after each run and pull it from the restricted environment
English
0x4d5a
83 posts
0x4d5a
@0x4d5aC
CTF Player at @ALLESctf and @Sauercl0ud! Security Researcher @Neodyme. Mostly RE, pwn and Windows internals
Katılım Ağustos 2019
293 Takip Edilen630 Takipçiler
I also published my Ghidra Headless MCP that follows similar design principles: github.com/mrphrazer/ghid…
Tim Blazytko@mr_phrazer
Recently my RE workflow moved into sandboxed VMs where agents have full control over the environment. I needed an MCP server that runs headless in the same sandbox and exposes way more of the #BinaryNinja API than others. Here's the release: github.com/mrphrazer/bina…
English
0x4d5a retweetledi
CSCG 2026 is live (until 01.05.)! 🥳
Jump in, solve challenges, learn something new, and climb the scoreboard.
This year CSCG also serves as the OpenECSC for ECSC 2026 Germany. @ECSC_openECSC
play.cscg.live
English
0x4d5a retweetledi
Drones are hot - their security is not.
Here is how removed the NAND, dumped firmware, and reverse-engineered ECC on a consumer drone. Stay tuned for part 2!
neodyme.io/de/blog/drone_…
English
Thanks for featuring this fun blog post! Next one for Lenovo DCC will be more technical, including some RPC interactions for the second LPE
Last Week in Security (LWiS)@lastweekinfosec
WriteAccountRestrictions fun (@unsigned_sh0rt), RCE in Dell UnityVSA (@SinSinology), Unity Runtime exploit (@ryotkak), Lenovo DCC LPE (@0x4d5aC), and more! blog.badsectorlabs.com/last-week-in-s…
English
@0x4d5aC any chance you could check your dm anyways i would like to talk about a partnership opportunity for a cyber CTF competition i organise . thank you :)
English
@clearbluejar That looks pretty nice! Any ETA on the release for us to play around with this?
English
📢 Incoming release: pyghidra‑mcp
🛠️ Meet your new RE best friend. Harness frontier models or a local gpt-oss-20b llm brain to power Ghidra multi‑binary, project‑wide analysis. You’ll be slicing through code like butter 🧈😆
ETA: imminent. Keep your shells warm 🔥🐙⚡🐉
English
0x4d5a retweetledi
0x4d5a retweetledi
Day 2 at @offensive_con has just started and our colleagues Kolja Grassmann and Alain Rödel are right in the middle of it! 🔥
Can't wait to hear the insights they bring back from some of the sharpest minds in offensive security. If you're there too, make sure to say hi!
English
That was a fun one: A journey of SSRF, some local file reads and eventually a Chromium n-day to get RCE. Disable JavaScript and local file access in your Chromium based HTML renderers :)
Neodyme@Neodyme
From iframes and file reads to full RCE. 🔥 We found an HTML-to-PDF API allowing file reads and SSRF - then chained it into remote code execution via a Chromium 62 WebView exploit. 👉 Read the full write-up here: neodyme.io/en/blog/html_r…
English
0x4d5a retweetledi
The Cyber Security Challenge Germany 2025 has started! 🎉
The competition runs from March 1 - 18:00 CET to May 1 - 18:00 CEST.
We're excited to announce that we are inviting the top 6 DACH players in the EARTH category to the @DHM_ctf!
Participate now at: play.cscg.live
GIF
English
0x4d5a retweetledi
Wrapping up our COM hijacking series! 🎉
In the final part, we discuss a custom IPC protocol, use a registry write to gain SYSTEM privileges, and explore Denial of Service attacks on security products. 💥💻
Don't miss it! neodyme.io/en/blog/com_hi…
English
0x4d5a retweetledi
🔎Digging deeper into COM hijacking!
In Part 3, we explore two new vulnerabilities:
🗑️ Webroot Endpoint Protect (CVE-2023-7241) – SYSTEM via arbitrary file deletion
📥 Checkpoint Harmony (CVE-2024-24912) – SYSTEM via a file download primitive
Read more: neodyme.io/en/blog/com_hi…
English
0x4d5a retweetledi
🪝Introducing HyperHook! 🪝
A harnessing framework for snapshot-based #fuzzing using Nyx. ⚒️
HyperHook simplifies guest-to-host communication & automates repetitive tasks, making snapshot-fuzzing easier & more efficient!
🔗 Read more: neodyme.io/en/blog/hyperh…
English
0x4d5a retweetledi
🔎Part 2 of our COM hijacking series is live!
This time, we discuss a vulnerability in AVG Internet Security, where we bypass an allow-list, disable self-protection, and exploit an update mechanism to escalate privileges to SYSTEM 🚀💻
neodyme.io/en/blog/com_hi…
English
0x4d5a retweetledi
Your laptop was stolen. It’s running Windows 11, fully up-to-date, device encryption (BitLocker) and Secure Boot enabled. Your data is safe, right? Think again! This software-only attack grabs your encryption key. Following up on our #38C3 talk: neodyme.io/blog/bitlocker…
English
Intro blogpost with details of the TrendMicro LPE vulnerability (Named Pipe Replay) just went live!
Neodyme@Neodyme
Following our #38c3 talk about exploiting security software for privilege escalation, we're excited to kick off a new blog series! 🎊 Check out our first blog post on our journey to 💥 exploit five reputable security products to gain privileges via COM hijacking: neodyme.io/blog/com_hijac…
English
Slides for our talk "The Key to COMpromise" (AV/EDR privilege escalation) are on GitHub.
If you want to discuss this stuff, you can find @__k0lja or me at the CTF area of 38C3
github.com/0x4d5a-ctf/38c…
English
0x4d5a retweetledi
0x4d5a retweetledi
💥When security software itself becomes a target! 💥
Learn how we've uncovered critical vulnerabilities in Wazuh, turning a powerful security tool into an unexpected attack vector.
👉 Read more about the findings: neodyme.io/en/blog/wazuh_…
English