Toner Deaf – Printing your next persistence (Hexacon 2022)

On Friday 14th of October 2022 Alex Plaskett (@alexjplaskett) and Cedric Halbronn (@saidelike) presented Toner Deaf - Printing your next persistence at Hexacon 2022. This talk demonstrated remote over the network exploitation of a Lexmark printer and persistence across both firmware updates and reboots. The video from this talk is now available here: https://www.youtube.com/watch?v=TUHcZptN6Jk The … Continue reading Toner Deaf – Printing your next persistence (Hexacon 2022)

NCC Con Europe 2022 – Pwn2Own Austin Presentations

Cedric Halbronn, Aaron Adams, Alex Plaskett and Catalin Visinescu presented two talks at NCC Con Europe 2022. NCC Con is NCC Group's annual private internal conference for employees. We have decided to publish these 2 internal presentations as it is expected that the wider security community could benefit from understanding both the approach and methodology … Continue reading NCC Con Europe 2022 – Pwn2Own Austin Presentations

Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)

This blog post describes an unchecked return value vulnerability found and exploited in September 2021 by Alex Plaskett, Cedric Halbronn and Aaron Adams working at the Exploit Development Group (EDG) of NCC Group. We successfully exploited it at Pwn2Own 2021 competition in November 2021 when targeting the Western Digital PR4100.