Drift Protocol on Solana just got drained. It's looking like a multisig member compromise -- and the story starts at least a 20 days before the attack. Here's the breakdown:
Drones are hot - their security is not.
Here is how removed the NAND, dumped firmware, and reverse-engineered ECC on a consumer drone. Stay tuned for part 2!
https://t.co/QzfcR2HEyC
I'm giving a talk at @SolanaConf on an interesting side-project we did at @Neodyme.
Every smart contract uses PDAs, but there has never been a materialized view of which program derives which PDA from which seeds.
So we decided to build it.
Stay tuned 👀
Ever ask yourself which protocol is actually the richest on Solana?* Spoiler: DeFiLlama got it wrong.
We’re breaking the real numbers open at @SolanaConf.
📆 Dec 12, 17:10
📍 Lock-in Stage
*by controlled tokens via PDAs
Part 3 of our Riverguard series is out!
We're looking under the hood at the "fuzzcases" Riverguard uses to catch real-world bugs in Solana smart contracts.
Still shocked how often some of these pop up.
Check it out 👉 https://t.co/5WkvxEz0oU
Once again this year, a few colleagues couldn’t resist jumping into the HTB CTF to take on experts from around the world. 💻
A great challenge with a wide range of categories.
The result: 1st place in 🇩🇪 and top 3 in 🇪🇺.
🪝Introducing HyperHook! 🪝
A harnessing framework for snapshot-based #fuzzing using Nyx. ⚒️
HyperHook simplifies guest-to-host communication & automates repetitive tasks, making snapshot-fuzzing easier & more efficient!
🔗 Read more: https://t.co/3p9aL51bsP
Your laptop was stolen. It’s running Windows 11, fully up-to-date, device encryption (BitLocker) and Secure Boot enabled. Your data is safe, right? Think again! This software-only attack grabs your encryption key. Following up on our #38C3 talk: https://t.co/8Wbrhqi0iG
Ever feel like Solana’s consensus isn’t clearly explained? We did too — so we dove deep and broke it all down for you. With code-references for the glass-eaters!
💥When security software itself becomes a target! 💥
Learn how we've uncovered critical vulnerabilities in Wazuh, turning a powerful security tool into an unexpected attack vector.
👉 Read more about the findings: https://t.co/aqWvibltbA
Nice! Team Neodyme (@Neodyme) wasted no time exploiting the HP Color LaserJet Pro MFP 3301fdw printer. They head off to the disclosure room to provide the details. #Pwn2Own#P2OIreland
We have a very talented team working on things other than smart contracts and Blockchains btw, in case anyone wants their infrastructure audited
https://t.co/L8UxGzsWxH
Looking to bulletproof your @Solana smart contracts? 👀
Dive into our latest blog post where we walk you through the easy steps to onboard with our automated vulnerability scanner Riverguard and secure your projects!
Link in replies⬇️