conf.directory

DEF CON 31 War Stories - New Isn’t Always Novel Grep Your Way to $20K at Pwn2Own - Horseman, Hanley

Horseman, HanleyDEF CON
37:04
0 views
Published September 14, 2023

About this talk

The year is 2023 and we’re still finding very basic vulnerabilities in enterprise software. In this presentation, we detail how the hacker mindset can be applied to seemingly daunting tasks to make them more approachable. We will show how we approached our first Pwn2Own contest and how we discovered a command injection RCE vulnerability affecting nearly every Lexmark printer. We’ll take a look at why we think it went unnoticed in previous research and why current open-source static analysis tools miss this simple bug. Finally we’ll release the exploit POC and an additional POC to dump credentials during engagements.

Topics covered

Command Injection
Open Source Vulnerability Management
Static Analysis Tools
Exploit POC
Credential Dumping

Stay Updated

Get notified about new features and conference additions.

Related Talks

The Art of Code - Dylan Beattie
01:00:49

The Art of Code - Dylan Beattie

Dylan Beattie
NDC Conferences
4,796,409 views
February 26 2020
Watch Now
What the heck is the event loop anyway? | Philip Roberts | JSConf EU
26:53

What the heck is the event loop anyway? | Philip Roberts | JSConf EU

Philip Roberts
JSConf EU
3,551,387 views
October 9 2014
Watch Now
Expert Talk: DevOps & Software Architecture • Simon Brown, Dave Farley & Hannes Lowette • GOTO 2021
39:51

Expert Talk: DevOps & Software Architecture • Simon Brown, Dave Farley & Hannes Lowette • GOTO 2021

Simon Brown, Dave Farley & Hannes Lowette
GOTO Conferences
3,109,641 views
February 15 2022
Watch Now
DEF CON 31 War Stories - New Isn’t Always Novel Grep Your Way to $20K at Pwn2Own - Horseman, Hanley by Horseman, Hanley | conf.directory | conf.directory