Tweet
New Isn’t Always Novel: Grep’ing Your Way to $20K at Pwn2Own, and How You Can Too
James Horseman, Vulnerability Researcher at Horizon3.ai, He/Him
Zach Hanley, Vulnerability Researcher at Horizon3.ai, He/Him
Tool, Exploit
45 Minutes, Thursday, War Stories @Forum
The year is 2023 and we’re still finding very basic vulnerabilities in enterprise software.
In this presentation, we detail how the hacker mindset can be applied to seemingly daunting tasks to make them more approachable. We will show how we approached our first Pwn2Own contest and how we discovered a command injection RCE vulnerability affecting nearly every Lexmark printer. We’ll take a look at why we think it went unnoticed in previous research and why current open-source static analysis tools miss this simple bug.
Finally we’ll release the exploit POC and an additional POC to dump credentials during engagements.
James Horseman loves low-level systems programming and reverse engineering. Has a history of developing implants and weaponizing n-days. He is a vulnerability researcher and attack engineer at Horizon3.ai. twitter.com/JamesHorseman2
Zach Hanley has been hooked on exploit development and offensive security since introduced to the world of hacking as an On-Net Operator for DoD and IC organizations. He’s since developed implants and exploits for both the government and commercial sector. He currently is a vulnerability researcher and attack engineer for Horizon3.ai.
twitter.com/hacks_zach
REFERENCES:
1. https://research.nccgroup.com/2022/0...rmware-part-1/
2. https://publications.lexmark.com/pub...2023-26068.pdf
3. https://www.zerodayinitiative.com/advisories/upcoming/ (ZDI-CAN-19470)
James Horseman, Vulnerability Researcher at Horizon3.ai, He/Him
Zach Hanley, Vulnerability Researcher at Horizon3.ai, He/Him
Tool, Exploit
45 Minutes, Thursday, War Stories @Forum
The year is 2023 and we’re still finding very basic vulnerabilities in enterprise software.
In this presentation, we detail how the hacker mindset can be applied to seemingly daunting tasks to make them more approachable. We will show how we approached our first Pwn2Own contest and how we discovered a command injection RCE vulnerability affecting nearly every Lexmark printer. We’ll take a look at why we think it went unnoticed in previous research and why current open-source static analysis tools miss this simple bug.
Finally we’ll release the exploit POC and an additional POC to dump credentials during engagements.
James Horseman loves low-level systems programming and reverse engineering. Has a history of developing implants and weaponizing n-days. He is a vulnerability researcher and attack engineer at Horizon3.ai. twitter.com/JamesHorseman2
Zach Hanley has been hooked on exploit development and offensive security since introduced to the world of hacking as an On-Net Operator for DoD and IC organizations. He’s since developed implants and exploits for both the government and commercial sector. He currently is a vulnerability researcher and attack engineer for Horizon3.ai.
twitter.com/hacks_zach
REFERENCES:
1. https://research.nccgroup.com/2022/0...rmware-part-1/
2. https://publications.lexmark.com/pub...2023-26068.pdf
3. https://www.zerodayinitiative.com/advisories/upcoming/ (ZDI-CAN-19470)