Abstract
This talk will take a deep dive into what makes the printers in your office tick. Networked printers are an often overlooked entry- and pivot point into (corporate) networks. Under the hood, they run either Linux or proprietary real-time operating systems. How do you get access to the firmware code running on these printers? How do you debug closed and undocumented platforms like this?
We will detail three different exploit chains for various printers:
CANON ImageCLASS - memory corruption exploit(s) leading to a full compromise of the printer.
Lexmark - a chain of logic bugs leading to arbitrary code execution and full compromise of the printer.
These exploit(s) were submitted as part of the annual Pwn2Own competition. We will drill down the various bugs and show how they can be exploited.
Download Presentation: berlin2024.nullcon.net/berlin...
#NetworkSecurity #FirmwareExploits #Pwn2Own #cybersecurity
Know more - nullcon.net/berlin-2024/speak...
-----------------
Follow Nullcon on Facebook: / nullcon
X: / nullcon
LinkedIn: / posts
Website: nullcon.net/
7 май 2024
