Matthias Deeg
@matthiasdeeg
Interested in IT and likes to see whether security assumptions in soft-, firm-, or hardware hold true when taking a closer look. 📚author // http://books.deeg.xyz
Colleague of mine just released a cool tool to make #EMBA installations a breeze. It will setup a clean #Kali VM (qemu/VirtualBox) and installs everything. It even setups an easy CLI access to start analyzing right away. @securefirmware github.com/SySS-Research/…
COROS has confirmed a substantial set of security vulnerabilities, impacting not just the watch, but COROS online account as well. These were initially spotted by security researcher @moritz_abrell and I've confirmed they impact all devices. Full details: dcrainmaker.com/2025/06/coros-…
Two blog articles about fault injection vulnerabilities of the nRF54L15 and the stm32l051 released: blog.syss.com/posts/voltage-… blog.syss.com/posts/nrf54-em… Check them out!
A new tech blog article by my colleague @BartimaeusvUruk about an electromagnetic fault injection attack against an nRF54L15 by Nordic Semiconductor is now also online. If you want to know more about EMFI or the security issue SYSS-2025-022 have a look: blog.syss.com/posts/nrf54-em…
Today we published the blog post about the BLE analysis of a COROS PACE3 sports watch: blog.syss.com/posts/bluetoot… #CVE #Vulnerability #BLE #COROS
I'm looking forward to attending No Hat Con for the first time this October and also visiting the beautiful city of Bergamo. Thank you for the invitation and for giving me the opportunity to present my research.
<CFP Update> Our first speaker is @matthiasdeeg with "Your Security Update is Not Secure Enough - Hacking Portable Storage Devices Again'. Welcome on board!
Check out the discovery and analysis of CVE-2025-33073 by my colleagues. A vulnerability with real-world impact. blog.syss.com/posts/kerberos…
As announced yesterday, the blog article by my colleagues Stefan Walter and Daniel Isern with further technical details concerning the Windows SMB security vulnerability CVE-2025-33073 is now published. blog.syss.com/posts/kerberos…
Finally! A solid automotive Ethernet adapter that is build with Linux in mind. No weird drivers and tools required. crowdsupply.com/dissecto/hydra… Thanks @we155_n & @epozzobon
#findus 1.11.0 released: - Added a function to generate two fully configurable pulses with the crowbar stage (arm_double) - This could be used to double-glitch a target - configuration is similar as for the multiplexing method github.com/MKesenheimer/f…
My crosshairs for Windows was updated today. github.com/mdeeg/Fadenkre…
I've also published a new SySS PoC Video demonstrating a voltage glitching attack using the open-source tool chain consisting of the glitching device Pico Glitcher and the fault-injection library findus, both developed by my colleague @BartimaeusvUruk . youtube.com/watch?v=3To4ty…
Today, my new blog article titled "Voltage Glitching with the Pico Glitcher and Findus" was published. You can find it on the SySS Tech Blog: blog.syss.com/posts/voltage-…
New blog post about voltage glitching the Raspberry Pico v2 with a Raspberry Pico v1. How hard could it be? mkesenheimer.github.io/blog/glitching…
Check out our today published CVEs on @AudioCodes Session Border Controller and One Voice Operation Center. Unauthenticated path traversal, hard-coded keys and unauthenticated persistent XSS. syss.de/pentest-blog/m… CVE-2024-52883 CVE-2024-52882 CVE-2024-52884 CVE-2024-52881