YoVDO

Exploiting the Lexmark PostScript Stack

Offered By: Hack In The Box Security Conference via YouTube

Tags

Exploit Development Courses Vulnerability Analysis Courses Sandboxing Courses Bug Hunting Courses Remote Code Execution Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Dive into the intricacies of exploiting Lexmark printers' custom PostScript stack in this 49-minute conference talk from Hack In The Box Security Conference. Explore the internals of Lexmark's closed-source 'pagemaker' service, gain an introduction to the PostScript language, and understand the functionality crucial for exploiting discovered vulnerabilities. Learn about the mitigations implemented by the 'pagemaker' service, its sandboxing techniques, and how bugs were identified. Discover how pre-auth remote code execution was achieved using out-of-bounds read and type confusion bugs during the Pwn2Own Toronto 2022 contest. Benefit from the speaker's 20+ years of industry experience in exploit development, including work with the Exploit Development Group at NCC Group, BlackBerry, and Symantec.

Syllabus

#HITB2023HKT D1T1 - Exploiting The Lexmark PostScript Stack - Aaron Adams


Taught by

Hack In The Box Security Conference

Related Courses

Cloud Application Security
University of Minnesota via Coursera iOS Development: Security
LinkedIn Learning Cybersecurity Awareness: Social Engineering
LinkedIn Learning Ethical Hacking: The Complete Malware Analysis Process
LinkedIn Learning The Windows Sandbox Paradox
nullcon via YouTube