Kolja

The countdown is on! 3⃣2⃣1⃣ On March 1st at 6 PM, the new round of the CSCG begins. Two months of fun and challenging tasks covering a wide range of cyber security topics await! 👉 Whether you're a beginner or a professional, make sure to sign up in the right category.

Confirmed! Neodyme AG (@Neodyme) used a stack based buffer overflow to get a root shell on the Alpine iLX-F511, earning $20,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto

Drones are hot - their security is not. Here is how removed the NAND, dumped firmware, and reverse-engineered ECC on a consumer drone. Stay tuned for part 2! neodyme.io/de/blog/drone_…

Another amazing #Pwn2Own in the books! 💪 Our team pulled off some great hacks: 🖨️ HP Printer — $20K / 2 MoP 🏠 Home Assistant — $15K / 3 MoP 🔌 Smart Plug — $20K / 2 MoP 📸 Canon — $10K / 2 MoP Total: $65K / 9 MoP So proud of what we achieved together! 🧠⚡

🖨️ Print victory! Team @Neodyme just hacked the @CanonUSA imageCLASS MF654Cdw at #Pwn2Own. They head off to the disclosure room once more to provide the details of their exploit. #P2OIreland

Check out our new blog post on a research-driven look at software-only DRM. Explore how the Qiling emulation framework can be used to analyze Widevine and how Differential Fault Analysis (DFA) and emulation aid de-obfuscation. ▶️ Read more: neodyme.io/en/blog/widevi…

Confirmed! Team @Neodyme used three bugs to exploit the Amazon Smart plug. In doing so, they earn themselves $20,000 and 2 Master of Pwn points. #Pwn2Own

Success! We had a little configuration confusion, but Team Neodyme (@Neodyme) hopped for joy as their exploit of the Amazon Smart Plug was successful. Their attack went over Bluetooth & WiFI, so they used the RF enclosure. They head off to the disclosure room with details. #Pwn2Own

Shout-out to our colleagues at #Pwn2Own in Cork: youtube.com/watch?v=e20Dqd…

📢 Confirmed: @Neodyme used 2 bugs to exploit the Home Assistant Green, but only 1 was unique. They still earn $15,000 and 3 Master of Pwn points. #Pwn2Own

🏠 Well that was quick. @Neodyme needed only one second to demonstrate their exploit of the Home Automation Green. We know they took their time creating the exploit, but wasted no time showing it off. The head off to the disclosure room to dish the deets. #Pwn2Own

The Cyber Security Challenge Germany 2025 aftermovie is live! 🎥 Relive the highlights and the spirit of Germany's top young cybersecurity talents. ▶️ Watch now: youtu.be/D9SXZMNyk9U

While our colleagues hack live at #Pwn2Own in Cork, take a look at our newly published last year's writeup on our blog: We compromised a QNAP router to take over a networked Canon printer. ▶️ Read the findings and how we got there: neodyme.io/en/blog/pwn2ow…

Our first confirmation of #Pwn2Own Ireland is in! @Neodyme used a stack based buffer overflow to exploit the HP DeskJet 2855e. They earn $20,000 and 2 Master of Pwn points. #P2OIreland

Heading to @hack_lu? 🔐 Our colleague Felipe will discuss how partial emulation and DFA can be used to study a legacy version of Widevine L3, Google's software-based DRM. ➡️ Dive into the past to strengthen future DRM security. 🗓️ Oct 23 at 2:15pm 2025.hack.lu/agenda/

Congratulations to Team Germany 🇩🇪 for achieving an impressive third place 🥉 at the #ECSC2025! A fantastic performance and great spirit throughout the competition. Well done to all participants! 👏💻

It's game time at #ECSC2025! 👉 Livestream: ecsc2025.pl 👉 Live scoreboard: public.ecsc-board.pl All the best to Team Germany and every participant. We're all watching with anticipation! 🔐

Wishing the German team great success at the European Cyber Security Challenge in Warsaw (Oct 6–9)! 🚀 May your talent and teamwork shine in this exciting competition. Viel Erfolg! 🇩🇪

⚡️ Lenovo DCC contained an easy-to-exploit LPE: a weak ACL bug → local privilege escalation → full admin 🖥️👨‍💻 We break it down with reverse engineering, process tracing, & two exploit strategies. Read Part 1 of our deep dive: 👉 neodyme.io/de/blog/lenovo…

🥳 Congrats to @saarsec for winning FaustCTF 2025! Want to qualify for the German Hacking Competition? The top DACH team in these CTFs will still earn a spot: 🔹 Hack.lu 2025 (17–19 Oct) 🔹 Platypwn 2025 (15–16 Nov) 🔹 GlacierCTF 2025 (22–23 Nov)