85 Photos and videos
Demo video;
youtu.be/dMxekFm1KLw
11 Jul 2023
CVE-2023-29984 : Null pointer dereference vulnerability exists in multiple vendors MFPs and printers which implement Debut web server 1.2 or 1.3. Processing a specially crafted request may lead an affected product to a denial-of-service ... cve.report/CVE-2023-29984
156
Very simple vulnerability I discovered on a large number of printers…. Basically, create a URL request to the printer IP with “�” in it and it crashes/reboots the printer. CVE link and demo video below.
cve.mitre.org/cgi-bin/cvenam…
youtu.be/dMxekFm1KLw
129
At the request of both PSIRT teams I have agreed to delay the release of this exploit until 1st July.
Hey @BrotherOffice @FujifilmUS, I’ve tried contacting your PSIRT teams. I have an very simple DOS exploit for a large number of your printers. I will publicly release it 1st April if I don’t hear back. This is a polite record that I’ve tried to contact you.
251
Hey @BrotherOffice @FujifilmUS, I’ve tried contacting your PSIRT teams. I have an very simple DOS exploit for a large number of your printers. I will publicly release it 1st April if I don’t hear back. This is a polite record that I’ve tried to contact you.
Eventful week, discovered a #ZeroDay vulnerability on many Brother/Fuji Xerox printers that does an unauthenticated DOS (sends them in a constant reboot cycle). How to perform it? Via a simple URL to the printer IP address😬 Contact been made with vendor PSIRT. Watch this space…
1
437
Eventful week, discovered a #ZeroDay vulnerability on many Brother/Fuji Xerox printers that does an unauthenticated DOS (sends them in a constant reboot cycle). How to perform it? Via a simple URL to the printer IP address😬 Contact been made with vendor PSIRT. Watch this space…
1
352
Something I was working on last year.... A script (Python) running on a $50 Raspberry Pi that shows you what users are entering into search engines such as Google. This works by pulling URL logs from a #paloaltonetworks firewall via its API.
youtu.be/i9izpnybRnw
135
If, from a @PaloAltoNtwks firewall, you could get a list of what users have searched on Google and YouTube, do you think that would be:
40%
Useful and interesting
0%
Not of interest
60%
Scary (but cool)
5 votes • Final results
*Incoming* API script to #PaloAltoFirewall to display all Google searches in the last 24 hours. This could throw up some interesting results - ping me if you want to help test...... @PaloAltoNtwks
1
Hmmm, interesting how different apps are programmed with the user-agent field in HTTP traffic. Here, the Evernote app leaks the exact version of Evernote and Windows OS version. Very useful information for an attacker, knowing the attack surface @PaloAltoNtwks #PaloAlto #Hacking
Not sure who needs to hear this but NEVER do SSL decryption on BYODs (mobiles, tablets, etc) that heavily use Apps. #PaloAlto #SSLDecryption #Firewalls @PaloAltoNtwks
1
og150 retweeted
9 Sep 2021
My only interview question about a decade back for my first Network Engineering position was "Do you want to be a network engineer?" That was it.
Prior to that, I helped out the team whenever I was asked. Eventually the work I did opened the doors.
Work hard, get noticed.
3
3
35
og150 retweeted
14 Jul 2021
They completely understand the logic behind it. If you rate limit users, they’re more likely to give you more money for faster speedtest results. Making money at the expense of RF performance is the name of the game for many in the hospitality space.
1
1
7