Tech Editorials #CVE #Pwn2Own #IoT

Your printer is not your printer ! - Hacking Printers at Pwn2Own Part II

angelboy

2023-11-06

We identified Pre-auth RCE vulnerabilities in Canon printers (CVE-2023-0853, CVE-2023-0854) and also discovered Pre-auth RCE flaws in HP printers, which led to our achievement of the Master of Pwn title at Pwn2Own Toronto 2022. This article will detail the vulnerabilities and exploitation methods for both Canon and HP printers.

Tech Editorials #CVE #Pwn2Own #IoT

Your printer is not your printer ! - Hacking Printers at Pwn2Own Part I

angelboy

2023-10-05

In 2021, we found Pre-auth RCE vulnerabilities(CVE-2022-24673 and CVE-2022-3942) in Canon and HP printers, and vulnerability(CVE-2021-44734) in Lexmark. We used these vulnerabilities to exploit Canon ImageCLASS MF644Cdw, HP Color LaserJet Pro MFP M283fdw and Lexmark MC3224i in Pwn2Own Austin 2021. Following we will describe the details of the Canon and HP vulnerabilities and exploitation.

Tech Editorials #Google

[REL] A Journey Into Hacking Google Search Appliance

2023-07-07

The Google Search Appliance (hereinafter referred to as GSA) is an enterprise search device launched by Google in 2002, used for indexing and retrieving internal or public network information

Tech Editorials #Advisory #CVE #RCE #Exchange #Pwn2Own

A New Attack Surface on MS Exchange Part 4 - ProxyRelay!

orange

2022-10-19

With the prior knowledge in mind, I come up with a simple idea. It’s common to see multiple Exchange Servers in corporate networks for high availability and site resilience. Can we relay the NTLM authentication among Exchange Servers?

Tech Editorials #CVE #BugBounty #Vulnerability

Let's Dance in the Cache - Destabilizing Hash Table on Microsoft IIS

orange

2022-08-18

We have also proved this attack works naturally on Microsoft Exchange Server. By leveraging the default activated Exchange Active Monitoring service, we can enter HealthMailbox's mailbox without passwords!

Tech Editorials #RCE #NAS #IoT #Pwn2Own

Your NAS is not your NAS !

angelboy

2022-03-28

We have successfully found a serious vulnerability in the NAS, and successfully wrote a proof-of-concept, which proved that it can be exploited on many NAS such as Synology, QNAP and Asustor.