D_K @D_K_Dev - Twitter Profile

5 months ago

Drones are hot - their security is not. Here is how removed the NAND, dumped firmware, and reverse-engineered ECC on a consumer drone. Stay tuned for part 2! https://t.co/QzfcR2HEyC

2

20

14

6

1K

Who to follow

We secure software with deep-dive audits, cutting-edge research, and in-depth trainings. Secure your solana program with Riverguard @ https://t.co/VmxVHzx2U2 🏞️💂

r0bre | Accretion.xyz

@r0bre

solana security officer | ceo & chief solana auditor @accretion_xyz | @hackhackai | dm for audits

CSCG

@C_S_C_G

Finding Security Talents and helping them grow. Impressum / imprint: https://t.co/hfaPGc9Y44

D_K_Dev retweeted

TrendAI Zero Day Initiative

7 months ago

Another amazing #Pwn2Own in the books! 💪 Our team pulled off some great hacks: 🖨️ HP Printer — $20K / 2 MoP 🏠 Home Assistant — $15K / 3 MoP 🔌 Smart Plug — $20K / 2 MoP 📸 Canon — $10K / 2 MoP Total: $65K / 9 MoP So proud of what we achieved together! 🧠⚡

Neodyme's tweet photo. Another amazing #Pwn2Own in the books! 💪
Our team pulled off some great hacks:
🖨️ HP Printer — $20K / 2 MoP
🏠 Home Assistant — $15K / 3 MoP
🔌 Smart Plug — $20K / 2 MoP
📸 Canon — $10K / 2 MoP
Total: $65K / 9 MoP
So proud of what we achieved together! 🧠⚡ https://t.co/1YZQSWvNnI

3

24

3

2

2K

D_K_Dev retweeted

@thezdi

7 months ago

Success! We had a little configuration confusion, but Team Neodyme (@Neodyme) hopped for joy as their exploit of the Amazon Smart Plug was successful. Their attack went over Bluetooth & WiFI, so they used the RF enclosure. They head off to the disclosure room with details. #Pwn2Own

0

13

4

1

5K

D_K_Dev retweeted

Deutsche Hacking Meisterschaft @DHM_ctf

11 months ago

Would you like to participate in the German Hacking Championship next year? 💻🎉Then, your next chance to qualify is this weekend! Have fun at #enowars, an attack-defense CTF hosted by @ENOFLAG.

0

3

1

0

232

D_K_Dev retweeted

CSCG @C_S_C_G

over 1 year ago

The Cyber Security Challenge Germany 2025 has started! 🎉 The competition runs from March 1 - 18:00 CET to May 1 - 18:00 CEST. We're excited to announce that we are inviting the top 6 DACH players in the EARTH category to the @DHM_ctf! Participate now at: https://t.co/ZZLBE5Rk0Q

0

13

5

1

5K

D_K_Dev retweeted

over 1 year ago

Following our #38c3 talk about exploiting security software for privilege escalation, we're excited to kick off a new blog series! 🎊 Check out our first blog post on our journey to 💥 exploit five reputable security products to gain privileges via COM hijacking: https://t.co/5ne5FBggZl

1

72

22

28

16K

D_K_Dev retweeted

over 1 year ago

ND people are @ #38c3 in Hamburg, Germany. Be sure to check out our two talks about LPEs in AV/EDR Products (Saturday, 4 PM YELL) and a not yet mitigated Bitlocker Flaw! (Saturday, 7:15 PM HUFF)

Neodyme's tweet photo. ND people are @ #38c3 in Hamburg, Germany. Be sure to check out our two talks about LPEs in AV/EDR Products (Saturday, 4 PM YELL) and a not yet mitigated Bitlocker Flaw! (Saturday, 7:15 PM HUFF) https://t.co/lVlqx7Yvaf

1

10

4

1

1K

over 1 year ago

@_h0p5 I used the xgecu t56. I first desoldered the chip and later connected fly wires to read and write in circuit. The only downside to the dumper is the software only runs on windows. But people told me it runs via wine too, but haven't tried it.

0

4

0

158

over 1 year ago

After a great #Pwn2Own with @Neodyme , I would like to share some insights I gained when working with the AeoTec Smart Home Hub. We did not manage to find any bugs in time but dumping the firmware was a great lesson. So, let’s tell you the story of how I approached this target.

1

103

15

43

17K

D_K_Dev retweeted

over 1 year ago

Since we had used a different setup without any administrator account, our official attempt during #Pwn2Own failed. However, @thezdi provided us with a second chance to present our Lexmark exploit and it worked 🖨️🎉

Neodyme's tweet photo. Since we had used a different setup without any administrator account, our official attempt during #Pwn2Own failed. However, @thezdi provided us with a second chance to present our Lexmark exploit and it worked 🖨️🎉

2

26

2

2K

over 1 year ago

@xnyhps @bl4sty So I wanted to make a different capture and found https://t.co/JG5WEP1a7c . Setting this up via a Pi4 did the trick and it started to boot from the flash drive. Still don't know why. The flash alone did not work.

0

2

0

123

over 1 year ago

@xnyhps @bl4sty I also struggled to get it working. I recorded pcaps of the USB connection via a GreatFET to debug what happens. But they looked fine, though they stopped after the first USB packet.

1

0

128

over 1 year ago

Now I could either reflash the emmc chip or use the nice USB-Boot mode of the custom U-Boot ;), though that required pulling Boot0 Pin high and a weird USB Flash drive config.

D_K_Dev's tweet photo. Now I could either reflash the emmc chip or use the nice USB-Boot mode of the custom U-Boot ;), though that required pulling Boot0 Pin high and a weird USB Flash drive config. https://t.co/eNQzlPYLH1

2

8

0

1

996