DEF CON 31 War Stories - New Isn’t Always Novel Grep Your Way to $20K at Pwn2Own - Horseman, Hanley
About this talk
The year is 2023 and we’re still finding very basic vulnerabilities in enterprise software. In this presentation, we detail how the hacker mindset can be applied to seemingly daunting tasks to make them more approachable. We will show how we approached our first Pwn2Own contest and how we discovered a command injection RCE vulnerability affecting nearly every Lexmark printer. We’ll take a look at why we think it went unnoticed in previous research and why current open-source static analysis tools miss this simple bug. Finally we’ll release the exploit POC and an additional POC to dump credentials during engagements.
Topics covered
Stay Updated
Get notified about new features and conference additions.
