Alex Plaskett (@alexjplaskett) presented a talk on the 10th of August 2023 at @SysPWN covering vulnerability research for Pwn2Own.
The first section of the talk covered a high-level perspective of the event, personal history, and teams. It then discussed some considerations needing to be made when deciding on target, experiences, and learnings from the competition.
The second section of the talk was divided into vulnerabilities with NCC Group EDG used at the event in 2021 and 2022.
The first category covered was in the Soho Smash-Up which targeted the Ubiquiti EdgeRouter to first obtain code execution via the WAN interface, this was then used to pivot to exploiting a Lexmark printer attached via the LAN interface.
The second category discussed was an exploit used against a Lexmark printer via Printer Job Language (PJL) input to compromise the printer.
The slides for the talk are available here: