Rick de Jager

Rick and Carlo are part of the Pwn2Own team “PHP Hooligans”. They have competed in five editions of Pwn2Own, exploiting a wide range of targets including routers, printers, and automotive targets. Aside from Pwn2Own, Rick is an avid CTF player, having competed as part of 0rganizers and ICC’s team Europe.

Carlo Meijer

Carlo is a founding partner of the boutique security consultancy firm Midnight Blue and is most known for his research into TETRA, the MIFARE Classic Crypto1 RFID cipher, and the security of self-encrypting drives.

Dialing into the Past: RCE via the Fax Machine – Because Why Not?

In this talk, we’ll show you how we leveraged a printer bug that we found at Pwn2Own Ireland to gain remote code execution. Over its fax interface. You might think, “Who cares about faxes?” – but what if I told you that lurking within this vintage feature is a potential pathway for remote code execution? We’ll walk through the memory corruption that made this possible, how we shaped the heap through an archaic interface, and the unexpected challenges of porting a modern PDF exploit to a decades-old fax protocol—and not to mention the hundreds of hours spent poring over soul-crushing, ancient specifications just to make sense of it all. That’s right, while everyone else is busy patching the latest vulnerabilities in trendy software and half the world is obsessed with cloud security, we’ll be having a blast with tech that should’ve been retired to the attic long ago, exploiting a feature that’s older than some of the attendees!