Security Research
We like to push the boundaries of security: Our team is dedicated to continuously advancing the forefront of research in the realm of hacking. We have presented talks and papers at renowned conferences, participated in top hacking competitions such as DefCon CTF, or Pwn2Own, and have multiple team members pursuing their PhD.
- By revealing the content you are aware that third-parties may collect personal information
Pwn2Own Toronto 2022
At Pwn2Own 2022 in Toronto, we presented an attack combining three different bugs. For our successful exploit in the SOHO category, we got awarded $50k, 10 master of pwn points and -- of course -- a printer. We are happy to share our experiences in hacking in a completely remote team.
- By revealing the content you are aware that third-parties may collect personal information
SPACE Conference 2022
We compare KEMTLS (a proposal for an alternative TLS handshake protocol that avoids authentication through signatures in the TLS handshake) to TLS 1.3 in an embedded setting. Our results show that KEMTLS can reduce handshake time by up to 38%, lower peak memory consumption and can save traffic volume compared to TLS 1.3.
- By revealing the content you are aware that third-parties may collect personal information
Solana Breakpoint
In our talk 'Think Like an Attacker: Bringing Smart Contracts to Their Break(ing) Point', we provide insights into an attacker's mindset, which can guide future smart contract development. The presentation is based on our experience.
Recent Research
Stay up-to-date on our latest research
We continuously publish new research papers, CVE's, and detailed technical blogposts. Keep up to date by following our blog closely! Here's a glimpse of what we've been doing recently:
-
Paper: High-assurance zeroization https://eprint.iacr.org/2023/1713.pdf
-
Blogpost: CS:GO: From Zero to 0-day /blog/csgo_from_zero_to_0day/
-
Paper: KEMTLS vs. Post-Quantum TLS: Performance On Embedded Systems https://eprint.iacr.org/2022/1712.pdf
-
Event: Neodyme successfully participates in Pwn2Own Toronto 2022 https://www.zerodayinitiative.com/blog/2022/12/5/pwn2own-toronto-2022-the-schedule
Disclosure Policy
We take responsible disclosure seriously.
We adhere to an industry-standard 90+30 disclosure policy. This means once we notify the vendor about a security vulnerability, they have 90 days to create a patch and make it available for users. Neodyme will publicly disclose vulnerability details 30 days after the patch has been made available to users. If the vendor does not patch an issue within the initial 90 days, Neodyme reserves the right to publicize details of the vulnerability at the end of the 90-day period. However, the vendor has the option to receive an additional 14 day grace period to release a patch upon request. In such a case, Neodyme will publicize vulnerability details 120 days after the initial disclosure. This policy is inspired by the Google Project Zero disclosure policy.
Secure your business.
Take the right step today.
You like our research and would like to collaborate with us? Contact us today!