Alex Plaskett (@alexjplaskett) presented a talk on the 10th of August 2023 at @SysPWN covering vulnerability research for Pwn2Own.
The first section of the talk covered a high-level perspective of the event, personal history, and teams. It then discussed some considerations needing to be made when deciding on target, experiences, and learnings from the competition.
The second section of the talk was divided into vulnerabilities with NCC Group EDG used at the event in 2021 and 2022.
The first category covered was in the Soho Smash-Up which targeted the Ubiquiti EdgeRouter to first obtain code execution via the WAN interface, this was then used to pivot to exploiting a Lexmark printer attached via the LAN interface.
The second category discussed was an exploit used against a Lexmark printer via Printer Job Language (PJL) input to compromise the printer.
The slides for the talk are available here:
Here are some related articles you may find interesting
Intel BIOS Advisory – Memory Corruption in HID Drivers
In this post, I will be focusing on two additional BIOS vulnerabilities. The first bug impacts the Bluetooth keyboard driver (HidKbDxe in BluetoothPkg) and the second bug impacts a touch panel driver (I2cTouchPanelDxe in AlderLakePlatSamplePkg).
Building Intuition for Lattice-Based Signatures – Part 1: Trapdoor Signatures
Introduction Since the first lattice-based cryptography results in [Ajtai96], lattices have become a central building block in quantum-resistant cryptosystems. Based on solving systems of linear equations, lattice-based cryptography adds size constraints or error terms to linear systems of equations, turning them into quantum-computer resistant one-way or trapdoor functions. Since the…
Tool Release: Cartographer
Cartographer is a Ghidra plugin that creates a visual "map" of code coverage data, enabling researchers to easily see what parts of a program are executed. It has a wide range of uses, such as better understanding a program, honing in on target functionality, or even discovering unused content in…
View articles by category
如有侵权请联系:admin#unsafe.sh