Penetration Testing

Our team of experienced pentesters with strong CTF backgrounds will approach every scenario with a true hacker mindset.

Workcation

“The collaboration with Neodyme is always professional and uncomplicated. We appreciate the fast communication channels and efficient processes. The employees are competent and distinguish themselves through high creativity. Here you also think outside the box!”

Moritz Prinz
Partner at TNG Technology Consulting

Find more content in our Blog

Our blog features posts from the world of cybersecurity, reverse engineering, research projects, solana and other blockchains, cryptography, and much more. If you're a developer, a security professional, or just an interested person, we are sure you will find something exciting to read! Here are some of our favorite posts to get you started!

Secure Randomness: From Zero to Verifiable Delay Functions, Part 1

A secure source of randomness is one of the most critical components of many decentralized applications. However, perhaps surprisingly, there is currently no on-chain source of randomness that is truly trustless. Almost all solutions that have been used in practice are either fundamentally broken or require the participants involved to trust each other or a third party. Why is that?

In this two-part series, we’ll discuss the different attempts to construct a secure source of randomness, and why all currently known solutions have fundamental shortcomings in some aspect.

How to Become a Millionaire, 0.000001 BTC at a Time

We recently discovered a critical bug in the token-lending contract of the Solana Program Library (SPL). This blog post details our journey from discovery, through exploitation and coordinated disclosure, and finally the fix. The total TVL at risk was about 2.600.000.000 USD. Some low-value coins are not economically viable to steal, but the potential profit was easily in the hundreds of millions. The bug was fixed, and dapps updated promptly to close the vulnerability.

MacOS: Unauthd - Logic bugs FTW

This blog post is about a MacOS LPE chain I wrote and reported back in February. It features three logic bugs to go from user to root with System Integrity Protection (SIP) bypass to kernel. Since I’m not exploiting any memory corruptions or other vulnerabilities that aren’t 100% deterministic, this chain is fully reliable which I think is cool ;). It runs on MacOS < 10.15.5

Secure your business.
Take the right step today.

You want to improve a products, or organizations security dramatically? Contact us for a consultation on a pentest!