Learn how two security researchers discovered and exploited a command injection vulnerability in Lexmark printers to win $20,000 at Pwn2Own 2023 in this DEF CON 31 conference talk. Follow their methodical approach to firmware analysis, including both dynamic and static analysis techniques, as they break down how they identified a basic but critical remote code execution vulnerability that affected nearly all Lexmark printer models. Gain practical insights into vulnerability research, understand why common security tools missed this flaw, and explore the released proof-of-concept exploits for both remote code execution and credential dumping. The presentation demonstrates how breaking complex security challenges into manageable milestones can lead to successful outcomes, while also discussing broader lessons about enterprise software security, programming language safety, and the state of application security tools.
New Isn't Always Novel - Finding Basic Vulnerabilities in Enterprise Software
Overview
Syllabus
Intro
What will you gain?
Set "Milestones"
Obtaining the Lexmark Firmware
Dynamic Analysis - General Approach
Dynamic Analysis - Lexmark Approach
Static Analysis - General Approach
Lexmark Static Analysis
Lessons Learned
Security as a Cost Center
Language and Framework Safety
Application Security Tools
Reverse Shell
Dump Credentials
Play Mario Brothers
Taught by
DEFCONConference
