Penetration Testing

Our team of experienced pentesters with strong CTF backgrounds will approach every scenario with a true hacker mindset.

Penetration Testing
Keep your systems secure with our experienced pentesting team. Our offensive experts use state-of-the-art tools and thorough analysis to assess your systems' security. Thinking outside the box, we help you to efficiently find and remediate vulnerabilities.
- Web Application Pentesting
- Fat/Thin Client Security Testing
- Red Teaming
Contact Us
Security Assessments
For evaluating your company's security, our teams comprise experts with complementary skills ranging from reviewing source code to analysing corporate environments. We provide an extensive report detailing the vulnerabilities and recommendations to avoid these and similar issues in the future.
- Network Vulnerability Reporting
- Active Directory Assessments
- Source Code Security Reviews
Contact Us
Security Consulting
For high-level solutions custom-made for your security needs, we offer security consulting services tailored to your demands. We analyse your organization's risk profile, compile recommendations for a security architecture and develop plans on how to improve your company's IT security permanently.
- Security Concept Reviews
- EDR Product Evaluation
- Cyber Risk Assessments
Contact Us

Our Certificates

“The collaboration with Neodyme is always professional and uncomplicated. We appreciate the fast communication channels and efficient processes. The employees are competent and distinguish themselves through high creativity. Here you also think outside the box!”

Moritz Prinz

Partner at TNG Technology Consulting

Find more content
in our Blog

Our blog features posts from the world of cybersecurity, reverse engineering, research projects, solana and other blockchains, cryptography, and much more. If you're a developer, a security professional, or just an interested person, we are sure you will find something exciting to read! Here are some of our favorite posts to get you started!

CS:GO: From Zero to 0-day

We identified three independent remote code execution (RCE) vulnerabilities in the popular Counter-Strike: Global Offensive game. Each vulnerability can be triggered when the game client connects to our malicious python CS:GO server. This post details our journey through the CS:GO binary and conducts a technical deep dive into various identified bugs. We conclude by presenting a proof of concept (POC) exploit that leverages four different logic bugs into remote code execution in the game’s client, triggered when a client connects to the server.

From Guardian to Gateway: The Hidden Risks of EDR Vulnerabilities

Explore the hidden risks within security software as we dive into vulnerabilities of Wazuh, a popular EDR solution. This post reveals how even trusted tools can become targets, highlighting the importance of robust defenses for security systems themselves.

RCE on the HP M479fdw printer

Two years ago, Neodyme targeted the “SOHO Smashup” chain at Pwn2Own Toronto 2022, featuring a Netgear RAX30 router and an HP M479fdw printer and successfully gained remote code execution on both devices, pivoting from the router to the printer. This post covers the technical aspects of our first printer exploitation journey, resulting in reliable code execution via the printer discovery service.

MacOS: Unauthd - Logic bugs FTW

This blog post is about a MacOS LPE chain I wrote and reported back in February. It features three logic bugs to go from user to root with System Integrity Protection (SIP) bypass to kernel. Since I’m not exploiting any memory corruptions or other vulnerabilities that aren’t 100% deterministic, this chain is fully reliable which I think is cool ;). It runs on MacOS < 10.15.5

Secure your business.
Take the right step today.

You want to improve a products, or organizations security dramatically? Contact us for a consultation on a pentest!

Penetration Testing