Dive into the intricacies of exploiting Lexmark printers' custom PostScript stack in this 49-minute conference talk from Hack In The Box Security Conference. Explore the internals of Lexmark's closed-source 'pagemaker' service, gain an introduction to the PostScript language, and understand the functionality crucial for exploiting discovered vulnerabilities. Learn about the mitigations implemented by the 'pagemaker' service, its sandboxing techniques, and how bugs were identified. Discover how pre-auth remote code execution was achieved using out-of-bounds read and type confusion bugs during the Pwn2Own Toronto 2022 contest. Benefit from the speaker's 20+ years of industry experience in exploit development, including work with the Exploit Development Group at NCC Group, BlackBerry, and Symantec.
Overview
Syllabus
#HITB2023HKT D1T1 - Exploiting The Lexmark PostScript Stack - Aaron Adams
Taught by
Hack In The Box Security Conference
Related Courses
-
New Isn't Always Novel - Finding Basic Vulnerabilities in Enterprise Software
-
Printer Hacking Adventures - Exploiting Network Vulnerabilities
-
Remotely Exploiting the ClamAV Antivirus Engine - CVE-2023-20032 Case Study
-
PWN2OWN Austin 2021 - Phones, Printers, NAS, and More
-
Exploiting the Unexploitable - Advanced JavaScript Vulnerability Chains in Kibana
-
NVMe: New Vulnerabilities Made Easy - Exploiting Cloud Storage Protocols
